fc0ec20ad70a023ba3973fafc2176f1d4d3be697f8cf68fd0e06b69e46e7dad8N

Sharing

Copy URL

Twitter E-mail

General

Target

fc0ec20ad70a023ba3973fafc2176f1d4d3be697f8cf68fd0e06b69e46e7dad8N
Size

920KB
MD5

393c0a0c1769a41ca8e10588d74fe000
SHA1

cbea5f3d405c0259c11459762f315c6d0254b216
SHA256

fc0ec20ad70a023ba3973fafc2176f1d4d3be697f8cf68fd0e06b69e46e7dad8
SHA512

341a4851d5acd138abdd832cb1e8186dce457e27da3c4064ff12d04ef481dc01db61eef94684213377430d159bfe8ad7d1763b401e4d4acd435213f9f78d6d31
SSDEEP

24576:l14eIr4WzV9S50r716GaHfSCPdo9GnwRT+:l1TIr489S5c71N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc0ec20ad70a023ba3973fafc2176f1d4d3be697f8cf68fd0e06b69e46e7dad8N

Files

fc0ec20ad70a023ba3973fafc2176f1d4d3be697f8cf68fd0e06b69e46e7dad8N
.exe windows:4 windows x86 arch:x86

8d132422550fe4684507183e30622163

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
connect
socket
inet_ntoa
gethostbyname
recv
WSAStartup
WSACleanup
gethostbyaddr
inet_addr
closesocket
WSCEnumProtocols
WSCDeinstallProvider
htons
WSCInstallProvider
getservbyname

nl_msgs

?CreateNLMsgServer@@YAPAVINLMsgServer@@XZ

rpcrt4

UuidEqual
UuidCreate
RpcStringFreeA

shfolder

SHGetFolderPathA

kernel32

WritePrivateProfileStringA
GetPrivateProfileStringA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetCurrentDirectoryA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetPrivateProfileIntA
ExitProcess
ExitThread
CreateThread
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetFileTime
GetFileAttributesA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpA
InterlockedDecrement
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
LocalAlloc
FreeLibrary
GetVolumeInformationA
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CreateProcessA
CreateDirectoryA
SetFileAttributesA
CopyFileA
SetFilePointer
ReadFile
DeleteFileA
Sleep
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetFullPathNameA
FormatMessageA
LocalFree
FindFirstFileA
FindNextFileA
FindClose
GetComputerNameA
GetProcessTimes
GetFileInformationByHandle
InterlockedIncrement
ReleaseSemaphore
InterlockedExchangeAdd
CreateMutexA
CreateSemaphoreA
WaitForMultipleObjects
CreateFileA
WriteFile
GetNumberFormatA
FileTimeToLocalFileTime
GetSystemTime
lstrcpyA
GetCurrentProcess
DuplicateHandle
OpenProcess
CreateEventA
GetTickCount
GetExitCodeProcess
SetEvent
WaitForSingleObject
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatA
SystemTimeToFileTime
GetLocalTime
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDateFormatA
SetThreadPriority
ResumeThread
GetStringTypeExA
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
RtlUnwind

user32

GetNextDlgGroupItem
GetDCEx
LockWindowUpdate
DeleteMenu
RegisterClipboardFormatA
PostThreadMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
CharNextA
wsprintfA
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
ScrollWindowEx
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
SetScrollPos
GetScrollPos
AdjustWindowRectEx
EqualRect
DeferWindowPos
MessageBeep
SetScrollInfo
GetClassInfoA
GetMenuItemInfoA
SetWindowPlacement
GetDlgCtrlID
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
DrawIconEx
IsIconic
OpenIcon
CloseWindow
BringWindowToTop
SetMenuItemInfoA
EnableMenuItem
ReleaseCapture
DefWindowProcA
FrameRect
SetCapture
PeekMessageA
PostQuitMessage
SetCursor
AppendMenuA
CreateWindowExA
TrackMouseEvent
InflateRect
GetMenu
ShowScrollBar
EnableScrollBar
FillRect
GetSysColor
GetParent
ScreenToClient
UpdateWindow
CreatePopupMenu
SetRect
GetForegroundWindow
IsWindow
GetCursorPos
LoadImageA
DestroyIcon
GetSystemMetrics
GetWindowRect
SetForegroundWindow
SetParent
IsWindowVisible
SetMenu
LoadMenuA
DestroyCursor
SetCursorPos
IsZoomed
DestroyMenu
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
SetRectEmpty
GetSubMenu
PtInRect
CopyRect
wvsprintfA
MessageBoxA
EnumWindows
GetWindowLongA
GetWindowThreadProcessId
GetWindowTextA
LoadBitmapA
SetWindowLongA
CallWindowProcA
GetClassNameA
GetKeyState
PostMessageA
KillTimer
InvalidateRgn
CopyAcceleratorTableA
GetSysColorBrush
SetWindowRgn
DrawIcon
IsRectEmpty
FindWindowA
GetScrollInfo
ShowOwnedPopups
SetTimer
SendMessageA
GetClientRect
GetDesktopWindow
RedrawWindow
InvalidateRect
EnableWindow
LoadCursorA
RegisterWindowMessageA
UnregisterClassA
CharUpperA
WaitMessage
TranslateAcceleratorA
WindowFromPoint
RegisterClassA
GetMessageA
GetScrollRange
GetWindowDC

gdi32

ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetBkColor
GetTextColor
PatBlt
SetRectRgn
CombineRgn
GetMapMode
StretchDIBits
GetCharWidthA
CreateEllipticRgn
Ellipse
GetRgnBox
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
GetTextExtentPoint32A
DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA
BitBlt
LPtoDP
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
DPtoLP
CreateSolidBrush
Rectangle
SelectObject
CreateFontA
CreatePen
SetROP2
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetTextMetricsA
CreateRectRgn

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
AdjustTokenPrivileges
RegQueryValueA

shell32

SHGetFileInfoA
DragQueryFileA
DragFinish
SHGetPathFromIDListA
Shell_NotifyIconA
ShellExecuteA
SHBrowseForFolderA

comctl32

ImageList_GetImageCount
ImageList_AddMasked
ImageList_Remove
ImageList_Draw
ImageList_SetBkColor
ImageList_ReplaceIcon
ord17
ImageList_Destroy
ImageList_Create
ImageList_GetImageInfo

shlwapi

PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathIsDirectoryA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries

oleaut32

SysAllocStringLen
SystemTimeToVariantTime
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
VariantCopy
VariantInit
SysAllocStringByteLen
SysStringLen
VariantChangeType
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
SysAllocString
VariantClear
OleCreateFontIndirect
SysFreeString

urlmon

HlinkNavigateString

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetOpenUrlA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetSetOptionExA

sporder

WSCWriteProviderOrder

Sections

.text
Size: 472KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

1�
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8d132422550fe4684507183e30622163

Headers

File Characteristics

Imports

ws2_32

nl_msgs

rpcrt4

shfolder

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

wininet

sporder

Sections

.text Size: 472KB - Virtual size: 470KB

.rdata Size: 140KB - Virtual size: 137KB

.data Size: 72KB - Virtual size: 106KB

.rsrc Size: 148KB - Virtual size: 145KB

1� Size: 84KB - Virtual size: 84KB

.text
Size: 472KB - Virtual size: 470KB

.rdata
Size: 140KB - Virtual size: 137KB

.data
Size: 72KB - Virtual size: 106KB

.rsrc
Size: 148KB - Virtual size: 145KB

1�
Size: 84KB - Virtual size: 84KB