D801F5DE6ECA5FC6F96201D3A954E040[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

D801F5DE6ECA5FC6F96201D3A954E040.exe
Size

888KB
MD5

d801f5de6eca5fc6f96201d3a954e040
SHA1

ee25e271f4ee900771537b449d20282e9eca920f
SHA256

e1faf98caaf7f205dac143ceb826645763291e63bd58c315c76544d69bf6270b
SHA512

c183bb276f01009a1e54948a4ca48493cc40451c489f45029769c225e3fc7edb4e48bb034cdd2a12e83d8491f3166e400aa4e0b81eefa5190b9b43c4a2f2cd32
SSDEEP

12288:nfswMuwsmXMMhKxKMM3P7x9XeyrihWi5P6bstS3oQLMM:fswMuwnXnhKxKH7ze4iTIbsy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
D801F5DE6ECA5FC6F96201D3A954E040.exe

Files

D801F5DE6ECA5FC6F96201D3A954E040.exe
.dll windows x64

be192da06b82d5237a4c54a82b378129

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

EnumResourceTypesW
WriteFile
lstrcpynW
GetModuleHandleExW
SetTimeZoneInformation
ExpandEnvironmentStringsW
UnregisterWait
SetConsoleMode
GetConsoleCursorInfo
RtlPcToFileHeader
GetStringTypeExW
VirtualAlloc
WaitForDebugEvent
GetProcessAffinityMask
WakeAllConditionVariable
SetThreadpoolWaitEx
SetFileTime
GetUserDefaultLangID
AddSecureMemoryCacheCallback
GetModuleFileNameW
PurgeComm
CreateNamedPipeW
GetCommModemStatus
GetThreadLocale
SetEnvironmentVariableW
GetThreadSelectorEntry
SetThreadUILanguage
SetConsoleWindowInfo
GetNumaProcessorNodeEx
GetUserDefaultLocaleName
GetCompressedFileSizeTransactedW
GetNumaNodeNumberFromHandle
LocalHandle
SignalObjectAndWait
DeleteTimerQueueEx
GetProductInfo
GetConsoleFontSize
CompareStringOrdinal
DeleteAtom
GetDynamicTimeZoneInformation
GetConsoleAliasExesW
FoldStringW
InitializeCriticalSection
AllocateUserPhysicalPages
SetFilePointer
GetProcessMitigationPolicy
EnumUILanguagesW
GetEnvironmentVariableW
WriteFileEx
FindFirstFileTransactedW
EnumResourceNamesW
UnlockFileEx
PeekNamedPipe
FatalExit
CreateMutexW
CreateHardLinkW
GetConsoleScreenBufferInfoEx
FindClose
GetLocaleInfoW
WaitForSingleObject
LocalAlloc
GetDateFormatEx
GetCurrentThreadId
GetFileAttributesTransactedW
DebugActiveProcessStop
OpenEventW
GetVersionExW
ReleaseMutex
WaitForThreadpoolWorkCallbacks
SetThreadpoolThreadMinimum
ApplicationRecoveryFinished
GetSystemDirectoryW
GetComputerNameExW
IsBadCodePtr
CallbackMayRunLong
GetUILanguageInfo
Wow64EnableWow64FsRedirection
MapUserPhysicalPages
GlobalGetAtomNameW
UnmapViewOfFile
GetStringScripts
GetACP
PrepareTape
FindFirstChangeNotificationW
LCIDToLocaleName
OpenProcess
ApplicationRecoveryInProgress
GetVolumeNameForVolumeMountPointW
QueueUserWorkItem
GetLogicalDriveStringsW
EndUpdateResourceW
CreateEventW
RemoveSecureMemoryCacheCallback
SetFileAttributesTransactedW
ConvertThreadToFiberEx
MultiByteToWideChar
CloseThreadpoolCleanupGroupMembers
GetConsoleMode
QueryThreadProfiling
BuildCommDCBAndTimeoutsW
FormatMessageW
WritePrivateProfileStructW
GetDurationFormat
LocalFileTimeToFileTime
ReadThreadProfilingData
SetConsoleScreenBufferInfoEx
PowerCreateRequest
GetDevicePowerState
GetTickCount64
BuildCommDCBW
Wow64RevertWow64FsRedirection
GetLastError
WaitForThreadpoolWaitCallbacks
SetUserGeoID
ChangeTimerQueueTimer
AttachConsole
SetConsoleCursorInfo
GetLogicalProcessorInformationEx
ReleaseSRWLockExclusive
GetConsoleDisplayMode
GetConsoleProcessList
SetFileInformationByHandle
GetMaximumProcessorGroupCount
ConvertDefaultLocale
FindNextVolumeMountPointW
FillConsoleOutputCharacterW
GlobalSize
CreateFileA
FileTimeToSystemTime
CloseThreadpoolTimer
GetNamedPipeHandleStateW
GetSystemFileCacheSize
GetCurrentThread
GetMailslotInfo
ReadConsoleOutputW
InterlockedFlushSList
GetActiveProcessorGroupCount
FindCloseChangeNotification
GetApplicationRestartSettings
CreateThreadpoolWait
DefineDosDeviceW
GetFullPathNameTransactedW
EnumResourceNamesExW
GlobalAlloc
DeleteFileW
GetSystemDEPPolicy
HeapReAlloc
CloseHandle
SetProcessPreferredUILanguages
CreateThreadpoolCleanupGroup
SetThreadpoolTimer
ReleaseMutexWhenCallbackReturns
AllocateUserPhysicalPagesNuma
CompareStringEx
GetNumberFormatW
EnumResourceLanguagesW
FindNLSStringEx
RaiseException
FreeConsole
GetSystemInfo
