485b5adb1046aad3ff23f34ba8ddb8624492075e8d23591bd866f4d038740b0a

Sharing

Copy URL Twitter E-mail

General

Target

485b5adb1046aad3ff23f34ba8ddb8624492075e8d23591bd866f4d038740b0a
Size

759KB
MD5

496911eff1c8c6fe034d84b93d8f9c81
SHA1

6fe6799efbf4509345664aa12713edcfdae8605f
SHA256

485b5adb1046aad3ff23f34ba8ddb8624492075e8d23591bd866f4d038740b0a
SHA512

747fa06d20271abd4a413e79f22871a75d4be7156e75d7522f7115a4d487224b105f283da0b45c81cc81b504e90b512d485ac0ea4d8a7773579762e2ce80d123
SSDEEP

12288:plmKuyDuXVyyWbmpNUsyxlX+D7Sx2j9E6NTG/66Ol4uHovH3J5z1bXgd+6E2:plmKuy2yyWbmCxlX8Sx2j91TG/66wUHE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
485b5adb1046aad3ff23f34ba8ddb8624492075e8d23591bd866f4d038740b0a

Files

485b5adb1046aad3ff23f34ba8ddb8624492075e8d23591bd866f4d038740b0a
.exe windows x86

1849762a074a3b72aab04e34fe8f0100

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

SetEndOfFile
FindFirstFileW
FindNextFileW
ReadFile
Sleep
lstrcmpiW
FindResourceW
LoadResource
LockResource
GetVersionExW
GetModuleHandleW
CreateProcessW
LocalFree
WaitForSingleObject
GetCurrentProcessId
MultiByteToWideChar
CreateMutexW
ReleaseMutex
EnterCriticalSection
FindClose
CreateDirectoryW
GetFullPathNameW
lstrlenW
SetFileAttributesW
DeleteFileW
InterlockedExchange
SetLastError
InterlockedExchangeAdd
GetTickCount
GetFileSizeEx
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
GetLocalTime
SetFilePointer
LeaveCriticalSection
GetLongPathNameW
GetFileAttributesExW
ExpandEnvironmentStringsW
WideCharToMultiByte
OpenProcess
GetCurrentProcess
GetFileAttributesW
HeapAlloc
VirtualQuery
GetACP
GetLogicalDriveStringsW
GetEnvironmentVariableW
GetModuleFileNameW
QueryDosDeviceW
WriteFile
GetUserDefaultLangID
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThreadId
MapViewOfFile
CreateFileMappingW
GetFileSize
CloseHandle
UnmapViewOfFile
CreateFileW
GetProcessHeap
DeleteCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
InitializeCriticalSection

user32

GetWindowRect
GetFocus
GetActiveWindow
LoadIconW
DefWindowProcW
GetParent
GetDesktopWindow
GetClassNameW
SetFocus
GetForegroundWindow
AttachThreadInput
WindowFromPoint
GetShellWindow
GetSystemMetrics
SetWindowPos
GetWindowThreadProcessId

ole32

OleInitialize
OleUninitialize

msvcp140

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_alloc@std@@YAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

