b9b4d9a3664e7dc937f220d2d293dd48[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b9b4d9a3664e7dc937f220d2d293dd48.exe
Size

933KB
MD5

b9b4d9a3664e7dc937f220d2d293dd48
SHA1

1c3194db8b1176a96348d308354891d6b2f6bc98
SHA256

2f43530c4997efcd600d9f32c3841ad818f7426b4446bd037b93022e8b556dbf
SHA512

4708f19fd03efb8495ec5c1eb1b28f9e35382afeb1b5066b9ca3f621819aa593fe7445e74ef247ec32737d485c56dce35ef44e89b6a9919fda519f13c8c20602
SSDEEP

12288:K72Y4b/l0Dp6E3d51qvii3mmm6AV5Cqylkg5ZQnXlV5Za5Za5Zj:GcyPd5kRhAVdcpmt44F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9b4d9a3664e7dc937f220d2d293dd48.exe

Files

b9b4d9a3664e7dc937f220d2d293dd48.exe
.exe windows x64

de5ffdef0b7fe6105bfe44941d62fcd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
TraceEvent
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventRegister
EventWrite
EventUnregister

kernel32

LocalAlloc
GetSystemPowerStatus
FormatMessageW
SetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
CreateProcessW
Sleep
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
GetVersionExA
GetSystemDirectoryW
CreateThread
lstrcmpW
GetCommandLineW
SetLastError
CloseHandle
RegisterApplicationRestart
ReleaseMutex
CreateMutexW
SetUnhandledExceptionFilter
GetModuleHandleW
HeapSetInformation
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
ExpandEnvironmentStringsW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
OutputDebugStringA
MulDiv
RaiseException
GetStartupInfoW

gdi32

GetDeviceCaps
SetBkColor
GetBkColor
GetTextExtentPoint32W
BitBlt
SetBrushOrgEx
SetViewportOrgEx
SetLayout
GetLayout
SelectClipRgn
CreateRectRgn
GdiGradientFill
LineTo
MoveToEx
SetDCPenColor
CreateDIBSection
SetTextColor
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
SelectObject
GetTextMetricsW
DeleteDC
CreateSolidBrush
GetObjectW
GetStockObject
SetBkMode
GdiAlphaBlend
Polygon

user32

EnumDisplaySettingsExW
SystemParametersInfoW
GetSysColor
QueryDisplayConfig
GetDisplayConfigBufferSizes
EndPaint
DrawEdge
BeginPaint
PtInRect
SetRect
GetWindowLongW
ValidateRect
LoadStringW
UnregisterClassA
SetClassLongPtrW
UnhookWindowsHookEx
GetWindowLongPtrW
GetActiveWindow
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
SetWindowsHookExW
GetWindowInfo
CopyRect
GetWindowRect
GetMonitorInfoW
GetSysColorBrush
GetSystemMetrics
LoadCursorW
SetWindowLongPtrW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetClassLongPtrW
FrameRect
MonitorFromRect
GetWindowPlacement
GetNextDlgTabItem
InvalidateRect
GetFocus
MapWindowPoints
GetClientRect
CreateWindowExW
GetParent
OffsetRect
ChangeDisplaySettingsExW
PostMessageW
GetDlgItem
CallWindowProcW
SetWindowTextW
EnumChildWindows
EnableWindow
GetWindowTextW
SetDlgItemTextW
KillTimer
ReleaseDC
GetDC
NotifyWinEvent
CallNextHookEx
GetDlgCtrlID
GetKeyState
DrawIconEx
InflateRect
DestroyWindow
CreateDialogParamW
SendMessageW
DestroyIcon
LoadImageW
AllowSetForegroundWindow
GetIconInfo
PostQuitMessage
EnumDisplayDevicesW
FindWindowW
SetForegroundWindow
GetForegroundWindow
IsIconic
DrawFocusRect
DrawTextW
ShowWindow
GetClassInfoW
IsWindowEnabled
FillRect
DefWindowProcW
SetTimer
SetWindowPos
SendDlgItemMessageW
MoveWindow
RegisterClassW
LoadIconW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW

msvcrt

ceilf
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
__C_specific_handler
memset
_purecall
__RTDynamicCast
wcstok
wcscspn
wcstol
_wcsicmp
free
memmove_s
??_U@YAPEAX_K@Z
_vsnwprintf
??2@YAPEAX_K@Z
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_initterm
memcpy

oleaut32

SafeArrayGetElement
SysAllocString
SysFreeString
VariantClear
VariantInit

powrprof

PowerDeterminePlatformRole
PowerSettingAccessCheck
PowerReadDCValue
PowerSetActiveScheme
PowerGetActiveScheme
PowerReadFriendlyName
GetPwrCapabilities

batmeter

CleanupBatteryData
SubscribeBatteryUpdateNotification
CreateBatteryData
UnsubscribeBatteryUpdateNotification
BatMeterOnDeviceChange
UpdateBatteryDataAsync
QueryBatteryData
GetBatteryStatusText
SetBatteryLevel

winmm

waveOutGetNumDevs
PlaySoundW

shell32

ShellExecuteW
ord100
SHGetKnownFolderIDList
ord155
DuplicateIcon
ShellExecuteExW

shlwapi

PathFileExistsW
ord618
ord437
StrTrimW
ord219
PathGetArgsW
PathRemoveBlanksW

ole32

CLSIDFromString
CoCreateInstance
CoSetProxyBlanket
CreateStreamOnHGlobal
CoInitializeSecurity
CoUninitialize
CoInitialize

ntdll

EtwTraceMessage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

slc

SLGetWindowsInformationDWORD

rpcrt4

UuidFromStringW

gdiplus

GdipCloneImage
GdipDisposeImage
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipCreateFromHDC
GdipDrawLine
GdipFillPath
GdipCreatePath
GdipCreatePen1
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageHeight
GdipFillRectangle
GdipImageRotateFlip
GdipFree
GdipCreateBitmapFromStream
GdipCreateSolidFill
GdipDeletePath
GdipAddPathLine
GdipDeleteBrush
GdipDeleteGraphics
GdipCreateLineBrush
GdipSetSmoothingMode
GdipDeletePen

uxtheme

OpenThemeData
BufferedPaintInit
BufferedPaintUnInit
BeginBufferedPaint
DrawThemeTextEx
EndBufferedPaint
BufferedPaintSetAlpha
GetThemePartSize
GetThemeBackgroundContentRect
GetThemeTextExtent
DrawThemeText
GetThemeColor
CloseThemeData
DrawThemeBackground

wlanapi

WlanCloseHandle
WlanGetInterfaceCapability
WlanSetInterface
WlanFreeMemory
WlanOpenHandle
WlanRegisterNotification
WlanQueryInterface
WlanEnumInterfaces

wmi

WmiOpenBlock
WmiExecuteMethodW
WmiNotificationRegistrationW
WmiCloseBlock
WmiQueryAllDataW
WmiQuerySingleInstanceW

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawIndirect
ImageList_Destroy
ord344
ord345

dwmapi

DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 780KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de5ffdef0b7fe6105bfe44941d62fcd6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

oleaut32

powrprof

batmeter

winmm

shell32

shlwapi

ole32

ntdll

slc

rpcrt4

gdiplus

uxtheme

wlanapi

wmi

comctl32

dwmapi

wtsapi32

Sections

.text Size: 143KB - Virtual size: 142KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 780KB - Virtual size: 780KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 143KB - Virtual size: 142KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 780KB - Virtual size: 780KB

.reloc
Size: 3KB - Virtual size: 2KB