d48495d3744e7cdb0d7674ce83db335f9d6046f3b42d8582421412eb9db7b9b3

Sharing

Copy URL

Twitter E-mail

General

Target

d48495d3744e7cdb0d7674ce83db335f9d6046f3b42d8582421412eb9db7b9b3
Size

4.8MB
MD5

51bffc089bb81526a7568d044b13e95e
SHA1

2f8ad472a0232f8810220eaeaa382a1862a19542
SHA256

d48495d3744e7cdb0d7674ce83db335f9d6046f3b42d8582421412eb9db7b9b3
SHA512

7591ae70a47c900a5c32d3d33166c9d93031613170e002d1b245db43c9e9371fed3668628ad475f5a6c63999cc8c35c626fe14f221e31b2e3c3cede03213621c
SSDEEP

98304:eWwsUb1IIr+CBPWadwghZM2NDwvQfo3NHpUl:0vb1IVCQaygJwvqodHu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d48495d3744e7cdb0d7674ce83db335f9d6046f3b42d8582421412eb9db7b9b3

Files

d48495d3744e7cdb0d7674ce83db335f9d6046f3b42d8582421412eb9db7b9b3
.exe windows:5 windows x86 arch:x86

bb9318594d43cd6478998e74c00f7461

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetCurrentDirectoryW
CreateFileW
GetACP
ExitProcess
WriteFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetFileAttributesW
LocalFree
GlobalAlloc
GetModuleHandleA
GetLocalTime
lstrcpynW
lstrcpyW
WaitForSingleObject
VirtualQuery
MoveFileW
InitializeCriticalSection
FindClose
FileTimeToSystemTime
GetTempPathW
CreateFileA
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetLogicalDriveStringsW
GetSystemDirectoryW
LocalAlloc
VirtualAlloc
GlobalLock
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeviceIoControl
GetSystemDirectoryA
SetErrorMode
CreateProcessW
ReleaseMutex
CreateMutexW
GlobalMemoryStatus
SetCurrentDirectoryA
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
GetFileSize
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
GetTimeZoneInformation
GetModuleHandleExW
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
SetEndOfFile
WriteConsoleW
GetVersionExW
GetModuleFileNameA
LoadLibraryW
MulDiv
OpenProcess
InitializeSListHead
GetStartupInfoW
GetEnvironmentVariableW
ReadConsoleA
SetConsoleMode
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
EncodePointer
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetLastError
TryEnterCriticalSection
GetStringTypeW
WideCharToMultiByte
FormatMessageW
OutputDebugStringW
IsDebuggerPresent
GetSystemTime
ReadFile
GetFullPathNameW
ExitThread
SystemTimeToTzSpecificLocalTime
VerifyVersionInfoW
VerSetConditionMask
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableA
CompareFileTime
SleepEx
GlobalUnlock
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetModuleHandleW
GetProcAddress
FreeResource
InterlockedDecrement
GetDriveTypeW
FindResourceExW
CreateThread
CloseHandle
GetCommandLineW
DeleteCriticalSection
GetCurrentThreadId
GetProcessHeap
GetCurrentProcessId
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
RaiseException
HeapReAlloc
LockResource
GetLastError
Sleep
HeapSize
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
HeapFree
SizeofResource
VirtualFree

user32

RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
wsprintfW
SetWindowRgn
InflateRect
LoadCursorW
SetCursor
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
OffsetRect
UnionRect
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetCaretBlinkTime
GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
KillTimer
SetTimer
ReleaseCapture
HideCaret
ShowWindow
SetCaretPos
GetCaretPos
ClientToScreen
UpdateWindow
PrivateExtractIconsW
DestroyIcon
DrawIconEx
SetCapture
GetKeyState
GetFocus
SetFocus
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
EqualRect
SetWindowTextW
GetWindowTextW
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
UpdateLayeredWindow
MoveWindow
IsWindowEnabled
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
PostMessageW
MonitorFromPoint
GetDC
GetProcessWindowStation
GetUserObjectInformationW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetClassInfoExW
ShowCaret
GetKeyNameTextW
MapVirtualKeyExW
GetCursor
CreateCaret
GetCursorPos
GetMessageW
DispatchMessageW
PeekMessageW
CharNextW
TranslateMessage
MessageBoxW
SendMessageW
GetActiveWindow
ActivateKeyboardLayout
PostQuitMessage
ReleaseDC

advapi32

CryptEnumProvidersW
RegCloseKey
RegQueryInfoKeyW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
RegQueryValueExW
GetUserNameW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
CryptGenRandom

shell32

SHGetPathFromIDListW
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteExW
SHGetFileInfoW
DragQueryFileW
SHBrowseForFolderW

ole32

OleLockRunning
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VariantInit
SysFreeString
VarUI4FromStr
VariantClear
SysAllocString

shlwapi

PathCombineW
PathRemoveExtensionW
PathStripToRootW
PathIsSameRootW
PathFindFileNameW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW

dbghelp

MiniDumpWriteDump

urlmon

ObtainUserAgentString

gdi32

SetTextColor
SetStretchBltMode
GetObjectA
MoveToEx
SelectClipRgn
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
BitBlt
CreateCompatibleBitmap
ExtSelectClipRgn
LineTo
GetTextExtentPoint32W
SetBkColor
StretchBlt
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
TextOutW
SetBkMode
GetDeviceCaps

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

gdiplus

GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
ord1
GdipCreateSolidFill
GdipDeletePath
GdipCreatePath
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipRotateMatrix
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipDrawLine
GdipGetImageGraphicsContext
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreatePen2
GdipCloneBrush
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRect
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipResetWorldTransform
GdipSetWorldTransform
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipRotateWorldTransform
GdipDeleteBrush
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAddPathLine

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

crypt32

CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertOpenStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CryptMsgClose
CryptQueryObject
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CertOpenSystemStoreW

ws2_32

WSAEnumNetworkEvents
WSAEventSelect
recvfrom
WSACloseEvent
freeaddrinfo
sendto
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
getnameinfo
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
getaddrinfo
gethostbyname
gethostname
WSAStartup
WSACreateEvent
shutdown

wldap32

ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord301

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195.4MB - Virtual size: 195.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb9318594d43cd6478998e74c00f7461

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

dbghelp

urlmon

gdi32

comctl32

gdiplus

imm32

crypt32

ws2_32

wldap32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 578KB - Virtual size: 578KB

.data Size: 47KB - Virtual size: 73KB

.rsrc Size: 195.4MB - Virtual size: 195.4MB

.reloc Size: 109KB - Virtual size: 109KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 578KB - Virtual size: 578KB

.data
Size: 47KB - Virtual size: 73KB

.rsrc
Size: 195.4MB - Virtual size: 195.4MB

.reloc
Size: 109KB - Virtual size: 109KB