5a364295c347be6184cb9ece8ea6183799a12c3ea2ae4699ad496f858f8261d5

Sharing

Copy URL

Twitter E-mail

General

Target

5a364295c347be6184cb9ece8ea6183799a12c3ea2ae4699ad496f858f8261d5
Size

1.7MB
MD5

dcb3678d9d5b8641151036a87161367b
SHA1

8951b9eb0b6c0c6269452b17c4648c7d5fc5f5de
SHA256

5a364295c347be6184cb9ece8ea6183799a12c3ea2ae4699ad496f858f8261d5
SHA512

b90798eb7b1c3aeacb23910f0ddd5a2910b18fe70592da80bfcfd0ac37727e174ea0b6884232b71696f3ce3b816fecde4a80b4767afa4ad7705a861e97ac4b37
SSDEEP

24576:Q8swWE8efdHDjp12OtLW4Zuoq9YvFBiXgA2Tg9An:Ew58e1HX3jWOy6wXgA2Tg9An

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a364295c347be6184cb9ece8ea6183799a12c3ea2ae4699ad496f858f8261d5

Files

5a364295c347be6184cb9ece8ea6183799a12c3ea2ae4699ad496f858f8261d5
.dll windows:4 windows x86 arch:x86

e7501835094f324f39b8dd36483e94a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegOpenKeyA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW

gdi32

BitBlt
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtSelectClipRgn
ExtTextOutW
FillRgn
FrameRgn
GdiAlphaBlend
GdiGetCharDimensions
GdiGetCodePage
GetBkColor
GetBkMode
GetCharABCWidthsW
GetCharWidthInfo
GetCharWidthW
GetClipBox
GetClipRgn
GetCurrentObject
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetLayout
GetNearestColor
GetObjectType
GetObjectW
GetPixel
GetStockObject
GetTextCharsetInfo
GetTextColor
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextExtentPointW
GetTextMetricsW
IntersectClipRect
LineTo
MoveToEx
OffsetWindowOrgEx
PatBlt
PlayEnhMetaFile
PolyPolyline
Polygon
RectVisible
Rectangle
ScriptBreak
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringOut
ScriptStringXtoCP
ScriptString_pSize
ScriptString_pcOutChars
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetDIBColorTable
SetDIBits
SetPixel
SetPolyFillMode
SetRectRgn
SetTextAlign
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
StretchDIBits
TextOutW

imm32

ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow

kernel32

DelayLoadFailureHook
FindResourceA
GetModuleHandleW
GlobalAddAtomW
GlobalDeleteAtom
GlobalLock
GlobalUnlock
IsBadCodePtr
IsBadStringPtrA
IsBadStringPtrW
IsBadWritePtr
LocalSize
RaiseException
ResolveDelayLoadedAPI
RtlUnwind

kernelbase

CloseHandle
CompareFileTime
CompareStringA
CompareStringW
CreateEventW
CreateThread
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FreeResource
GetDateFormatW
GetDriveTypeW
GetLocalTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSectionEx
IsValidLocale
LeaveCriticalSection
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalLock
LocalReAlloc
LocalUnlock
LockResource
MulDiv
MultiByteToWideChar
SetEvent
SizeofResource
StrCmpIW
StrCmpNIW
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
lstrcmpW
lstrcmpiW

ntdll

_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
_assert
_strdup
_wcsdup
_wcsicmp
_wcsnicmp
floor
free
fwrite
getenv
isprint
iswalnum
memcmp
memcpy
memmove
memset
qsort
strcat
strchr
strcmp
strcpy
strcspn
strlen
wcschr
wcsncmp
wcsrchr
wcsstr
wcstol

user32

AdjustWindowRect
AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
BeginPaint
CallWindowProcA
CallWindowProcW
CharLowerBuffW
CharLowerW
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CopyRect
CreateCaret
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateIconIndirect
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxIndirectParamW
DialogBoxParamW
DispatchMessageW
DragDetect
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawStateW
DrawTextA
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumChildWindows
FillRect
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDoubleClickTime
GetDpiForWindow
GetFocus
GetIconInfo
GetKeyNameTextW
GetKeyState
GetMenuState
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoW
GetNextDlgGroupItem
GetNextDlgTabItem
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongW
GetWindowRect
GetWindowRgn
GetWindowTextA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
InternalGetWindowText
IntersectRect
InvalidateRect
InvalidateRgn
InvertRect
IsChild
IsClipboardFormatAvailable
IsDialogMessageW
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
KillSystemTimer
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageA
LoadImageW
LoadMenuA
LoadStringW
MapDialogRect
MapVirtualKeyW
MapWindowPoints
MonitorFromRect
MonitorFromWindow
MoveWindow
NotifyWinEvent
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
ScrollWindow
ScrollWindowEx
SendDlgItemMessageW
SendMessageA
SendMessageW
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetFocus
SetParent
SetPropW
SetScrollInfo
SetScrollPos
SetScrollRange
SetSystemTimer
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowTextW
ShowCaret
ShowScrollBar
ShowWindow
SubtractRect
SystemParametersInfoW
TabbedTextOutW
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnionRect
UnregisterClassA
UnregisterClassW
UpdateWindow
WindowFromPoint
wsprintfW

