pcyyb__installer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

pcyyb__installer.exe
Size

6.3MB
MD5

ceb0320e8ecca7765f2b645ad0c3126c
SHA1

2b7783eab695504684219521c0840cbca8e6bd6a
SHA256

258059c1d7ca6e90820d7b869d2368d4963bde7b3d95c39f0aad14cbb85c1868
SHA512

2439271346d399a24e04ca9cd320c9c56c880f32ae455be79045f216d90fbaca9b503088c78ba6d8d6316d69058c49cbc49cc909b59dc906acf7057395a5354e
SSDEEP

98304:GqpNBOLTydkla9/NXXiJJ+uCJDI7BclWSV7SxyqxrF:GqPBO6klaJNCJJGJsBeaF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pcyyb__installer.exe

Files

pcyyb__installer.exe
.exe windows x64

c7ac36df3257232e10a0076296487fe0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

opengl32

wglMakeCurrent
wglDeleteContext
glGetString
wglCreateContext

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord143
ord41
ord50
ord45
ord60
ord211
ord46
ord217

normaliz

IdnToAscii

crypt32

CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject

ws2_32

sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
shutdown
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
gethostname
gethostbyname
ioctlsocket

kernel32

GetDiskFreeSpaceExW
Process32FirstW
RaiseException
GetSystemInfo
LoadLibraryW
GetActiveProcessorCount
DecodePointer
GetProcAddress
IsProcessorFeaturePresent
DeleteCriticalSection
FreeLibrary
WideCharToMultiByte
CreateProcessA
GetDriveTypeW
GetExitCodeProcess
HeapFree
HeapSize
GlobalFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcessHeap
GetCurrentProcessId
K32GetModuleFileNameExW
GetEnvironmentVariableW
GetFileAttributesW
GetSystemTimeAsFileTime
TerminateProcess
GetCommandLineW
LocalFree
GetCurrentDirectoryW
GetFileSize
GetTickCount
GlobalUnlock
GlobalLock
lstrlenW
GetACP
ExitProcess
MulDiv
CreateDirectoryW
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
SystemTimeToFileTime
FormatMessageW
InitializeCriticalSectionAndSpinCount
VerSetConditionMask
VerifyVersionInfoW
GlobalAlloc
GetLocalTime
lstrcmpiW
lstrcpynW
lstrcpyW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
Sleep
SetLastError
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
WaitForMultipleObjects
CreateFileA
GetFullPathNameW
SetEndOfFile
GetTempPathW
SetFilePointerEx
CreateToolhelp32Snapshot
CreateDirectoryExW
InitializeCriticalSection
CreateMutexW
SignalObjectAndWait
ReleaseSemaphore
CreateSemaphoreW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
GetFileInformationByHandle
DeleteFileW
GetFileAttributesExW
GetCurrentThreadId
GetSystemDirectoryW
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
VirtualAlloc
VirtualFree
CreateEventW
SetEvent
CreateDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
SwitchToThread
CopyFileW
GetVersionExW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
OutputDebugStringW
FlushViewOfFile
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
GetSystemTime
FormatMessageA
FlushFileBuffers
RtlVirtualUnwind
GlobalMemoryStatus
FlushConsoleInputBuffer
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
RtlPcToFileHeader
GetFileInformationByHandleEx
SetFileInformationByHandle
FindFirstFileExW
GetNativeSystemInfo
GetExitCodeThread
InitializeSRWLock
InitOnceBeginInitialize
InitOnceComplete
GetCPInfoExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetModuleHandleA
ReleaseMutex
WaitForSingleObject
CreateMutexA
Process32NextW
OpenMutexA
GetLastError
SetFileAttributesW
GetLocaleInfoW
InitializeCriticalSectionEx
PeekNamedPipe
CreatePipe
DeviceIoControl
GetCurrentProcess
GetLogicalDrives
GetModuleHandleW
GlobalMemoryStatusEx
GetPhysicallyInstalledSystemMemory
FindResourceW
LoadResource
LockResource
FreeResource
WriteFile
SizeofResource
AddVectoredExceptionHandler
CloseHandle
CreateFileW
GetModuleFileNameW
GetFileSizeEx
ReadFile
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetCommandLineA
CreateThread
ExitThread
FreeLibraryAndExitThread
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
FileTimeToSystemTime
SetConsoleCtrlHandler
GetConsoleCP
SetEnvironmentVariableW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetTimeZoneInformation
SetConsoleMode
ReadConsoleInputW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
MoveFileExW
RtlUnwind

