5e20ff1afd14d7240482230428c1bb50a5b811216235738415e352f09d81f106

Sharing

Copy URL

Twitter E-mail

General

Target

5e20ff1afd14d7240482230428c1bb50a5b811216235738415e352f09d81f106
Size

1.3MB
MD5

b800b2b02c0ee5ccbbe255fb35b0c7b2
SHA1

481f0074eeb9482e1f1175e09a307e52af04db36
SHA256

5e20ff1afd14d7240482230428c1bb50a5b811216235738415e352f09d81f106
SHA512

dcc7f4042ed6d7eb91b969154321e650d49e8e7a5ea33d8045c50bf2885c24ed449b7474a59ee46b213ac1845786ce81ac9775a6fa97c8288b3aafba43fbf94d
SSDEEP

24576:4AougfZbSEo5bM7rvmlbBW8sRPEbyJlTaN8D1o:nouUXo5RFBURPcyJpaNIK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e20ff1afd14d7240482230428c1bb50a5b811216235738415e352f09d81f106

Files

5e20ff1afd14d7240482230428c1bb50a5b811216235738415e352f09d81f106
.exe windows x64

4930d2aa2db4a8cbd4b01b3d7f9d3463

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx

shell32

SHGetKnownFolderPath
SHAppBarMessage

oleaut32

SysAllocString
SafeArrayGetElement
SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString
VariantClear

dbghelp

SymGetLineFromAddr64
SymGetModuleBase64
SymGetSymFromAddr64
SymInitialize
SymFunctionTableAccess64
StackWalk64
SymSetOptions

dwmapi

DwmGetWindowAttribute
DwmUnregisterThumbnail
DwmRegisterThumbnail
DwmUpdateThumbnailProperties

dcomp

DCompositionCreateDevice

shlwapi

PathRemoveFileSpecW
SHCreateStreamOnFileEx

kernel32

RtlUnwind
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
ReadFile
FlushFileBuffers
GetTimeZoneInformation
GetConsoleOutputCP
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
RtlCaptureContext
GetCurrentProcess
GetModuleFileNameW
WaitForMultipleObjects
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
OpenProcess
CreateEventW
GetLastError
SetEvent
GetCurrentThread
CloseHandle
SetUnhandledExceptionFilter
K32GetProcessImageFileNameW
GetModuleHandleW
QueryFullProcessImageNameW
GetTimeFormatW
GetDateFormatW
HeapFree
FormatMessageW
ExitProcess
DeleteFileW
GetFileType
SetStdHandle
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedPushEntrySList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
GetProcAddress
HeapAlloc
GetSystemTimeAsFileTime
SetCurrentDirectoryW
WriteConsoleW
GetDynamicTimeZoneInformation
GetFileAttributesW
MultiByteToWideChar
Sleep
GetCurrentProcessId
WideCharToMultiByte
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
GetConsoleMode
OutputDebugStringA
SetEnvironmentVariableW
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
LocalFree
FormatMessageA
LoadLibraryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
WaitForSingleObjectEx
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW

user32

FindWindowExA
FindWindowA
GetWindowLongW
GetWindowThreadProcessId
IsWindowVisible
EnumChildWindows
CallNextHookEx
GetClassNameA
GetShellWindow
GetAsyncKeyState
MapVirtualKeyExW
GetKeyboardLayout
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookExW
CharUpperBuffW
EnumDisplayMonitors
GetDesktopWindow
GetAncestor
SendInput
MonitorFromWindow
GetWindowPlacement
LoadStringW
GetMonitorInfoW
SetLayeredWindowAttributes
GetClientRect
IsIconic
GetMessageW
DispatchMessageW
SetTimer
GetForegroundWindow
TranslateMessage
PostThreadMessageW
MessageBoxW
DefWindowProcW
DestroyWindow
SetWindowPos
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
ShowWindow
RegisterClassW
LoadCursorW
UpdateWindow
SetForegroundWindow
GetSysColor
GetKeyNameTextW

dwrite

DWriteCreateFactory

dxgi

CreateDXGIFactory2

d2d1

ord1

d3d11

D3D11CreateDevice

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

Sections

.text
Size: 497KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4930d2aa2db4a8cbd4b01b3d7f9d3463

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

oleaut32

dbghelp

dwmapi

dcomp

shlwapi

kernel32

user32

dwrite

dxgi

d2d1

d3d11

api-ms-win-eventing-provider-l1-1-0

Sections

.text Size: 497KB - Virtual size: 497KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 21KB - Virtual size: 29KB

.pdata Size: 24KB - Virtual size: 24KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 497KB - Virtual size: 497KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 21KB - Virtual size: 29KB

.pdata
Size: 24KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 572KB - Virtual size: 576KB