e8a68f83e371ea96deffdd888d91487048478ad0c3f31934b11f5316e0873ad9

Sharing

Copy URL Twitter E-mail

General

Target

e8a68f83e371ea96deffdd888d91487048478ad0c3f31934b11f5316e0873ad9
Size

771KB
MD5

2e8688f83335fb24e683a42654b25bb5
SHA1

3f8518bb9343a27f9573d3f18606ddfc43588b59
SHA256

e8a68f83e371ea96deffdd888d91487048478ad0c3f31934b11f5316e0873ad9
SHA512

d6576376f5532f75f519a5a6994a5f47f0b60093fc7135152e84335a6158cf200acbc0ee1c592338fa15b6ee6b6f70dca5d258031589f28a5c1e2e1304564532
SSDEEP

6144:fmoyUE1TUVg2LLbf6B0EXNiBG++LdvEEdwn+TowbWwINq+9kbuE9e6jcLT:MUE5UxLbiBLX4BQPdw+swdg7T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8a68f83e371ea96deffdd888d91487048478ad0c3f31934b11f5316e0873ad9

Files

e8a68f83e371ea96deffdd888d91487048478ad0c3f31934b11f5316e0873ad9
.exe windows x64

680ceca5d0d057bf1ae26967a1d76d73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord380
InitCommonControlsEx
ord412
ImageList_Destroy
ImageList_Create
PropertySheetW
ImageList_AddMasked
ord410
ord413
CreateStatusWindowW

shlwapi

PathUnquoteSpacesW
PathIsDirectoryW
PathAppendW
PathMatchSpecW
StrTrimW
PathAddBackslashW
SHAutoComplete
StrStrIW
PathFindFileNameW
StrCatBuffW
StrChrW
StrRetToBufW
PathRenameExtensionW
StrRChrW
StrFormatByteSizeW
PathCompactPathExW
StrStrW
PathCommonPrefixW
PathFindExtensionW
PathCanonicalizeW
PathIsRootW
PathUnExpandEnvStringsW
PathIsPrefixW
PathRelativePathToW
StrDupW
PathRemoveFileSpecW
PathCombineW
PathIsRelativeW
PathIsSameRootW
PathRemoveBackslashW
PathQuoteSpacesW

uxtheme

GetThemeSysFont
IsAppThemed
CloseThemeData
OpenThemeData
SetWindowTheme

kernel32

GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
WritePrivateProfileStringW
HeapFree
lstrcpynW
GetShortPathNameW
GetModuleFileNameW
GetPrivateProfileSectionW
GetFileAttributesW
GetVersionExW
GetSystemDirectoryW
HeapSize
SetFileAttributesW
GetPrivateProfileStringW
lstrcatW
GetNativeSystemInfo
HeapAlloc
GetCurrentDirectoryW
lstrcpyW
WritePrivateProfileSectionW
CompareStringOrdinal
WaitForSingleObject
GlobalAlloc
GlobalFree
CreateThread
SizeofResource
SearchPathW
GetFullPathNameW
GetCurrentProcess
lstrlenW
ExpandEnvironmentStringsW
GetFinalPathNameByHandleW
GetLocaleInfoEx
CreateFileW
GetPrivateProfileSectionNamesW
FreeResource
OpenProcess
CreateEventW
GlobalSize
LockResource
CloseHandle
ResetEvent
LoadResource
FindResourceW
GetWindowsDirectoryW
GetProcAddress
GlobalLock
LocalFree
GetModuleHandleW
QueryFullProcessImageNameW
GlobalUnlock
MulDiv
CreateDirectoryW
GetFileSizeEx
GetCommandLineW
WriteFile
GetTimeFormatEx
SetErrorMode
GetDateFormatEx
FindFirstChangeNotificationW
GetFileAttributesExW
FileTimeToSystemTime
FindCloseChangeNotification
FileTimeToLocalFileTime
FindNextChangeNotification
SetCurrentDirectoryW
GetProcessHeap
FreeLibrary
CopyFileW
LoadLibraryExW
GetModuleHandleExW
TerminateProcess
ExitProcess
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
GetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
SetEvent

