9e5ba68ff77b2fd89cea054c806c33fa049e255ba5b19ca6893fb30fda2c1707

Sharing

Copy URL Twitter E-mail

General

Target

9e5ba68ff77b2fd89cea054c806c33fa049e255ba5b19ca6893fb30fda2c1707
Size

4.9MB
MD5

f4cca2172439a050c7a52b77e36ee793
SHA1

b373ef234e760bb12547bc7a98b8cd9604dc5aa2
SHA256

9e5ba68ff77b2fd89cea054c806c33fa049e255ba5b19ca6893fb30fda2c1707
SHA512

16b3725089fa67e0f866f761f30a63b132ff8c85450b221d10cc31b3dfc849c2f61e2e090f404664a81448844e21515892908e6e4dfcc6069c8312b6fd76d33a
SSDEEP

49152:JNPuMeownTnP2gNpVNsfolYKUCRGbbBaGngVDGENwq3vkFWPfeoTRqA8ml80geyg:HwnuueoTYH0oy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e5ba68ff77b2fd89cea054c806c33fa049e255ba5b19ca6893fb30fda2c1707

Files

9e5ba68ff77b2fd89cea054c806c33fa049e255ba5b19ca6893fb30fda2c1707
.exe windows:6 windows x64

e0ddafe9650dbcef24548b7dcc7a381e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryFullProcessImageNameW
HeapDestroy
GetTickCount
OpenProcess
HeapAlloc
FindResourceW
LoadResource
DeleteCriticalSection
K32EnumProcessModulesEx
RtlUnwind
K32GetModuleFileNameExW
WideCharToMultiByte
SetEvent
MultiByteToWideChar
WaitForSingleObject
FindResourceExW
GetSystemPowerStatus
WaitForMultipleObjects
RaiseException
CloseHandle
CreateEventW
GetModuleFileNameW
DecodePointer
GetProcessHeap
ConnectNamedPipe
GetModuleHandleW
WaitNamedPipeW
CreateIoCompletionPort
GetSystemTime
VerifyVersionInfoW
SleepEx
VerSetConditionMask
GetOverlappedResult
QueryPerformanceFrequency
CreateThread
QueueUserAPC
QueryPerformanceCounter
TerminateThread
PostQueuedCompletionStatus
PeekNamedPipe
GetQueuedCompletionStatus
CreateNamedPipeW
CreateWaitableTimerW
SetWaitableTimer
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
LockResource
LoadLibraryW
GetProcAddress
FreeLibrary
OutputDebugStringW
WriteConsoleW
SetEndOfFile
InitOnceExecuteOnce
GetCurrentDirectoryW
EncodePointer
GetLastError
GetFileAttributesW
SetStdHandle
SetEnvironmentVariableW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteFileW
ReleaseSRWLockShared
FreeEnvironmentStringsW
AcquireSRWLockShared
GetTickCount64
GetEnvironmentStringsW
HeapSize
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetThreadUILanguage
GetThreadUILanguage
AllocConsole
CreateProcessW
InitializeCriticalSectionEx
GetTimeZoneInformation
FlushFileBuffers
GetFileSizeEx
GetConsoleOutputCP
HeapFree
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileAttributesExW
EnumSystemLocalesW
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
FindNextFileW
GetTempPathW
FindClose
CreateFileW
SetFileAttributesW
GetCurrentProcess
lstrlenW
LocalFree
CreateMutexW
LocalAlloc
ReadFile
GetModuleHandleExW
TerminateProcess
K32GetProcessImageFileNameW
CreateToolhelp32Snapshot
ProcessIdToSessionId
FormatMessageW
Process32NextW
Process32FirstW
WTSGetActiveConsoleSessionId
GetCurrentProcessId
GetExitCodeProcess
OpenEventW
ResetEvent
K32EnumProcesses
Sleep
GetCurrentThread
GetThreadPriority
FormatMessageA
CreateEventExW
DeviceIoControl
WaitForSingleObjectEx
GetFirmwareEnvironmentVariableExW
ReleaseMutex
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
LoadLibraryA
OutputDebugStringA
InitializeCriticalSection
SetDllDirectoryW
GetTempFileNameW
GetCurrentThreadId
WriteFile
SetupComm
BuildCommDCBW
SetCommTimeouts
SetCommState
IsDebuggerPresent
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SizeofResource
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetDriveTypeW
GetFileType
GetStdHandle
ExitThread
ExitProcess
GetCommandLineW
GetCommandLineA
GetFullPathNameW
RtlUnwindEx
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateDirectoryW

user32

LoadIconW
LoadMenuW
DefWindowProcW
PostQuitMessage
LoadStringW
SetWindowsHookExW
UnhookWindowsHookEx
TranslateMessage
wsprintfW
SetTimer
IsWindow
DispatchMessageW
ChangeWindowMessageFilterEx
GetClientRect
DestroyWindow
GetWindowThreadProcessId
EnumWindows
GetMessageW
GetSubMenu
GetCursorPos
GetDesktopWindow
GetWindowTextW
PostThreadMessageW
CallNextHookEx
SendMessageW
GetForegroundWindow
SetForegroundWindow
EndDialog
TrackPopupMenu
KillTimer
GetMonitorInfoW
GetShellWindow
MonitorFromWindow
PostMessageW
RegisterPowerSettingNotification
PeekMessageW
DestroyMenu
UnregisterClassW
CreateWindowExW
RegisterWindowMessageW
ShowWindow
FindWindowExW
GetWindow
UnregisterPowerSettingNotification
RegisterClassW
MsgWaitForMultipleObjectsEx
GetClassInfoW

