45879a3043cd1f4d1b120c15626c4f7f026536ac56b064eba93ac091df30c190

Sharing

Copy URL

Twitter E-mail

General

Target

45879a3043cd1f4d1b120c15626c4f7f026536ac56b064eba93ac091df30c190
Size

4.3MB
MD5

ec06bb272f6e91678fcbc64e86e2368a
SHA1

4f1f3704460c19f0e235ab471ba5aa3898e101ae
SHA256

45879a3043cd1f4d1b120c15626c4f7f026536ac56b064eba93ac091df30c190
SHA512

550052cb7e5882694f28d6280d61f663f6e89a986b23ef1aac36a99885f968d3435727516373f57972c64c23a1544eb71dbf6b096e1c56fefbb85f16afd9589d
SSDEEP

49152:GHj09S+WwiPXYxbfPLSAjb5F4C3LZjSdFGKrb8c+l66x12UxuL9xuLrxuL:GHV+/ifkWmJlGGKrb8c2vx13Kc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45879a3043cd1f4d1b120c15626c4f7f026536ac56b064eba93ac091df30c190

Files

45879a3043cd1f4d1b120c15626c4f7f026536ac56b064eba93ac091df30c190
.exe windows x64

8aa2df841a23724a1bda233230ac61c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

PlaySoundA

gdiplus

GdipSetImagePalette
GdipDisposeImage
GdipSetInterpolationMode
GdipScaleWorldTransform
GdipSetClipRectI
GdipDrawImageRectI
GdipCreateFromHDC
GdipDeleteGraphics
GdipTranslateWorldTransform
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage

kernel32

UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FindFirstFileW
FindNextFileW
GetModuleFileNameW
GetSystemPowerStatus
FindClose
GetLocaleInfoW
GetFileAttributesW
GetCurrentProcess
GetLocaleInfoA
MultiByteToWideChar
Sleep
GlobalSize
GlobalAlloc
GlobalFree
GetLocalTime
GlobalLock
WideCharToMultiByte
GetSystemTimeAsFileTime
GlobalMemoryStatus
GetTickCount
GlobalUnlock
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThreadId
InitializeSListHead
GetModuleHandleA

user32

RemoveMenu
AppendMenuA
GetDlgItemInt
LoadIconA
SetClipboardData
SendMessageA
ScrollWindowEx
GetClipboardData
GetDlgItem
GetUpdateRect
BringWindowToTop
CreateWindowExA
DefWindowProcA
AdjustWindowRect
MoveWindow
MessageBoxA
GetDlgItemTextW
ValidateRect
SetWindowPlacement
SetDlgItemTextW
LoadAcceleratorsA
EmptyClipboard
CloseClipboard
SetTimer
GetDlgItemTextA
TranslateAcceleratorA
OffsetRect
OpenClipboard
ShowWindow
GetSubMenu
GetWindowPlacement
GetScrollInfo
GetSystemMetrics
EndDialog
SendMessageW
FillRect
PostMessageA
LoadStringA
GetMenuItemCount
MessageBoxW
SetWindowPos
GetDC
DestroyWindow
LoadCursorA
GetMenu
GetWindowRect
DispatchMessageA
OpenIcon
GetMessageA
GetMenuItemInfoW
SetScrollInfo
EnableWindow
EnableMenuItem
ClientToScreen
TrackPopupMenu
LoadMenuA
AppendMenuW
PeekMessageA
SetRect
KillTimer
PostQuitMessage
SetScrollPos
SetDlgItemInt
DialogBoxParamW
FindWindowA
RegisterClassExA
GetClientRect
UpdateWindow
SetForegroundWindow
InvalidateRect
IsIconic
ReleaseDC
BeginPaint
EndPaint
TranslateMessage

gdi32

SetTextColor
SetBkColor
DeleteObject
CreateBitmap
CreateDIBSection
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
BitBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHGetSpecialFolderLocation
ShellExecuteA
SHGetMalloc
SHGetPathFromIDListW

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strrchr
memcpy
memmove
__std_terminate
__std_exception_destroy
__std_exception_copy
strchr
wcsrchr
__current_exception_context
wcschr
__C_specific_handler
_CxxThrowException
__current_exception
memset

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_callnewh
_set_new_mode
free

api-ms-win-crt-stdio-l1-1-0

fputc
__stdio_common_vfprintf
fseek
__stdio_common_vsscanf
__stdio_common_vsprintf
fread
fgetc
ungetc
fputs
_wfopen
__stdio_common_vswprintf
fgets
ferror
__stdio_common_vfwprintf
__acrt_iob_func
fflush
_set_fmode
fwrite
__p__commode
fclose
ftell

api-ms-win-crt-string-l1-1-0

wcsncpy
_wcsicmp
wcsncat
towupper
strtok
_strnicmp
_stricmp
isspace
isdigit
strncmp

api-ms-win-crt-runtime-l1-1-0

exit
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_errno
strerror
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-filesystem-l1-1-0

_wrename
_wremove
_wmkdir

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil
log
sqrt
pow

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 916KB - Virtual size: 927KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8aa2df841a23724a1bda233230ac61c4

Headers

DLL Characteristics

File Characteristics

Imports

winmm

gdiplus

kernel32

user32

gdi32

comdlg32

shell32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 916KB - Virtual size: 927KB

.pdata Size: 24KB - Virtual size: 23KB

.rsrc Size: 131KB - Virtual size: 131KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 916KB - Virtual size: 927KB

.pdata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 131KB - Virtual size: 131KB

.reloc
Size: 3KB - Virtual size: 2KB