b2d659ecaaa662f6366cbbef01ea76506632a95d169e6d06dca7fd6452608c94

Sharing

Copy URL

Twitter E-mail

General

Target

b2d659ecaaa662f6366cbbef01ea76506632a95d169e6d06dca7fd6452608c94
Size

4.5MB
MD5

fa31a70b20d5d1666ddd40cf3305e334
SHA1

530a9bc75d351810f8e4690a7041339ce255bbe0
SHA256

b2d659ecaaa662f6366cbbef01ea76506632a95d169e6d06dca7fd6452608c94
SHA512

5cfe701112133127ac73a302ac9a1ce3f1f6da42d60fffed1007f9931cb47bcd6d0d5557a25faaecf1c692d1f70916cc6c1136619703f9c71c171663377b9fa0
SSDEEP

49152:1z6XIrSYssIOfbCcWYLdNBpQkdmTlrg12d8xfMHFnJgxy5CVB0cEWxPZ/xHdbrsi:1+Pc2Q2d6Ml6xBB0nWxPZDuJWP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2d659ecaaa662f6366cbbef01ea76506632a95d169e6d06dca7fd6452608c94

Files

b2d659ecaaa662f6366cbbef01ea76506632a95d169e6d06dca7fd6452608c94
.exe windows:6 windows x64 arch:x64

79120648ec091996f85d3334f39ef301

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
ReadConsoleW
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
WriteConsoleW
GetModuleFileNameA
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
LCMapStringW
GetStringTypeW
OutputDebugStringW
GetStartupInfoW
ExitProcess
IsDebuggerPresent
GetProcAddress
LoadLibraryA
CloseHandle
CreateThread
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
GetModuleHandleW
LoadLibraryW
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcess
GetLastError
LocalFree
FormatMessageA
CreateFileW
WriteFile
DuplicateHandle
SetEvent
CreateEventW
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
OutputDebugStringA
SetLastError
FreeResource
GetModuleFileNameW
GetModuleHandleExW
GlobalLock
GlobalUnlock
GlobalFree
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
WaitForSingleObject
GetCurrentThreadId
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
GetVersionExW
LoadLibraryExW
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpW
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
GetCurrentProcessId
GlobalSize
MulDiv
FormatMessageW
CopyFileW
EncodePointer
GetSystemDirectoryW
GlobalFindAtomW
InitializeCriticalSectionAndSpinCount
GlobalFlags
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
DeleteFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetShortPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
lstrcmpiW
MoveFileW
GetStringTypeExW
GetThreadLocale
GlobalGetAtomNameW
GetAtomNameW
FileTimeToSystemTime
SystemTimeToFileTime
VirtualProtect
GetWindowsDirectoryW
lstrcpyW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
SystemTimeToTzSpecificLocalTime
GetTickCount
FindResourceExW
VerSetConditionMask
VerifyVersionInfoW
GetTempFileNameW
GetTempPathW
GetProfileIntW
SearchPathW
Sleep
GetDiskFreeSpaceW
ReplaceFileW
GetUserDefaultLCID
LocalLock
LocalUnlock
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
FreeLibrary

user32

MessageBeep
GetNextDlgGroupItem
IsRectEmpty
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
CharUpperW
DestroyIcon
InvalidateRect
KillTimer
SetTimer
DeleteMenu
CopyImage
GetDialogBaseUnits
OffsetRect
SetRectEmpty
SendDlgItemMessageA
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
GetAsyncKeyState
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
GetKeyNameTextW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
SystemParametersInfoW
InflateRect
CopyRect
GetMenuItemInfoW
DestroyMenu
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongPtrW
SendMessageW
PostMessageW
IsIconic
EnableWindow
GetSystemMetrics
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
UnhookWindowsHookEx
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
MapDialogRect
GetWindow
CreatePopupMenu
GetMenuDefaultItem
TrackMouseEvent
LoadImageW
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetScrollPos
MapVirtualKeyW
GetSystemMenu
AppendMenuW
DrawIcon
GetClientRect
LoadIconW
UnregisterClassW
GetFocus
CheckMenuItem
IsZoomed
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetParent
LoadBitmapW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongW
GetDesktopWindow
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
PostQuitMessage
ShowOwnedPopups
SetCursor
MessageBoxW
GetWindowThreadProcessId
GetLastActivePopup
SetWindowPos
SetWindowContextHelpId
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
GetTabbedTextExtentW
DestroyCursor
GetWindowRgn
WindowFromDC
CreateMenu
InSendMessage
SendNotifyMessageW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnumChildWindows
GetDCEx
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
PostThreadMessageW
UnionRect
FrameRect
CopyIcon
SetCursorPos
CreateWindowExW

gdi32

GetTextFaceW
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
CreateMetaFileW
CloseMetaFile
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetCurrentObject
OffsetRgn
Rectangle
StretchDIBits
GetCharWidthW
CreateFontW
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetDIBits
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
CreateCompatibleBitmap
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CombineRgn
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolylineTo
PolyBezierTo
ExtTextOutW
TextOutW
MoveToEx
GetObjectW
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocW
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
PlayMetaFileRecord
SetTextJustification
SetTextAlign
SetTextColor
SetTextCharacterExtra
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateBitmap

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
GetJobW
OpenPrinterW

advapi32

SystemFunction036
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegSetValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
ExtractIconW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteW
ShellExecuteExW
SHAppBarMessage
SHAddToRecentDocs
SHGetMalloc
DragFinish
DragQueryFileW

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFindExtensionW
PathRemoveFileSpecW

uxtheme

GetThemePartSize
GetThemeSysColor
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor

ole32

CoRevokeClassObject
CoRegisterClassObject
OleSetClipboard
OleFlushClipboard
OleQueryCreateFromData
OleQueryLinkFromData
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
PropVariantCopy
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
WriteClassStm
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleCreate
OleCreateFromData
OleRun
CoInitializeEx
StringFromGUID2
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc

oleaut32

OleCreateFontIndirect
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
VariantChangeType
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SafeArrayGetUBound
SysAllocString

oledlg

OleUIBusyW

ws2_32

WSAStartup
gethostbyaddr
socket
recvfrom
htons
htonl
closesocket
bind
WSACleanup

ntdll

NtQueryInformationWorkerFactory
NtSetInformationWorkerFactory
TpAllocJobNotification
ZwSetIoCompletion
RtlAdjustPrivilege
NtQueryObject
NtQueryInformationProcess
RtlNtStatusToDosError

wininet

InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageI
GdiplusShutdown
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromFileICM

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79120648ec091996f85d3334f39ef301

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

ws2_32

ntdll

wininet

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 48KB - Virtual size: 97KB

.pdata Size: 180KB - Virtual size: 180KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 81KB - Virtual size: 80KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 48KB - Virtual size: 97KB

.pdata
Size: 180KB - Virtual size: 180KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 81KB - Virtual size: 80KB