user32

EnumWindows
SetMenuDefaultItem
SetWindowPlacement
SetMenuItemInfoW
SetTimer
OffsetRect
GetSubMenu
TrackPopupMenu
LoadAcceleratorsW
GetWindowPlacement
RegisterClassExW
UnregisterClassW
GetSystemMetrics
DeleteMenu
ShowOwnedPopups
MonitorFromWindow
EqualRect
IsWindowVisible
GetDC
GetFocus
ShowWindowAsync
LoadMenuW
GetKeyState
AdjustWindowRectEx
DefWindowProcW
GetMenuItemInfoW
GetMessageW
IntersectRect
GetWindowLongW
GetWindowTextLengthW
PostMessageW
CheckMenuRadioItem
GetWindowRect
DestroyWindow
SetWindowPos
CheckRadioButton
MessageBoxExW
SetWindowLongPtrW
CreateWindowExW
SetFocus
EndDialog
SetWindowTextW
MessageBeep
CreatePopupMenu
GetWindowLongPtrW
WindowFromPoint
DestroyCursor
LoadStringW
BringWindowToTop
TranslateAcceleratorW
FindWindowW
CheckMenuItem
IsZoomed
KillTimer
PostQuitMessage
EnableMenuItem
RegisterWindowMessageW
UpdateWindow
IsIconic
ReleaseDC
GetWindowThreadProcessId
DrawAnimatedRects
DeferWindowPos
GetSystemMenu
GetWindow
FindWindowExW
CopyImage
MonitorFromRect
SetActiveWindow
OpenClipboard
DispatchMessageW
RedrawWindow
DdeCreateStringHandleW
DdeConnect
GetMonitorInfoW
GetActiveWindow
ShowWindow
BeginDeferWindowPos
wvsprintfW
DestroyIcon
GetDlgCtrlID
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
GetSysColor
IsWindowEnabled
IsDlgButtonChecked
DestroyMenu
GetMenuStringW
LoadIconW
LoadCursorW
GetClassNameW
SetCapture
EndDeferWindowPos
SetCursor
wsprintfW
TrackPopupMenuEx
GetComboBoxInfo
GetDlgItem
AppendMenuW
CheckDlgButton
GetParent
ReleaseCapture
InvalidateRect
ChildWindowFromPoint
GetCursorPos
EnableWindow
GetWindowTextW
CloseClipboard
EmptyClipboard
PeekMessageW
MapWindowPoints
DdeInitializeW
DdeUninitialize
DialogBoxIndirectParamW
GetMessageTime
DdeClientTransaction
SetPropW
TranslateMessage
InsertMenuW
SetClipboardData
SetWindowLongW
GetClientRect
SetRect
DdeDisconnect
SystemParametersInfoW
DdeFreeStringHandle
SetForegroundWindow
LoadImageW
SetCursorPos
GetPropW
SendMessageW
RemovePropW
SetLayeredWindowAttributes

gdi32

DeleteObject
CreateSolidBrush
GetDeviceCaps
GetObjectW
GetStockObject
CreateFontIndirectW

comdlg32

GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

advapi32

RegDeleteTreeW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
RegQueryValueExW
OpenProcessToken
RegSetValueExW
RegOpenKeyExW

shell32

SHFileOperationW
SHBrowseForFolderW
SHGetKnownFolderIDList
ShellExecuteExW
SHGetPathFromIDListW
SHGetDataFromIDListW
SHGetDesktopFolder
ord180
SHAppBarMessage
SHOpenFolderAndSelectItems
SHGetKnownFolderPath
ord190
DragQueryFileW
Shell_NotifyIconW
SHCreateDirectoryExW
DragAcceptFiles
DragFinish
SHGetFileInfoW
ShellExecuteW

ole32

CoCreateInstance
DoDragDrop
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
OleInitialize

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

680ceca5d0d057bf1ae26967a1d76d73

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 150KB - Virtual size: 150KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 3KB - Virtual size: 17KB

.pdata Size: 6KB - Virtual size: 6KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 550KB - Virtual size: 550KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 150KB - Virtual size: 150KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 3KB - Virtual size: 17KB

.pdata
Size: 6KB - Virtual size: 6KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 550KB - Virtual size: 550KB

.reloc
Size: 2KB - Virtual size: 1KB