Exports

Exports

AddMRUStringW
CreateMRUListW
CreateMappedBitmap
CreatePropertySheetPage
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
CreateStatusWindowA
CreateStatusWindowW
CreateToolbar
CreateToolbarEx
CreateUpDownControl
DPA_Clone
DPA_Create
DPA_CreateEx
DPA_DeleteAllPtrs
DPA_DeletePtr
DPA_Destroy
DPA_DestroyCallback
DPA_EnumCallback
DPA_GetPtr
DPA_GetPtrIndex
DPA_GetSize
DPA_Grow
DPA_InsertPtr
DPA_Search
DPA_SetPtr
DPA_Sort
DSA_Clone
DSA_Create
DSA_DeleteAllItems
DSA_DeleteItem
DSA_Destroy
DSA_DestroyCallback
DSA_EnumCallback
DSA_GetItem
DSA_GetItemPtr
DSA_GetSize
DSA_InsertItem
DSA_SetItem
DefSubclassProc
DestroyPropertySheetPage
DllGetVersion
DllInstall
DrawInsert
DrawShadowText
DrawStatusText
DrawStatusTextA
DrawStatusTextW
EnumMRUListW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
GetEffectiveClientRect
GetMUILanguage
GetWindowSubclass
HIMAGELIST_QueryInterface
ImageList_Add
ImageList_AddIcon
ImageList_AddMasked
ImageList_BeginDrag
ImageList_CoCreateInstance
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Duplicate
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetFlags
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetFlags
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ImageList_WriteEx
InitCommonControls
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
LBItemFromPt
LoadIconMetric
LoadIconWithScaleDown
MakeDragList
MenuHelp
PropertySheet
PropertySheetA
PropertySheetW
RegisterClassNameW
RemoveWindowSubclass
SetWindowSubclass
ShowHideMenuCtl
TaskDialog
TaskDialogIndirect
UninitializeFlatSB
_TrackMouseEvent

Sections

.text
Size: 768KB - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 4KB - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 4KB - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7501835094f324f39b8dd36483e94a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

gdi32

imm32

kernel32

kernelbase

ntdll

ucrtbase

user32

Exports

Exports

Sections

.text Size: 768KB - Virtual size: 767KB

.data Size: 4KB - Virtual size: 868B

.rodata Size: 4KB - Virtual size: 1KB

.rdata Size: 128KB - Virtual size: 127KB

.buildid Size: 4KB - Virtual size: 53B

/4 Size: 72KB - Virtual size: 69KB

.bss Size: - Virtual size: 5KB

.edata Size: 8KB - Virtual size: 5KB

.idata Size: 16KB - Virtual size: 12KB

.rsrc Size: 324KB - Virtual size: 323KB

.reloc Size: 44KB - Virtual size: 43KB

/14 Size: 4KB - Virtual size: 32B

/29 Size: 4KB - Virtual size: 36B

/41 Size: 4KB - Virtual size: 20B

/55 Size: 4KB - Virtual size: 88B

/67 Size: 4KB - Virtual size: 56B

/80 Size: 4KB - Virtual size: 161B

/91 Size: 4KB - Virtual size: 158B

.text
Size: 768KB - Virtual size: 767KB

.data
Size: 4KB - Virtual size: 868B

.rodata
Size: 4KB - Virtual size: 1KB

.rdata
Size: 128KB - Virtual size: 127KB

.buildid
Size: 4KB - Virtual size: 53B

/4
Size: 72KB - Virtual size: 69KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 8KB - Virtual size: 5KB

.idata
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 324KB - Virtual size: 323KB

.reloc
Size: 44KB - Virtual size: 43KB

/14
Size: 4KB - Virtual size: 32B

/29
Size: 4KB - Virtual size: 36B

/41
Size: 4KB - Virtual size: 20B

/55
Size: 4KB - Virtual size: 88B

/67
Size: 4KB - Virtual size: 56B

/80
Size: 4KB - Virtual size: 161B

/91
Size: 4KB - Virtual size: 158B