user32

MapVirtualKeyExW
FindWindowW
ShowWindow
ReleaseDC
GetSystemMetrics
GetDC
RegisterClassW
UnregisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
GetWindowRect
EnumDisplayDevicesW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
GetKeyboardLayout
SetForegroundWindow
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
GetWindowTextW
SetWindowTextW
EqualRect
UpdateWindow
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetRect
FillRect
DrawTextW
CharUpperW
GetWindowRgn
IsWindowEnabled
MoveWindow
UpdateLayeredWindow
MessageBoxW
SetWindowRgn
SetWindowLongPtrW
GetWindowLongPtrW
AdjustWindowRectEx
GetPropW
SetPropW
GetMenu
EnableWindow
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
wsprintfW
InflateRect
LoadCursorW
SetCursor
PostMessageW
IsWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetKeyNameTextW
GetProcessWindowStation
GetUserObjectInformationW
CharPrevW
GetWindowTextLengthW
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW

gdi32

CreateRoundRectRgn
CreateRectRgn
PtInRegion
CreateDIBSection
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
GetObjectW
GetTextMetricsW
SetBitmapBits
GetTextExtentPointA
CreatePatternBrush
GetDeviceCaps
SetPixelFormat
ChoosePixelFormat
BitBlt
CreateCompatibleBitmap
SetWindowOrgEx
SelectClipRgn
ExtSelectClipRgn
SetBkColor
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GetBitmapBits
GdiFlush
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
PlayEnhMetaFile

shell32

SHGetSpecialFolderPathW
SHGetFolderPathA
CommandLineToArgvW
SHGetPathFromIDListW
ShellExecuteExW
SHBrowseForFolderW
DragQueryFileW
SHGetFolderPathW

ole32

CoCreateGuid
CoCreateInstance
PropVariantClear
CoTaskMemAlloc
DoDragDrop
CoInitializeEx
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoInitialize
CoTaskMemFree
OleDuplicateData
CoUninitialize

oleaut32

SysStringLen
SysAllocStringLen
VariantInit
SysFreeString
VariantClear
SysAllocString

advapi32

CryptGetHashParam
RegQueryValueExW
RegOpenKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptAcquireContextW
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipAddPathArc
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreatePen1
GdipDeleteBrush
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetPenMode
GdipCreateSolidFill
GdipSetWorldTransform
GdipResetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectRect
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDrawImageI
GdipDrawLine
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetPenEndCap
GdipSetPenStartCap
GdipDeleteFont
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDeletePen
GdipDrawString
GdipCreatePen2

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

shlwapi

PathFileExistsW
StrCpyNW
PathAppendW
StrRChrW

winhttp

WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse

bcrypt

BCryptGenRandom

netapi32

Netbios

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 997KB - Virtual size: 996KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QMGuid
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7ac36df3257232e10a0076296487fe0

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

wldap32

normaliz

crypt32

ws2_32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

comctl32

gdiplus

imm32

shlwapi

winhttp

bcrypt

netapi32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 997KB - Virtual size: 996KB

.data Size: 203KB - Virtual size: 228KB

.pdata Size: 141KB - Virtual size: 140KB

_RDATA Size: 512B - Virtual size: 244B

.QMGuid Size: 512B - Virtual size: 32B

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 997KB - Virtual size: 996KB

.data
Size: 203KB - Virtual size: 228KB

.pdata
Size: 141KB - Virtual size: 140KB

_RDATA
Size: 512B - Virtual size: 244B

.QMGuid
Size: 512B - Virtual size: 32B

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 34KB - Virtual size: 33KB