2e0fc4e865b9808ca81b5580652d2d8458b21f3b885cf769d187c9d5900d7ef5

Sharing

Copy URL

Twitter E-mail

General

Target

2e0fc4e865b9808ca81b5580652d2d8458b21f3b885cf769d187c9d5900d7ef5
Size

509KB
MD5

1cec6568631ff2c844364c6215dcfa34
SHA1

44c600d8ec9ef49aee0bf293cb540bfda36748ed
SHA256

2e0fc4e865b9808ca81b5580652d2d8458b21f3b885cf769d187c9d5900d7ef5
SHA512

739377e446136dbcb6aafbd599e3ee6e60f3a9dca063c0c0e322ee0f1fc88e543aace372df1bc4d8c4dece2b6a430ccf089a949b44bcb2b3686c2d54da563a3c
SSDEEP

12288:dGzPU7pHSr5wN7c7H/o1s7FwqDmf8l0RoDpI2+4lVR0:aU7qMo7gRqKf8lyoDhR0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/743b326837476d30964895f816eb2d934ff0158dfad0c6cc8566d2e7e85c10dc

Files

2e0fc4e865b9808ca81b5580652d2d8458b21f3b885cf769d187c9d5900d7ef5
.zip .ps1 polyglot
743b326837476d30964895f816eb2d934ff0158dfad0c6cc8566d2e7e85c10dc
.dll regsvr32 windows:4 windows x86 arch:x86

9badaad62eb33fda5f7865ab87b9ed61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
GetProcessHeap
ExitThread
CreateThread
HeapSize
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
Sleep
GetACP
GetConsoleCP
GetConsoleMode
HeapAlloc
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetTickCount
GetFileTime
GetFileAttributesA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetErrorMode
SystemTimeToFileTime
FileTimeToSystemTime
GetAtomNameA
GetOEMCP
GetCPInfo
CreateFileA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GlobalFlags
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
FreeResource
GetCurrentProcessId
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GlobalDeleteAtom
GlobalFree
CopyFileA
FormatMessageA
LocalFree
MulDiv
SetLastError
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindNextFileA
FindClose
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
ExitProcess
FindResourceA
LoadResource
LockResource
SizeofResource
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
SetHandleCount
InterlockedExchange

user32

GetNextDlgGroupItem
MessageBeep
UnregisterClassA
TranslateAcceleratorA
SetMenu
BringWindowToTop
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
GetKeyNameTextA
MapVirtualKeyA
SetParent
PostThreadMessageA
GetDCEx
LockWindowUpdate
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetMenu
GetClassInfoExA
CopyAcceleratorTableA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
IntersectRect
GetWindowPlacement
GetSysColor
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CharLowerA
CharLowerW
CharUpperA
CharUpperW
DrawIcon
AppendMenuA
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
CharNextA
GetDialogBaseUnits
DestroyIcon
WaitMessage
WindowFromPoint
DeleteMenu
GetSysColorBrush
EndPaint
BeginPaint
GetClassInfoA
GetWindowDC
SendMessageA
GetSystemMenu
IsIconic
GetWindowRect
GetClientRect
IsWindowVisible
LoadIconA
EnableWindow
GetSystemMetrics
FillRect
FrameRect
InvalidateRect
InvalidateRgn
SetTimer
KillTimer
SetCapture
GetParent
SetRectEmpty
IsRectEmpty
SetWindowPos
UnionRect
PtInRect
CopyRect
DestroyWindow
SetRect
ReleaseCapture
OffsetRect
ReleaseDC
GetDC
CreateWindowExA
LoadCursorA
GetIconInfo
DrawTextA
RemoveMenu
SetScrollRange

gdi32

SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocA
PtVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
SetArcDirection
PolyDraw
PolylineTo
PolyBezierTo
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
CreateHatchBrush
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
SetRectRgn
GetMapMode
DPtoLP
GetCharWidthA
CreateFontA
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
ArcTo
GetStockObject
SetGraphicsMode
SetROP2
SetPolyFillMode
GetDCOrgEx
ExtTextOutA
CreateDCA
CopyMetaFileA
GetDeviceCaps
SetTextColor
SetBkMode
StretchDIBits
RectVisible
CreateBitmap
SetBkColor
StretchBlt
SaveDC
GetClipBox
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
RestoreDC
GetObjectA
RealizePalette
GetDIBits
CreateDIBSection
DeleteDC
CreateDIBPatternBrushPt
SetBrushOrgEx
SelectObject
PatBlt
DeleteObject
GetTextExtentPoint32A
BitBlt
CreateCompatibleDC
CombineRgn
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateFontIndirectA
CreateSolidBrush
CreatePen
SetWorldTransform

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueA
RegCloseKey
RegCreateKeyA

shell32

SHGetFileInfoA
DragFinish
DragQueryFileA
ExtractIconA

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
StringFromGUID2
CoCreateInstance
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromString
CoRevokeClassObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleIsCurrentClipboard
OleSetClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
LoadTypeLi
SysFreeString

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 700KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 793B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9badaad62eb33fda5f7865ab87b9ed61

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 700KB - Virtual size: 697KB

.rdata Size: 132KB - Virtual size: 129KB

.data Size: 20KB - Virtual size: 32KB

.idata Size: 16KB - Virtual size: 15KB

.didat Size: 4KB - Virtual size: 793B

.rsrc Size: 180KB - Virtual size: 176KB

.reloc Size: 44KB - Virtual size: 41KB

.text
Size: 700KB - Virtual size: 697KB

.rdata
Size: 132KB - Virtual size: 129KB

.data
Size: 20KB - Virtual size: 32KB

.idata
Size: 16KB - Virtual size: 15KB

.didat
Size: 4KB - Virtual size: 793B

.rsrc
Size: 180KB - Virtual size: 176KB

.reloc
Size: 44KB - Virtual size: 41KB