dfb13547198077f567b41b9e227771f89adf43a5ff41a608b19397461b5ba49aN

Sharing

Copy URL Twitter E-mail

General

Target

dfb13547198077f567b41b9e227771f89adf43a5ff41a608b19397461b5ba49aN
Size

3.9MB
MD5

4655cf186682473b75e093b903f0df10
SHA1

f965fc193aae05b4be9e9727955254afa80dbd22
SHA256

dfb13547198077f567b41b9e227771f89adf43a5ff41a608b19397461b5ba49a
SHA512

d64fcda2828595bb7c96a1f7482bba6321609eec98dc7feef42fe04c54b9885e2794bde6e6e5c5781b460cf4fef9314d917b3777f61d84e04fab4127968178b9
SSDEEP

3072:zua2EFRdSVm0/sy5oaj1tTRDZje88ot8P/HS2Y1T3sz+YMla2mJ:ia2EvdSVay5/TRc8W6pAiYMAJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfb13547198077f567b41b9e227771f89adf43a5ff41a608b19397461b5ba49aN

Files

dfb13547198077f567b41b9e227771f89adf43a5ff41a608b19397461b5ba49aN
.dll windows:4 windows x86 arch:x86

0bac4bf16b58b8729b9a42676e925513

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnlockFile
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesA
GetFileSize
GetFileTime
LockFile
SetEndOfFile
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
RaiseException
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
CreateThread
ExitThread
HeapAlloc
SetStdHandle
GetFileType
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
GetCPInfo
GetOEMCP
SetFilePointer
FlushFileBuffers
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
SystemTimeToFileTime
CompareFileTime
Sleep
lstrlenA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetModuleHandleA
SetLastError
WritePrivateProfileStringA
GlobalFlags
GetVersion
LCMapStringA
lstrcpynA
GetProcAddress
InitializeCriticalSection
lstrcatA
lstrcpyA
FreeLibrary
LocalReAlloc
SetErrorMode
TlsGetValue
TlsFree
TlsSetValue
GlobalReAlloc
LocalAlloc
GlobalHandle
TlsAlloc
MultiByteToWideChar
LocalFree
InterlockedIncrement
WideCharToMultiByte
InterlockedDecrement
ResumeThread
SuspendThread
SetThreadPriority
GlobalDeleteAtom
GetModuleFileNameA
GlobalAlloc
GetCurrentThread
lstrcmpA
lstrcmpiA
ReleaseSemaphore
GetCurrentThreadId
GetLocalTime
GlobalUnlock
GlobalFree
GlobalLock
CreateEventA
GetExitCodeThread
TerminateThread
WaitForSingleObject
CloseHandle
SetEvent
LCMapStringW
ResetEvent
SetUnhandledExceptionFilter
LoadLibraryA

user32

SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
RegisterWindowMessageA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
CharUpperA
DestroyMenu
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
SystemParametersInfoA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetClassNameA

gdi32

DeleteObject
SaveDC
RestoreDC
GetStockObject
SelectObject
SetBkColor
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
CreateBitmap
DeleteDC

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

comctl32

ord17

Exports

Exports

EwCancelCallback
EwClose
EwControl
EwDirectIO
EwGetBidFile
EwGetPortStatus
EwGetSendCmdSize
EwOpen
EwQueryRegValue
EwRead
EwReceive
EwReceiveRealtime
EwRegisterCallback
EwSend
EwSetData
EwSetMode
EwSetRegValue
EwSetSendDataFile
EwWrite

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0bac4bf16b58b8729b9a42676e925513

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 12KB - Virtual size: 11KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

Size: 60KB - Virtual size: 60KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 12KB - Virtual size: 11KB

.rmnet
Size: 60KB - Virtual size: 60KB