07b694e5288712bcb443aa797c38cf6fe9a77a995f912b154b88f9af6efe26dd

Sharing

Copy URL Twitter E-mail

General

Target

07b694e5288712bcb443aa797c38cf6fe9a77a995f912b154b88f9af6efe26dd
Size

5.7MB
MD5

4f8cd7b5007ff854350d807e92eb0095
SHA1

1357bdee17fb72c3c8874a812b60b2d792f7f96c
SHA256

07b694e5288712bcb443aa797c38cf6fe9a77a995f912b154b88f9af6efe26dd
SHA512

fd108cdb5e5537f32ddcc382e02d65e46b32ebe48acd5f83a661560da16aa1438986830baf713ddf9f3e4cb02726e662726ba0c81eb562e6e3b4c7b5b3daa493
SSDEEP

98304:5qq1aFeSSzCuj7Jw9ONaiqE7wahU8DzUOqoSPP7Fm9fVvStgmraBf8xT7:8qQUEmJw9M/hzDzUOWPP7Fm9fV9muBfw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07b694e5288712bcb443aa797c38cf6fe9a77a995f912b154b88f9af6efe26dd

Files

07b694e5288712bcb443aa797c38cf6fe9a77a995f912b154b88f9af6efe26dd
.dll windows x64

552e12107cb04c9aabae089ad6e470a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

CreatePipe
SetNamedPipeHandleState
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
WaitNamedPipeA
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceA
LoadLibraryExA
CreateDirectoryW
DeleteFileW
SetHandleInformation
FindFirstFileW
GetFileAttributesW
GetCompressedFileSizeW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSectionEx
DisableThreadLibraryCalls
OutputDebugStringA
FreeLibrary
CreateFileW
FlushFileBuffers
SetEndOfFile
SetFilePointer
CopyFileW
MoveFileW
FindNextFileW
VirtualQuery
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetEvent
CloseHandle
WriteFile
ReadFile
GetFileAttributesA
CreateFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetEnvironmentVariableA
GetSystemTimeAsFileTime
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentThreadId
GetCurrentProcessId
GetLastError
VirtualProtect
GetSystemInfo
FindClose
InitializeSListHead
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
RaiseException
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetAsyncKeyState
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptHashData
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptVerifySignatureA
CryptDestroyHash
GetUserNameA
CryptCreateHash

shell32

SHGetKnownFolderPath
SHFileOperationW
SHGetFolderPathA
ShellExecuteA

ole32

CoTaskMemFree

msvcp140

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??Bid@locale@std@@QEAA_KXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

bcrypt

BCryptDestroyKey
BCryptDecrypt
BCryptEncrypt
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptBinaryToStringA
CryptImportPublicKeyInfo

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

vcruntime140

memset
memmove
_purecall
strstr
__C_specific_handler
__current_exception
__current_exception_context
__std_type_info_destroy_list
memcpy
memcmp
memchr
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
__RTDynamicCast

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
_crt_at_quick_exit
_wassert
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_getpid
_beginthreadex
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
terminate
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

isalpha
_strdup
_stricmp
wcsncpy_s
strspn
isdigit
strcspn
isalnum
islower
strncat
toupper
isspace
strncpy
strncmp
tolower

api-ms-win-crt-stdio-l1-1-0

ungetc
setvbuf
__stdio_common_vsprintf
__stdio_common_vsscanf
_pclose
fwrite
_fseeki64
fsetpos
fread
fputc
fgets
__stdio_common_vsnprintf_s
fgetpos
_get_stream_buffer_pointers
fclose
feof
fopen
fseek
ftell
rewind
__acrt_iob_func
__stdio_common_vfprintf
_popen
fflush
fgetc

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath
_mkdir
_lock_file
_unlock_file

api-ms-win-crt-math-l1-1-0

fmin
log
_finite
fmax
cosf
acosf
logf
modf
fminf
sin
ceil
pow
floor
cos
atan2
fmaxf
hypot
expf
sqrt
floorf
sqrtf
log10f
powf

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
_callnewh
calloc
free
malloc
_aligned_free

api-ms-win-crt-convert-l1-1-0

strtod
atoi
atof

api-ms-win-crt-environment-l1-1-0

getenv
_putenv

api-ms-win-crt-time-l1-1-0

_gmtime64
_mkgmtime64
_time64

api-ms-win-crt-locale-l1-1-0

localeconv

wtsapi32

WTSSendMessageW

Exports

Exports

EntryPointFunc
xGPUFilterEntry

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

552e12107cb04c9aabae089ad6e470a8

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

msvcp140

bcrypt

crypt32

rpcrt4

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 1.4MB

.data Size: - Virtual size: 17KB

.pdata Size: - Virtual size: 43KB

.idata Size: - Virtual size: 19KB

.didat Size: - Virtual size: 6KB

.tls Size: - Virtual size: 777B

.00cfg Size: - Virtual size: 337B

.vmp0 Size: - Virtual size: 3.5MB

.vmp1 Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 512B - Virtual size: 220B

.rsrc Size: 2KB - Virtual size: 4KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 1.4MB

.data
Size: - Virtual size: 17KB

.pdata
Size: - Virtual size: 43KB

.idata
Size: - Virtual size: 19KB

.didat
Size: - Virtual size: 6KB

.tls
Size: - Virtual size: 777B

.00cfg
Size: - Virtual size: 337B

.vmp0
Size: - Virtual size: 3.5MB

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 512B - Virtual size: 220B

.rsrc
Size: 2KB - Virtual size: 4KB