CMLauncher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CMLauncher.exe
Size

13.4MB
MD5

ea7261b30d0f9f8e368fa30282d32114
SHA1

45b4e3ff96c2eff9d68096f3e9c33e3dc483c0db
SHA256

5726f6ca5c22ee5bdcf782015fc52d0645d5ffe10fcac176e061b92ecec811db
SHA512

f80ec8f792fa9c875b7e300605ab00e5ebf84be9ca9c225edeca8ab778f56d2f3f2463cfbfc8a6d22f5867fd1be0a37e6df337bf75c46c1a9974588f5e0cb1c8
SSDEEP

393216:CQxCocISgoGk7c4xBoCpiNvJJ5lVqFbu8pfDa:1x+7c4x2CpiNvJJ5lVqxp

Score

N/A

Malware Config

Signatures

Files

CMLauncher.exe
.exe windows x86

abf6e401163b00f3a8e117a28ced125d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrFormatKBSizeA
PathRemoveFileSpecW
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

imagehlp

StackWalk

ntdll

RtlUnwind
VerSetConditionMask

winmm

PlaySoundA
timeBeginPeriod

kernel32

GetDateFormatW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetCurrentProcessId
TlsGetValue
GetProcessId
QueryPerformanceCounter
Sleep
GetCurrentThread
SetThreadPriority
GetLocaleInfoA
GetUserDefaultUILanguage
GetCommandLineA
CloseHandle
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetSystemInfo
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
DuplicateHandle
GetSystemTime
LocalFree
FormatMessageA
FormatMessageW
SystemTimeToFileTime
CreateFileA
GetLastError
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
InitializeCriticalSectionEx
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
SetLastError
FreeLibrary
ReleaseMutex
WaitForSingleObject
CreateMutexA
TlsSetValue
SetSearchPathMode
VerifyVersionInfoW
OpenProcess
K32GetModuleFileNameExA
Process32First
Process32Next
TlsAlloc
TlsFree
VirtualAlloc
VirtualFree
VirtualQuery
HeapCreate
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
GetModuleHandleW
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForMultipleObjects
QueueUserAPC
TerminateThread
GetLocalTime
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
OutputDebugStringA
CreateProcessA
IsWow64Process
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
AllocConsole
FreeConsole
GetConsoleWindow
K32EmptyWorkingSet
K32GetMappedFileNameA
K32GetProcessMemoryInfo
K32GetProcessImageFileNameA
GlobalSize
MulDiv
CopyFileA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LoadLibraryW
InitializeCriticalSection
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
CompareStringA
lstrcmpA
GlobalGetAtomNameA
GetTimeFormatW
CreateEventA
GlobalAddAtomA
FindClose
FindFirstFileA
FlushFileBuffers
GetFileSize
GetFullPathNameA
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
GetVolumeInformationA
LoadLibraryExA
lstrcmpiA
GlobalFlags
EncodePointer
GetSystemDirectoryW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
FindResourceA
GlobalFindAtomA
GetVersionExA
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
GetLocaleInfoW
GetOEMCP
GetCPInfo
GetCurrentDirectoryA
GetACP
lstrcpyA
FindResourceExW
GetWindowsDirectoryA
VerifyVersionInfoA
GetTempPathA
GetTickCount
GetProfileIntA
SearchPathA
GetTempFileNameA
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetFilePointerEx
DeviceIoControl
CreateDirectoryExW
CopyFileW
MoveFileExW
FindFirstFileW
FindNextFileW
AreFileApisANSI
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
CompareStringW
GetStdHandle
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SleepEx
MoveFileExA
CompareFileTime
GetEnvironmentVariableA
PeekNamedPipe
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SwitchToThread
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateHardLinkW
CancelIo
LCMapStringW
CreateProcessW
GetConsoleOutputCP
SetStdHandle
GetCommandLineW
SetConsoleCtrlHandler
SetEnvironmentVariableW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreatePipe
WriteConsoleW
FileTimeToSystemTime
GetModuleHandleExW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
SleepConditionVariableSRW
GetExitCodeThread
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
FindFirstFileExW
GetFinalPathNameByHandleW
GetStringTypeW
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
ExitProcess
OutputDebugStringW
GetLocaleInfoEx
CompareStringEx
LCMapStringEx

dbghelp

MiniDumpWriteDump

oleaut32

VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
SysAllocStringByteLen
SysAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString
VarBstrFromDate

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

shell32

SHAppBarMessage
SHBrowseForFolderA
DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetFolderPathW
SHGetFileInfoA
SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation

uxtheme

DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent

wininet

InternetCanonicalizeUrlA

mswsock

GetAcceptExSockaddrs
AcceptEx

gdiplus

GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipBitmapLockBits
GdipDisposeImage
GdipGetImageHeight
GdipSetInterpolationMode
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

crypt32

CertGetIntendedKeyUsage
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertOpenSystemStoreA
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertGetCertificateContextProperty
CertFreeCertificateContext

iphlpapi

CancelMibChangeNotify2
NotifyUnicastIpAddressChange

Exports

Exports

AmdPowerXpressRequestHighPerformance
GetInterface
NvOptimusEnablement

Sections

.text
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abf6e401163b00f3a8e117a28ced125d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

imagehlp

ntdll

winmm

kernel32

dbghelp

oleaut32

msimg32

winspool.drv

shell32

uxtheme

wininet

mswsock

gdiplus

oleacc

crypt32

iphlpapi

Exports

Exports

Sections

.text Size: 9.3MB - Virtual size: 9.3MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 1.6MB - Virtual size: 1.7MB

.cdata Size: 1024B - Virtual size: 516B

_RDATA Size: 10KB - Virtual size: 9KB

.rsrc Size: 202KB - Virtual size: 201KB

.reloc Size: 455KB - Virtual size: 455KB

.text
Size: 9.3MB - Virtual size: 9.3MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 1.6MB - Virtual size: 1.7MB

.cdata
Size: 1024B - Virtual size: 516B

_RDATA
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 202KB - Virtual size: 201KB

.reloc
Size: 455KB - Virtual size: 455KB