CreateSymbolicLinkTransactedW
WriteProfileSectionW
BindIoCompletionCallback
SetProcessWorkingSetSizeEx
ReadFileEx
EnumCalendarInfoW
ResetEvent
IsDBCSLeadByte
SetComputerNameW
LoadResource
DiscardVirtualMemory
HeapAlloc
GetCurrencyFormatW
FileTimeToLocalFileTime
FatalAppExitW
GetLocalTime
GetConsoleOriginalTitleW
GetDefaultCommConfigW
GetMemoryErrorHandlingCapabilities
GetNLSVersionEx
GetQueuedCompletionStatusEx
UpdateResourceW
GetCurrentConsoleFontEx
CloseThreadpoolIo
SetVolumeMountPointW
FindNextFileNameW
SetThreadIdealProcessor
LocalSize
UnlockFile
GetDurationFormatEx
GetThreadContext
SubmitThreadpoolWork
DeleteFileTransactedW
FlushConsoleInputBuffer
SetThreadGroupAffinity
InitAtomTable
PeekConsoleInputW
GetErrorMode
VirtualLock
GetPriorityClass
GetProcAddress
UnregisterApplicationRestart
SetFilePointerEx
VirtualAllocEx
CreateMutexExW
UnregisterWaitEx
GetTimeFormatW
MoveFileExW
GetThreadId
GetProcessorSystemCycleTime
GetOverlappedResultEx
SetFileApisToOEM
AcquireSRWLockShared
GetFileSize
ExitProcess
VerSetConditionMask
LCMapStringW
FindVolumeClose
SetConsoleCP
FindFirstStreamW
GetCurrentProcessId
EnumSystemLocalesW
GetProcessHeap
CreateProcessW
IsValidLocale
IsValidLanguageGroup
CopyFileW
GetProfileStringW
WideCharToMultiByte
SetCommBreak
lstrcpyW
WinExec
CreateRemoteThread
DeleteBoundaryDescriptor
SleepConditionVariableSRW
RemoveVectoredContinueHandler
WritePrivateProfileSectionW
GetThreadTimes
FreeUserPhysicalPages
GetFileMUIInfo
CreateProcessA
ConvertFiberToThread
AddAtomW
DeleteTimerQueueTimer
QueryIdleProcessorCycleTime
EnumSystemFirmwareTables
GetSystemTime
Wow64GetThreadSelectorEntry
ReleaseSemaphoreWhenCallbackReturns
CopyFileExW
SetProcessWorkingSetSize
BackupRead
DosDateTimeToFileTime
SetThreadPreferredUILanguages
GetSystemWindowsDirectoryW
GetNumaNodeProcessorMaskEx
SetFileValidData
lstrcmpiW
BackupSeek
GetNLSVersion
CreateMailslotW
FreeLibraryWhenCallbackReturns
GetTickCount
WaitNamedPipeW
CreateFiberEx
GetTimeZoneInformationForYear
FlsFree
SetCommState
GetCalendarInfoEx
AllocConsole
ConvertThreadToFiber
lstrcmpW
EnumDateFormatsW
GetDllDirectoryW
GetStringTypeA
MulDiv
GetFirmwareEnvironmentVariableW
IsWow64Process
CreateFiber
GetVolumeInformationByHandleW
GetProcessTimes
OpenThread
GlobalReAlloc
LoadLibraryExW
GetConsoleSelectionInfo
IsDebuggerPresent
ConnectNamedPipe
DebugSetProcessKillOnExit
CheckRemoteDebuggerPresent
SetFileCompletionNotificationModes
WriteConsoleOutputCharacterW
CreateTimerQueue
FlushFileBuffers
GetCurrentConsoleFont
FileTimeToDosDateTime
RegisterApplicationRecoveryCallback
WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetUserDefaultLCID
GetConsoleOutputCP
GetFileSizeEx
GetFileType
GetStdHandle
ReadConsoleW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwindEx
TerminateProcess
GetCurrentProcess
SetProcessAffinityMask
FindNLSString
QueryProtectedPolicy
IsDBCSLeadByteEx
EnumCalendarInfoExEx
GetSystemTimeAdjustment
VirtualFree
EnterCriticalSection
RtlCaptureContext
AddDllDirectory
GetCommProperties
GetProfileSectionW
CreateEventExW
GetPhysicallyInstalledSystemMemory
HeapFree
CreateDirectoryTransactedW
CreateSemaphoreExW
VirtualProtect
GetSystemDefaultLCID
FindFirstVolumeW
SetProcessAffinityUpdateMode
SetEventWhenCallbackReturns
GetBinaryTypeW
WritePrivateProfileStringW
CreateTimerQueueTimer
CreateThreadpool
GlobalHandle
InitOnceBeginInitialize
CompareFileTime
NotifyUILanguageChange
StartThreadpoolIo
CloseThreadpool
GetCurrentProcessorNumberEx
FindFirstVolumeMountPointW
CloseThreadpoolWork
QueryInformationJobObject
QueryThreadpoolStackInformation
GetThreadPriorityBoost
SetInformationJobObject
GetVolumeInformationW
RemoveVectoredExceptionHandler
TryEnterCriticalSection
RemoveDirectoryTransactedW
QueryDosDeviceW
FindStringOrdinal
PowerSetRequest
QueryUnbiasedInterruptTime
ReadFile
SetSystemTimeAdjustment
GetPrivateProfileStructW
SleepConditionVariableCS
GetSystemFirmwareTable
LoadLibraryW
GetNumaHighestNodeNumber
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind

