64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49

Sharing

Copy URL Twitter E-mail

General

Target

64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49
Size

340KB
MD5

f1e554860ce8e8085935cc9a01429cdb
SHA1

c85f8a7e617dee6dd76f6574ebc3652ecc6d956a
SHA256

64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49
SHA512

8dff62f93666ff2eea2f9a017d02b57b4b3f84371f410afca32515b00993ec0f4e414107ed37970162cbb674d4df66f0f5244a81d2122023194fe6fe5cd5d63d
SSDEEP

6144:P5Ky1YQ7eWdfRqBgsdV9/rpq+tgqa454ecqY/W5R02qO7V6CjhQ:Pcy1YQ7eWdfRJsdLFDtZa0cq33j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49

Files

64d45bc38d4a4e60a23bb5fa06a2b99ec40bd86c8f0cdd7c68736ab192569e49
.exe windows x64

f3c11bfd4e970edf440aec1f2cc2b6fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
TraceMessage
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
DeregisterEventSource
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
RegisterEventSourceW
ReportEventW
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory

kernel32

HeapAlloc
HeapFree
GetProcessHeap
GetLastError
LockResource
LoadResource
FindResourceExW
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
SetEvent
InitializeCriticalSectionAndSpinCount
GetSystemTime
SystemTimeToFileTime
FreeLibrary
CloseHandle
SetLastError
SetThreadPriority
GetCurrentThread
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryW
CreateThread
WaitForSingleObject
GetModuleHandleW
CreateEventW
RegisterApplicationRestart
UnregisterWaitEx
RegisterWaitForSingleObject
HeapSetInformation
GetCommandLineW
EncodePointer
DecodePointer
LocalFree
GetModuleHandleExW
GetProcAddress
DeleteCriticalSection
FormatMessageW
LocalAlloc
LoadLibraryExW
CheckElevationEnabled
GetVersionExW
GetSystemDirectoryW
GetUserDefaultLCID
ExpandEnvironmentStringsW
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep

user32

CallWindowProcW
GetDesktopWindow
GetWindowLongW
SetForegroundWindow
SendMessageW
GetSysColor
MessageBoxW
SystemParametersInfoW
SetSysColors
SetCursor
PostMessageW
CreateWindowExW
RegisterClassW
GetCursorPos
PostQuitMessage
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
CopyIcon
LoadIconW
DestroyIcon
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
LoadCursorW
AllowSetForegroundWindow
DefWindowProcW

msvcrt

memcpy
memcmp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
swscanf_s
_vsnwprintf
memmove
_wcsicmp
towupper
_wtoi
wcsstr
wcschr
memset
_waccess_s
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead

sppcommdlg

SLUXActivationWizard

winbrand

BrandingLoadString

ntdll

WinSqmAddToStream

ole32

CoMarshalInterThreadInterfaceInStream
StringFromGUID2
CoRevokeClassObject
CoResumeClassObjects
CoUninitialize
CoGetInterfaceAndReleaseStream
CoInitializeSecurity
CoAllowSetForegroundWindow
CoSuspendClassObjects
CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance
CoInitializeEx
CoRegisterClassObject

rpcrt4

UuidFromStringW
I_RpcMapWin32Status
RpcStringFreeW
UuidToStringW

shell32

ShellExecuteExW
CommandLineToArgvW
Shell_NotifyIconW

slc

SLRegisterWindowsEvent
SLUnregisterWindowsEvent

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3c11bfd4e970edf440aec1f2cc2b6fd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

sppcommdlg

winbrand

ntdll

ole32

rpcrt4

shell32

slc

Sections

.text Size: 105KB - Virtual size: 104KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 228KB - Virtual size: 228KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 105KB - Virtual size: 104KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 228KB - Virtual size: 228KB

.reloc
Size: 1KB - Virtual size: 1KB