wtsapi32

WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSFreeMemory
WTSRegisterSessionNotification
WTSQuerySessionInformationW

ole32

CoUninitialize
CoInitialize
OleRun
CreateBindCtx
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance
CoRevokeClassObject
CoResumeClassObjects
CoRegisterClassObject
CoReleaseServerProcess
CoAddRefServerProcess

oleaut32

SetErrorInfo
VariantChangeType
VariantClear
SysAllocString
SysFreeString
GetErrorInfo
VariantInit
SysStringLen

advapi32

RegSetValueExW
RegSetKeyValueW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
RegNotifyChangeKeyValue
RegCloseKey

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetKnownFolderPath
ShellExecuteW
ShellExecuteExW

shlwapi

PathRemoveFileSpecW
UrlCreateFromPathW
PathFileExistsW
SHDeleteKeyW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme
PowerReadDCValue

api-ms-win-core-registry-l1-1-0

RegGetKeySecurity
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetKeySecurity

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
GetTokenInformation
AllocateAndInitializeSid
FreeSid
IsValidSid
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetSecurityDescriptorDacl
AddAccessAllowedAceEx
GetAclInformation
SetSecurityDescriptorOwner
GetAce
GetLengthSid
RevertToSelf
CreateWellKnownSid
InitializeAcl
InitializeSecurityDescriptor
AddAce

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetExitCodeThread
SwitchToThread
GetStartupInfoW
SetThreadToken
CreateProcessAsUserW
OpenThreadToken
OpenProcessToken

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW

api-ms-win-security-cryptoapi-l1-1-0

CryptDecrypt
CryptDeriveKey
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoInitializeEx
CoTaskMemAlloc
PropVariantClear
CLSIDFromString
CoCreateGuid
CLSIDFromProgID

propsys

InitPropVariantFromStringVector
InitPropVariantFromCLSID

api-ms-win-devices-config-l1-1-1

CM_Get_Parent
CM_Get_Device_IDW

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetCPInfo
LCMapStringW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

cfgmgr32

CM_Get_DevNode_Status_Ex

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDevicePropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo

rtworkq

RtwqPutWorkItem
RtwqCreateAsyncResult

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

ws2_32

WSAGetLastError
WSAStartup
WSASetLastError
shutdown
WSASend
WSARecv
WSACleanup

crypt32

CertFreeCertificateContext

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

api-ms-win-core-namedpipe-l1-1-0

ImpersonateNamedPipeClient

api-ms-win-mm-misc-l1-1-0

mmioWrite
mmioOpenW
mmioAdvance
mmioAscend
mmioSetInfo
mmioCreateChunk
mmioClose
mmioSeek
mmioGetInfo
mmioDescend

version

GetFileVersionInfoSizeW

Exports

Exports

??0?$WCPoint@M@@QEAA@MM@Z
??0?$WCPoint@M@@QEAA@XZ
??4?$WCPoint@M@@QEAAAEAV0@$$QEAV0@@Z
??4?$WCPoint@M@@QEAAAEAV0@AEBV0@@Z
??H?$WCPoint@M@@QEBA?AV0@AEBV0@@Z
?Set@?$WCPoint@M@@QEAAXAEBV1@@Z
?Set@?$WCPoint@M@@QEAAXMM@Z

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gxfg
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0ddafe9650dbcef24548b7dcc7a381e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wtsapi32

ole32

oleaut32

advapi32

shell32

shlwapi

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-core-com-l1-1-0

propsys

api-ms-win-devices-config-l1-1-1

api-ms-win-core-string-l2-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-interlocked-l1-1-0

userenv

cfgmgr32

setupapi

rtworkq

avrt

api-ms-win-core-version-l1-1-0

api-ms-win-core-version-l1-1-1

ws2_32

crypt32

rpcrt4

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-mm-misc-l1-1-0

version

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

RT_CODE Size: 380KB - Virtual size: 380KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 87KB - Virtual size: 157KB

.pdata Size: 104KB - Virtual size: 103KB

.didat Size: 512B - Virtual size: 112B

.gxfg Size: 14KB - Virtual size: 14KB

.gehcont Size: 512B - Virtual size: 36B

.rsrc Size: 520KB - Virtual size: 519KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 2.5MB - Virtual size: 2.5MB

RT_CODE
Size: 380KB - Virtual size: 380KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 87KB - Virtual size: 157KB

.pdata
Size: 104KB - Virtual size: 103KB

.didat
Size: 512B - Virtual size: 112B

.gxfg
Size: 14KB - Virtual size: 14KB

.gehcont
Size: 512B - Virtual size: 36B

.rsrc
Size: 520KB - Virtual size: 519KB

.reloc
Size: 18KB - Virtual size: 18KB