user32

GetGuiResources
DdeReconnect
MessageBeep
SetMenuItemBitmaps
PrivateExtractIconsW
GetMenuBarInfo
GetClassLongPtrW
GetAsyncKeyState
InSendMessage
SetTimer
IsDialogMessageW
IsChild
CreateCaret
SetCoalescableTimer
AttachThreadInput
DdeUnaccessData
SendDlgItemMessageW
MessageBoxA
GetSysColor
GetDialogBaseUnits
UnhookWindowsHookEx
SetLayeredWindowAttributes
IntersectRect
SendNotifyMessageW
BringWindowToTop
LoadCursorW
EnableScrollBar
DdeEnableCallback
UserHandleGrantAccess
DdeFreeStringHandle
UnregisterDeviceNotification
GetAncestor
GetDlgItemTextW

gdi32

SetRectRgn
AddFontMemResourceEx
CreateDIBSection
GetBkMode
SetPixel
CreateBitmapIndirect
FloodFill
GetTextExtentPointW
GetClipRgn
GetTextFaceW
BeginPath
GetPaletteEntries
LineDDA
CloseEnhMetaFile
PaintRgn
SetEnhMetaFileBits
GetTextCharset
GetNearestPaletteIndex
GetClipBox
OffsetClipRgn
PolyBezierTo
GetCurrentPositionEx
GetDCBrushColor
CreateEnhMetaFileW
OffsetViewportOrgEx
GetTextCharsetInfo
GetDeviceCaps
GetTextMetricsW
EqualRgn
SetPolyFillMode
GetSystemPaletteEntries
OffsetRgn
CreateRectRgn
GetGraphicsMode
GetMetaRgn
ExtCreatePen
CreateDiscardableBitmap
GetObjectW
MoveToEx
GetSystemPaletteUse
InvertRgn
CreateSolidBrush
CloseFigure
CreateBitmap
GetCharWidthI
Escape
CombineRgn
ExtTextOutW
DPtoLP
CreateMetaFileW
GetCharWidthW

crypt32

CryptStringToBinaryA

Exports

Exports

Iosfdvsgjweiuhgudu
PartitionWizardEntryPoint
Poafgiasjgfoadfjidah

Sections

.text
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be192da06b82d5237a4c54a82b378129

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

crypt32

Exports

Exports

Sections

.text Size: 450KB - Virtual size: 449KB

.data Size: 313KB - Virtual size: 320KB

.pdata Size: 27KB - Virtual size: 26KB

_RDATA Size: 1024B - Virtual size: 244B

.kdata Size: 93KB - Virtual size: 92KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 450KB - Virtual size: 449KB

.data
Size: 313KB - Virtual size: 320KB

.pdata
Size: 27KB - Virtual size: 26KB

_RDATA
Size: 1024B - Virtual size: 244B

.kdata
Size: 93KB - Virtual size: 92KB

.reloc
Size: 3KB - Virtual size: 2KB