1f7e7fb3bca7add220e8b77d873f3e9e6203522058d2ec23c67595f5ce17b7a8

Sharing

Copy URL Twitter E-mail

General

Target

1f7e7fb3bca7add220e8b77d873f3e9e6203522058d2ec23c67595f5ce17b7a8
Size

1.8MB
MD5

8ed032de6b9b8f53143222e077d36016
SHA1

19760f68e6d7ba957e0f0684603b74fe2af73ace
SHA256

1f7e7fb3bca7add220e8b77d873f3e9e6203522058d2ec23c67595f5ce17b7a8
SHA512

58e1f7bbf22d6045583f21492c5e644d380822fe0bdd6307804fc6c22b6688b507b2a4411a55fd57ea93d9885b219f0d229f752670760cfa41e0929acc22bcee
SSDEEP

49152:cAPIi/zFkMp/g938Ps/DAaqZWowRboeb6:RtM35

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f7e7fb3bca7add220e8b77d873f3e9e6203522058d2ec23c67595f5ce17b7a8

Files

1f7e7fb3bca7add220e8b77d873f3e9e6203522058d2ec23c67595f5ce17b7a8
.exe windows x64

50efbb6e8536a93cc683d1deb38861d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
CreateFileW
GetFileSizeEx
ReadFile
WriteFile
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemInfo
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
VirtualAlloc
GetLocalTime
VirtualFree
GetLastError
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
InitOnceBeginInitialize
InitOnceComplete
GetCPInfoExW
InitializeCriticalSectionEx
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
OutputDebugStringA
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource

user32

TranslateMessage
GetMonitorInfoW
IsIconic
EnumWindows
IsWindowVisible
LoadIconW
DefWindowProcW
PostMessageW
GetWindowRect
SetWindowPos
SetWindowLongPtrW
EnumDisplayMonitors
CreateWindowExW
GetWindowLongPtrW
RegisterClassExW
ShowWindow
MessageBoxW
UpdateLayeredWindow
PostQuitMessage
UpdateWindow
OpenClipboard
CloseClipboard
EmptyClipboard
LoadCursorW
SetClipboardData
SetCursor
SetTimer
GetWindowTextLengthW
KillTimer
GetDC
SendMessageW
GetSystemMetrics
ReleaseDC
DispatchMessageW
GetMessageW

dwmapi

DwmSetWindowAttribute
DwmGetWindowAttribute

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

gdi32

GetDIBits
SetDIBits
BitBlt
CreateCompatibleBitmap
DeleteObject
DeleteDC
StretchBlt
CreateCompatibleDC
SelectObject

ole32

CoTaskMemFree
CoCreateInstance

msvcp140

?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
_Xtime_get_ticks
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Xlength_error@std@@YAXPEBD@Z
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$numpunct@D@std@@2V0locale@2@A
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__RTDynamicCast
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__current_exception_context
__C_specific_handler
memcpy
__current_exception
memmove
memcmp
_purecall
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_c_exit
_exit
exit
_initterm_e
_initterm
terminate
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
abort
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_beginthreadex
_register_thread_local_exe_atexit_callback

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_set_new_mode
_callnewh
realloc

api-ms-win-crt-string-l1-1-0

toupper
strnlen

api-ms-win-crt-math-l1-1-0

sin
sqrt
_fdclass
tan
cos
cbrt
pow
_ldclass
copysign
fmod
__setusermatherr
_dclass
_ldsign
sqrtf
_fdsign
_dsign
floor
atan2

api-ms-win-crt-stdio-l1-1-0

fputs
__stdio_common_vsprintf
__p__commode
__acrt_iob_func
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50efbb6e8536a93cc683d1deb38861d8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

dwmapi

imm32

gdi32

ole32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 3KB - Virtual size: 1.0MB

.pdata Size: 31KB - Virtual size: 30KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 3KB - Virtual size: 1.0MB

.pdata
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1KB - Virtual size: 1KB