9e4a8a785c3afc50fb8d254cd8a14c2b97b0b4cb245caba01b3924be3961d9ff

Sharing

Copy URL Twitter E-mail

General

Target

9e4a8a785c3afc50fb8d254cd8a14c2b97b0b4cb245caba01b3924be3961d9ff
Size

1.3MB
MD5

e6cf62f0cd8566f023d3e9ac3e82f256
SHA1

acda18b136799992db7bb22133f26150aaa81fd4
SHA256

9e4a8a785c3afc50fb8d254cd8a14c2b97b0b4cb245caba01b3924be3961d9ff
SHA512

9aac4d86cc9ba0406c52af264fb76a86285664d8d8e8e43260629fbb209f4d6527577e354666c92f7aa05f5b5da5d7aba3f4e1464e36b0ffb351b4d12aa94d9a
SSDEEP

24576:aZ8YUExEgSAYznXTIDN3taqRLJoJCjkliTwQ9Ctw7cmVr+EucFc:adUE6gSAoXcjaqxvwYTV9CtsFTFc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e4a8a785c3afc50fb8d254cd8a14c2b97b0b4cb245caba01b3924be3961d9ff

Files

9e4a8a785c3afc50fb8d254cd8a14c2b97b0b4cb245caba01b3924be3961d9ff
.exe windows:6 windows x64

dfd6e8b2dd4e635fa157c3c7b95dfa82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx

shell32

SHAppBarMessage
SHGetKnownFolderPath

oleaut32

GetErrorInfo
SysAllocString
SetErrorInfo
SafeArrayGetElement
SysFreeString
VariantClear
SysStringLen

dbghelp

SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
SymGetSymFromAddr64
StackWalk64
SymSetOptions
SymInitialize

dwmapi

DwmGetWindowAttribute
DwmUnregisterThumbnail
DwmRegisterThumbnail
DwmUpdateThumbnailProperties

dcomp

DCompositionCreateDevice

shlwapi

PathRemoveFileSpecW
SHCreateStreamOnFileEx

kernel32

SetEndOfFile
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
ReadFile
FlushFileBuffers
GetTimeZoneInformation
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
RtlCaptureContext
GetCurrentProcess
GetModuleFileNameW
WaitForMultipleObjects
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
OpenProcess
CreateEventW
GetLastError
SetEvent
GetCurrentThread
CloseHandle
SetUnhandledExceptionFilter
K32GetProcessImageFileNameW
GetModuleHandleW
QueryFullProcessImageNameW
CompareStringW
GetTimeFormatW
GetDateFormatW
FormatMessageW
HeapAlloc
ExitProcess
DeleteFileW
GetFileType
SetStdHandle
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedPushEntrySList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
FlsFree
WriteConsoleW
GetDynamicTimeZoneInformation
GetFileAttributesW
MultiByteToWideChar
Sleep
GetCurrentProcessId
WideCharToMultiByte
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
GetConsoleMode
OutputDebugStringA
SetEnvironmentVariableW
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
LocalFree
FormatMessageA
GetLocaleInfoEx
SetCurrentDirectoryW
LoadLibraryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetProcAddress
GetFileInformationByHandleEx
GetStringTypeW
WaitForSingleObjectEx
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
FlsAlloc
FlsGetValue
FlsSetValue

user32

EnumDisplayMonitors
GetSysColor
MessageBoxW
GetForegroundWindow
FindWindowExA
FindWindowA
GetWindowLongW
GetWindowThreadProcessId
IsWindowVisible
EnumChildWindows
CallNextHookEx
GetClassNameA
GetShellWindow
GetAsyncKeyState
MapVirtualKeyExW
GetKeyboardLayout
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookExW
CharUpperBuffW
GetKeyNameTextW
GetDesktopWindow
GetAncestor
SendInput
MonitorFromWindow
GetWindowPlacement
LoadStringW
GetMonitorInfoW
SetLayeredWindowAttributes
GetClientRect
IsIconic
GetMessageW
DispatchMessageW
SetTimer
SetForegroundWindow
TranslateMessage
PostThreadMessageW
DefWindowProcW
DestroyWindow
SetWindowPos
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
ShowWindow
RegisterClassW
LoadCursorW
UpdateWindow

dwrite

DWriteCreateFactory

dxgi

CreateDXGIFactory2

d2d1

ord1

d3d11

D3D11CreateDevice

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

Sections

.text
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dfd6e8b2dd4e635fa157c3c7b95dfa82

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shell32

oleaut32

dbghelp

dwmapi

dcomp

shlwapi

kernel32

user32

dwrite

dxgi

d2d1

d3d11

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

Sections

.text Size: 543KB - Virtual size: 543KB

.rdata Size: 161KB - Virtual size: 160KB

.data Size: 20KB - Virtual size: 33KB

.pdata Size: 28KB - Virtual size: 28KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 543KB - Virtual size: 543KB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 20KB - Virtual size: 33KB

.pdata
Size: 28KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 572KB - Virtual size: 576KB