03Ufx1036UnK2u8q6bm21127W05x281G24S29bq1023SrjwnfxjQv2f4Et20n51S1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

03Ufx1036UnK2u8q6bm21127W05x281G24S29bq1023SrjwnfxjQv2f4Et20n51S1.exe
Size

597KB
MD5

a593bfb98dc74c83bdd3bd42bc6cbfc1
SHA1

661e6efdf19a04da42d6f476d5a1d41de6237c77
SHA256

9c80faf127e0922acee1519d622f98be801dd873fd084a58b86493ddf219dd89
SHA512

7997bcef6b2a270e34a1d036e27bd1130cb906b43dadf6f5cf545a2bbfeaa64d7a8dbe1847c4cdd65f523b6787ca488de47f7c4e1eef2ec811435c8c761c509f
SSDEEP

12288:Nbs/UxNnztfP43FTUeFa1QYYmwU3z0gCs/yKJ22nk3L07F+:hs2npfP1eFaeYYmwtgCs/ys22nk3L07M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03Ufx1036UnK2u8q6bm21127W05x281G24S29bq1023SrjwnfxjQv2f4Et20n51S1.exe

Files

03Ufx1036UnK2u8q6bm21127W05x281G24S29bq1023SrjwnfxjQv2f4Et20n51S1.exe
.exe windows x86

ce598fe86ba97e26cdd8f7e590e0946a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dpp

?set_title@embed@dpp@@QAEAAU12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_description@embed@dpp@@QAEAAU12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1embed@dpp@@QAE@XZ
??0embed@dpp@@QAE@XZ
?add_file@message@dpp@@QAEAAU12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?add_embed@message@dpp@@QAEAAU12@ABUembed@2@@Z
??1message@dpp@@UAE@XZ
??0version_checker@dpp@@QAE@XZ
??0embed@dpp@@QAE@ABU01@@Z
??0message@dpp@@QAE@ABU01@@Z
?cout_logger@utility@dpp@@YA?AV?$function@$$A6AXABUlog_t@dpp@@@Z@std@@XZ
?log_error@utility@dpp@@YA?AV?$function@$$A6AXABUconfirmation_callback_t@dpp@@@Z@std@@XZ
?read_file@utility@dpp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z
??0webhook@dpp@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1webhook@dpp@@UAE@XZ
??0cluster@dpp@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IIII_NUcache_policy_t@1@II@Z
??1cluster@dpp@@UAE@XZ
?execute_webhook@cluster@dpp@@QAEXABVwebhook@2@ABUmessage@2@_NVsnowflake@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6AXABUconfirmation_callback_t@dpp@@@Z@7@@Z
?execute_webhook_sync@cluster@dpp@@QAE?AUmessage@2@ABVwebhook@2@ABU32@_NVsnowflake@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0snowflake@dpp@@QAE@AB_K@Z
??0message@dpp@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4message_type@1@@Z
?set_color@embed@dpp@@QAEAAU12@I@Z

kernel32

GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
QueryPerformanceCounter
GetModuleFileNameA
Process32First
SetConsoleTextAttribute
SetConsoleTitleA
GetCurrentProcess
GetStdHandle
WriteFile
TerminateProcess
SetProcessShutdownParameters
SetFilePointer
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
Sleep
DeleteFileA
MultiByteToWideChar
CloseHandle
FreeConsole
CreateThread
ExitProcess
GetCurrentProcessId
UnhandledExceptionFilter
GlobalMemoryStatusEx
GetConsoleWindow
CreateProcessA
AllocConsole
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GlobalAlloc
Process32Next
OutputDebugStringA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent

user32

OpenClipboard
GetWindowThreadProcessId
GetWindowRect
MessageBeep
GetWindowLongA
MessageBoxA
BlockInput
SystemParametersInfoA
GetDesktopWindow
FindWindowA
DispatchMessageA
TranslateMessage
PeekMessageA
PostQuitMessage
UpdateWindow
GetWindowLongW
AdjustWindowRectEx
GetKeyState
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
GetCursorPos
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CloseClipboard
ReleaseDC
SetCursorPos
CreateWindowExA
SetLayeredWindowAttributes
EmptyClipboard
IsIconic
SetForegroundWindow
ReleaseCapture
RegisterClassExA
UnregisterClassA
GetClientRect
SetWindowLongW
SetClipboardData
SetCursor
SetCapture
GetClipboardData
SetFocus
BringWindowToTop

gdi32

GetDeviceCaps

advapi32

RegCreateKeyExA
CreateServiceA
OpenServiceA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyExA
ControlService
DeleteService
RegCloseKey
OpenSCManagerA
RegQueryValueExA
CloseServiceHandle

shell32

SHEmptyRecycleBinW

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?good@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

d3d9

Direct3DCreate9

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntryA

iphlpapi

GetAdaptersInfo

vcruntime140

_CxxThrowException
_except_handler4_common
__current_exception_context
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
__CxxFrameHandler3
memchr
memcpy
memmove
memset

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
ftell
fseek
setvbuf
fgetpos
fflush
fwrite
_wfopen
__stdio_common_vfprintf
__p__commode
fgetc
__stdio_common_vsprintf
__acrt_iob_func
fread
fputc
_set_fmode
__stdio_common_vsscanf
fclose

api-ms-win-crt-string-l1-1-0

isalpha
strcpy_s
strncmp
strncpy
toupper
_stricmp
tolower

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-convert-l1-1-0

strtod
strtoull
strtoll

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_initialize_onexit_table
_seh_filter_exe
_set_app_type
_initialize_narrow_environment
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
exit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_controlfp_s
terminate
system
_errno
_register_onexit_function
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
rename
_unlock_file

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

ceil
_libm_sse2_acos_precise
_libm_sse2_sqrt_precise
_dclass
_libm_sse2_cos_precise
_libm_sse2_sin_precise
__setusermatherr

Sections

.text
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce598fe86ba97e26cdd8f7e590e0946a

Headers

DLL Characteristics

File Characteristics

Imports

dpp

kernel32

user32

gdi32

advapi32

shell32

imm32

msvcp140

d3d9

urlmon

wininet

iphlpapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 470KB - Virtual size: 470KB

.rdata Size: 105KB - Virtual size: 104KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 470KB - Virtual size: 470KB

.rdata
Size: 105KB - Virtual size: 104KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 16KB - Virtual size: 16KB