2345miniui

?GetGlobalSkinPool@RCMiniUIManner@RC@@SAPAVRCMiniUISkinPoolInterface@2@XZ
?OnEnter@RCMiniUIDialogView@RC@@UAEXXZ
?BeforeWindowDestroy@RCMiniUIDialogView@RC@@UAEXXZ
?OnFirstLayouted@RCMiniUIDialogView@RC@@UAEXXZ
?OnDropFiles@RCMiniUIDialogView@RC@@UAEXABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?OnMouseEnterDialog@RCMiniUIDialogView@RC@@UAEXXZ
?OnMouseLeaveDialog@RCMiniUIDialogView@RC@@UAEXXZ
?OnAnimateShowEnded@RCMiniUIDialogView@RC@@UAEXXZ
?OnAnimateHideEnded@RCMiniUIDialogView@RC@@UAEXXZ
?OnDialogSkinChanged@RCMiniUIDialogView@RC@@UAEXXZ
?ProcessWindowMessage@RCMiniUIDialog@RC@@UAEHPAUHWND__@@IIJAAJK@Z
?OnFinalMessage@?$CDialogImplBaseT@VRCMiniAtlWindow@@@ATL@@UAEXPAUHWND__@@@Z
?GetDialogProc@?$CDialogImplBaseT@VRCMiniAtlWindow@@@ATL@@UAEP6GHPAUHWND__@@IIJ@ZXZ
?EndDialog@?$CDialogImpl@VRCMiniUIDialog@RC@@VRCMiniAtlWindow@@@ATL@@QAEHH@Z
?SetIcon@RCMiniAtlWindow@@QAEPAUHICON__@@PAU2@H@Z
??0RCMiniUIDialog@RC@@QAE@I@Z
??1RCMiniUIDialog@RC@@UAE@XZ
?GetHWND@RCMiniUIDialog@RC@@UAEPAUHWND__@@XZ
?WindowDefKeyPressed@RCMiniUIDialog@RC@@EAE_NIII@Z
?GetRootView@RCMiniUIDialogView@RC@@UAEPAVRCMiniUIView@2@XZ
?GetToolTip@RCMiniUIDialogView@RC@@UAEAAV?$CToolTipCtrlT@VCWindow@ATL@@@WTL@@XZ
?OnMouseMoveInDialog@RCMiniUIDialogView@RC@@UAEXABVCPoint@WTL@@I@Z
?OnDialogTimer@RCMiniUIDialogView@RC@@UAE_NIPAX@Z
?SetItemText@RCMiniUIDialogView@RC@@QAE_NIABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetItemAttribute@RCMiniUIDialogView@RC@@QAE_NIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?GetViewByID@RCMiniUIDialogView@RC@@QBEPAVRCMiniUIView@2@H@Z
?IsChecked@RCMiniUiImgChkBox@RC@@QAE_NXZ
?ReflectNotifications@?$CWindowImplRoot@VRCMiniAtlWindow@@@ATL@@QAEJIIJAAH@Z
?DoModal@RCMiniUIDialog@RC@@QAEHPAUHWND__@@J@Z
?GetGlobalStylePool@RCMiniUIManner@RC@@SAPAVRCMiniUIStylePoolInterface@2@XZ
?SetRenderFactory@RCMiniUIAppModule@RC@@QAE_NPAVRCMiniUIRenderFactory@2@@Z
?Term@RCMiniUIAppModule@RC@@QAEXXZ
?Init@RCMiniUIAppModule@RC@@QAEXPAUHINSTANCE__@@@Z
?Instance@RCMiniUIAppModule@RC@@SAAAV12@XZ
?InitRuntimeObject@RCMiniUIObjectFactory@RC@@SAXXZ
?GetGolobalStringPool@RCMiniUIResourceManager@RC@@SAPAVRCMiniUIStringPoolInterface@2@XZ
?GetGolobalFontPool@RCMiniUIResourceManager@RC@@SAPAVRCMiniUIFontPoolInterface@2@XZ
?CreateBitmap@RCMiniUIRenderFactorySkia@RC@@UAEPAVRCMiniUIBitmap@2@XZ
?CreateCanvas@RCMiniUIRenderFactorySkia@RC@@UAEPAVRCMiniUICanvas@2@HH_N@Z
?Initialize@RCMiniUIRenderFactorySkia@RC@@UAE_NXZ
??1RCMiniUIRenderFactorySkia@RC@@UAE@XZ
??0RCMiniUIRenderFactorySkia@RC@@QAE@XZ
?OnEsc@RCMiniUIDialogView@RC@@UAEXXZ

comctl32

InitCommonControlsEx

vcruntime140

strstr
wcsrchr
wcschr
memcpy
memchr
memmove
memset
_CxxThrowException
_except_handler4_common
_purecall
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
wcsstr
__RTDynamicCast

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo
terminate
_initialize_onexit_table
_register_onexit_function
_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
_crt_atexit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit

api-ms-win-crt-stdio-l1-1-0

ftell
__stdio_common_vsprintf_s
__p__commode
_set_fmode
_wfopen_s
fclose
fseek
rewind
fwrite
fread
__stdio_common_vswprintf
__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-string-l1-1-0

_stricmp
isalnum
_wcsicmp
towupper
_wcsnicmp
towlower
wcsncpy

api-ms-win-crt-convert-l1-1-0

atoi
_wtoi

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-math-l1-1-0

modf
_except1
__setusermatherr
_dtest

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1849762a074a3b72aab04e34fe8f0100

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

ole32

msvcp140

2345miniui

comctl32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 389KB - Virtual size: 389KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 255KB - Virtual size: 254KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 389KB - Virtual size: 389KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 255KB - Virtual size: 254KB

.reloc
Size: 17KB - Virtual size: 17KB