d966926e46b2d48335172e26651f0c26a3b5c8f68410f13f51578cf46c0fff17

Sharing

Copy URL Twitter E-mail

General

Target

d966926e46b2d48335172e26651f0c26a3b5c8f68410f13f51578cf46c0fff17
Size

1.8MB
MD5

f02452454858e983d165095a33a2ac35
SHA1

a9c6abeb75a7a18e5186273ad99fa88affaa9fcb
SHA256

d966926e46b2d48335172e26651f0c26a3b5c8f68410f13f51578cf46c0fff17
SHA512

67c16e46fccd953c3e9f7fc2b6e3416a541bc8f38565aa297d5a7331094adb109712e723ef6d6cc54486d30b8fad6f842fd029b5190cb9fbd26f3c6fd39a9111
SSDEEP

24576:iowXdE7pTZya1KFJum3hRX8SvtsBk7amlbBW8sRPEbyJlTaN8D1o:i3m7zF1Yuahtvp7bFBURPcyJpaNIK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d966926e46b2d48335172e26651f0c26a3b5c8f68410f13f51578cf46c0fff17

Files

d966926e46b2d48335172e26651f0c26a3b5c8f68410f13f51578cf46c0fff17
.exe windows x64

4960a74a9200aed28dfefb112c9a158d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dbghelp

SymFunctionTableAccess64
SymGetModuleBase64
SymSetOptions
StackWalk64
SymGetLineFromAddr64
SymGetSymFromAddr64
SymInitialize

kernel32

GetCurrentThread
OpenProcess
RtlUnwind
GetFileTime
GetCurrentThreadId
WaitForSingleObject
CreateMutexW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
CloseHandle
GetOEMCP
GetACP
GetModuleFileNameW
GetCurrentProcess
RtlCaptureContext
GetModuleHandleW
LocalFree
LocalSize
GetLastError
LocalAlloc
lstrlenW
GetSystemTimePreciseAsFileTime
GetCommandLineA
SetUnhandledExceptionFilter
WriteConsoleW
GetDynamicTimeZoneInformation
GetFileAttributesW
MultiByteToWideChar
Sleep
GetCurrentProcessId
WideCharToMultiByte
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
GetConsoleMode
OutputDebugStringA
SetEnvironmentVariableW
IsDebuggerPresent
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
TerminateProcess
WaitForMultipleObjects
ReleaseMutex
CreateEventW
FormatMessageW
OutputDebugStringW
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW
HeapAlloc
GetProcAddress
CreateMutexExW
GetProcessHeap
DebugBreak
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
QueryFullProcessImageNameW
ProcessIdToSessionId
LoadLibraryW
FreeLibrary
FormatMessageA
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
RtlPcToFileHeader
InitOnceComplete
InitOnceBeginInitialize
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
IsValidCodePage
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
SetStdHandle
GetFileType
DeleteFileW
ExitProcess
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
GetConsoleOutputCP
GetTimeZoneInformation
FlushFileBuffers
ReadFile
ReadConsoleW
HeapReAlloc
RtlLookupFunctionEntry

user32

RegisterClassExW
GetWindowLongPtrW
CreateWindowExW
EnumDisplayMonitors
SetWindowLongPtrW
DestroyWindow
GetWindowRect
PostMessageW
UnregisterHotKey
DefWindowProcW
GetPhysicalCursorPos
RegisterWindowMessageW
SetWindowLongW
LoadCursorW
SetLayeredWindowAttributes
GetLayeredWindowAttributes
GetCursorInfo
RemovePropW
GetWindowLongW
IsWindow
EnumChildWindows
GetWindowThreadProcessId
GetKeyNameTextW
CharUpperBuffW
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyExW
SetPropW
GetAsyncKeyState
RegisterHotKey
MoveWindow
MapWindowPoints
ShowWindow
SetWindowPos
SendInput
GetAncestor
SetForegroundWindow
GetWindowDpiAwarenessContext
GetClassNameW
SetWindowPlacement
GetWindowPlacement
GetShellWindow
GetClassNameA
GetSystemMetrics
MonitorFromRect
IsWindowVisible
GetWindow
EnumDisplayDevicesW
GetClientRect
MonitorFromWindow
AreDpiAwarenessContextsEqual
GetCursorPos
SetThreadDpiAwarenessContext
UnhookWinEvent
SetWinEventHook
GetDesktopWindow
PostQuitMessage
GetPropW
GetMonitorInfoW
SetWindowsHookExW
GetForegroundWindow
UnhookWindowsHookEx
GetMessageW
DispatchMessageW
SetThreadDpiHostingBehavior
MonitorFromPoint
IsIconic
EnumWindows
SetProcessDpiAwarenessContext
LoadStringW
CallNextHookEx
MessageBoxW
KillTimer
PostThreadMessageW
TranslateMessage
SetTimer

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

uxtheme

BufferedPaintInit
BufferedPaintUnInit

dwmapi

DwmGetWindowAttribute
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

gdi32

DeleteObject
CreateRectRgn

advapi32

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegGetValueW

shell32

SHGetKnownFolderPath
ShellExecuteExW

ole32

StringFromCLSID
CoInitializeSecurity
CoInitializeEx
CoCreateGuid
CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler

oleaut32

SysFreeString
GetErrorInfo
VariantClear
SetErrorInfo
SysAllocString
SysStringLen

rpcrt4

UuidHash

dwrite

DWriteCreateFactory

d2d1

ord1

Sections

.text
Size: 791KB - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4960a74a9200aed28dfefb112c9a158d

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

kernel32

user32

api-ms-win-shcore-scaling-l1-1-1

uxtheme

dwmapi

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

dwrite

d2d1

Sections

.text Size: 791KB - Virtual size: 791KB

.rdata Size: 218KB - Virtual size: 217KB

.data Size: 27KB - Virtual size: 39KB

.pdata Size: 37KB - Virtual size: 37KB

_RDATA Size: 512B - Virtual size: 512B

.rsrc Size: 150KB - Virtual size: 150KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 791KB - Virtual size: 791KB

.rdata
Size: 218KB - Virtual size: 217KB

.data
Size: 27KB - Virtual size: 39KB

.pdata
Size: 37KB - Virtual size: 37KB

_RDATA
Size: 512B - Virtual size: 512B

.rsrc
Size: 150KB - Virtual size: 150KB

.reloc
Size: 572KB - Virtual size: 576KB