afb92916bb49b40b1103233fa2c6b52c25c428d9908e6e10faddba0e4030945a

Sharing

Copy URL Twitter E-mail

General

Target

afb92916bb49b40b1103233fa2c6b52c25c428d9908e6e10faddba0e4030945a
Size

647KB
MD5

83fedf0e057554e12334d97ce3be2c0f
SHA1

3336b8a696f82fa3da221c9a24be1c7b1d845ee1
SHA256

afb92916bb49b40b1103233fa2c6b52c25c428d9908e6e10faddba0e4030945a
SHA512

4fd6e8a7c7e5115e4fa69b07d756d0d58e19cdc0bb39be4fcab4667d04163d0ac881b89f5816cc9fc47809ed4d5f7b2d5df42f6c2eba5b055c63971839b9348d
SSDEEP

6144:kwXuhDenzBiQK0+T7tmDORilbF625qtwk68EOdmeqxxrlVP15khOs7K5:kYuEiQKtkDZbF62W9od7X

Score

N/A

Malware Config

Signatures

Files

afb92916bb49b40b1103233fa2c6b52c25c428d9908e6e10faddba0e4030945a
.exe windows x64

30cc2420b80785d09db35b9ef972ead1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TrySubmitThreadpoolCallback
WaitForSingleObjectEx
SetEvent
SetLastError
CreateEventExW
LoadLibraryW
InitializeSListHead
GetStartupInfoW
CreateEventW
ResetEvent
K32GetProcessImageFileNameW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
SetThreadpoolWait
GetCurrentProcess
CreateThreadpoolWait
CloseThreadpoolWait
LocalFree
RaiseException
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
MultiByteToWideChar
GetPackageFullName
GetCurrentThreadId
FormatMessageW
IsDebuggerPresent
WriteFile
CreateFile2
OpenMutexW
WaitForSingleObject
ReleaseMutex
GetSystemTime
LoadLibraryExW
GetProcAddress
LocalAlloc
FreeLibrary
DeleteFileW
FindNextFileW
FindFirstFileW
CloseHandle
CreateDirectoryW
GetConsoleScreenBufferInfo
WriteConsoleOutputCharacterA
SetConsoleCursorPosition
SetThreadPriority
GetCurrentThread
InterlockedPushEntrySList
EnterCriticalSection
GetLastError
LeaveCriticalSection
InitializeCriticalSection
Sleep
QueryFullProcessImageNameA
DeleteCriticalSection
QueryPerformanceCounter
GetExitCodeProcess
GetModuleFileNameA
ReleaseSRWLockExclusive
QueryFullProcessImageNameW
GetApplicationUserModelId
OpenProcess
CompareStringOrdinal
SetThreadpoolTimer
CreateThreadpoolTimer
DebugBreak
GetModuleHandleW
GetProcessHeap
CreateMutexExW
HeapAlloc
OpenSemaphoreW
GetModuleHandleExW
ReleaseSemaphore
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockShared
TryAcquireSRWLockShared
ReleaseSRWLockShared
GlobalMemoryStatusEx
HeapFree
GetSystemTimeAsFileTime
CreateSemaphoreExW
EncodePointer
GetCurrentProcessId
DuplicateHandle
InitOnceExecuteOnce
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
DecodePointer

user32

GetWindowLongW
GetKeyNameTextW
MapVirtualKeyW
IsWindowVisible
DefWindowProcW
GetAsyncKeyState
PostThreadMessageW
SetWinEventHook
RegisterRawInputDevices
PeekMessageW
CreateWindowExW
RegisterClassW
DestroyWindow
GetAncestor
SetWindowLongW
GetWindowThreadProcessId
GetWindow
GetMessageW
GetGUIThreadInfo
EnumWindows
EnumDesktopWindows
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetShellWindow
GetForegroundWindow
GetWindowTextW
InternalGetWindowText
IsImmersiveProcess
GetClassNameW
GetDesktopWindow
UnhookWinEvent

shlwapi

PathFindFileNameW
PathFindFileNameA

ole32

CoGetApartmentType
CoTaskMemFree
CoTaskMemAlloc
CoAddRefServerProcess
StringFromCLSID
CoResumeClassObjects
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoInitializeSecurity
CoReleaseServerProcess
CoRegisterClassObject
CoGetObjectContext
CoRevokeClassObject
CoCreateInstance

shell32

SHGetFileInfoW
SHGetKnownFolderPath
ShellExecuteExW

advapi32

EnableTraceEx2
GetTokenInformation
ConvertSidToStringSidW
EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegGetValueW
ControlTraceA
CloseTrace
StartTraceA
ControlTraceW
CreateWellKnownSid
OpenTraceA
ProcessTrace
CheckTokenMembership
OpenProcessToken

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsStringHasEmbeddedNull

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

tdh

TdhGetPropertySize
TdhGetEventInformation
TdhGetProperty

rpcrt4

RpcServerInqCallAttributesW

ntdll

NtQuerySystemInformation
NtQueryInformationProcess

pdh

PdhGetFormattedCounterArrayW
PdhCloseQuery
PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW

coremessaging

CreateDispatcherQueueController

dxgi

CreateDXGIFactory2

msvcp140

??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Mtx_init_in_situ
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Cnd_timedwait
_Mtx_current_owns
_Xtime_get_ticks
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
_Mtx_destroy_in_situ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
memset
memcpy
_purecall
__std_exception_copy
__std_exception_destroy
__std_terminate
memmove
memcmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
fopen_s
__p__commode
__stdio_common_vsnprintf_s
fclose
_set_fmode
__stdio_common_vsprintf
__stdio_common_vswprintf_s
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

_cexit
_seh_filter_exe
_set_app_type
_crt_atexit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_beginthreadex
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_invalid_parameter_noinfo_noreturn
exit
_initialize_onexit_table
_errno
terminate
_invalid_parameter_noinfo

api-ms-win-crt-string-l1-1-0

strcpy_s
wcstok_s
wcsncmp
_wcsicmp
_stricmp
iswspace

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
malloc

api-ms-win-crt-convert-l1-1-0

wcstol
wcstoul

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-math-l1-1-0

ceilf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

oleaut32

SetErrorInfo
SysAllocString
GetErrorInfo
SysStringLen
SysFreeString

Sections

.text
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30cc2420b80785d09db35b9ef972ead1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

ole32

shell32

advapi32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

tdh

rpcrt4

ntdll

pdh

coremessaging

dxgi

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

oleaut32

Sections

.text Size: 327KB - Virtual size: 327KB

.rdata Size: 182KB - Virtual size: 182KB

.data Size: 111KB - Virtual size: 121KB

.pdata Size: 19KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 327KB - Virtual size: 327KB

.rdata
Size: 182KB - Virtual size: 182KB

.data
Size: 111KB - Virtual size: 121KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB