d3768675999db0c3660e08ed810b66e6166bc4804ac605d5d15e1e9d93e118b9

Sharing

Copy URL Twitter E-mail

General

Target

d3768675999db0c3660e08ed810b66e6166bc4804ac605d5d15e1e9d93e118b9
Size

3.2MB
MD5

fad0681146fdcdb786b4943326e8bdf9
SHA1

5d6e483ea966f50f6e7f4c0c22344bd6c33671f0
SHA256

d3768675999db0c3660e08ed810b66e6166bc4804ac605d5d15e1e9d93e118b9
SHA512

f8606d1da2f904794ed9fa2cdf67756cf38357e025b84a16dfea2f3ae29da2ed5b379145b1864be0335e519c8014075a85cf61bd9a03f079f1dbeb34f1a98975
SSDEEP

49152:mTM8vFMi1mOcuU5x1Huovzt71OBDxOnWsKzd+gnp3e3MiAaT5dBKL8ykId4mh:M6aJhpeK6dDd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3768675999db0c3660e08ed810b66e6166bc4804ac605d5d15e1e9d93e118b9

Files

d3768675999db0c3660e08ed810b66e6166bc4804ac605d5d15e1e9d93e118b9
.exe windows:6 windows x64

7279b15c89355c1b19fa7e15a2f511c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

dwmapi

DwmExtendFrameIntoClientArea

kernel32

GetProcAddress
MulDiv
GetTickCount
GlobalUnlock
GlobalFree
GlobalLock
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
GlobalAlloc
GetModuleFileNameW
GetCurrentDirectoryW
LocalFree
GetModuleHandleW
FormatMessageW
GetCurrentProcess
SetEnvironmentVariableW
CloseHandle
CreateMutexW
ReadFile
CreateFileW
OpenProcess
QueryFullProcessImageNameW
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
IsWow64Process
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetTimeZoneInformation
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
DecodePointer
RtlUnwindEx
RaiseException
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSectionEx
FindResourceW
LoadLibraryW
LockResource
SizeofResource
LoadResource
FreeLibrary
SetLastError
GetLastError
GetProcessHeap
HeapSize
SetStdHandle
WriteConsoleW
GetFileInformationByHandleEx
MoveFileExW
CopyFileW
AreFileApisANSI
WaitForSingleObjectEx
GetCurrentThreadId
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
SetEndOfFile
InterlockedPushEntrySList
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
FormatMessageA
GetLocaleInfoEx
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetExitCodeThread

user32

SetWindowLongPtrW
DestroyWindow
RegisterClassExW
GetClientRect
CallWindowProcW
DefWindowProcW
CreateWindowExW
SetCapture
GetCapture
ReleaseCapture
ClientToScreen
GetWindowRect
PtInRect
GetDpiForWindow
UnregisterClassW
ScreenToClient
GetSystemMetrics
SetForegroundWindow
SetWindowPos
LoadCursorW
GetWindowLongPtrW
GetCaretBlinkTime
GetKeyState
LoadMenuW
TrackPopupMenu
GetSubMenu
RegisterWindowMessageW
GetForegroundWindow
GetClassNameW
GetShellWindow
GetWindowThreadProcessId
FindWindowExW
SendMessageTimeoutW
FindWindowW
UnregisterHotKey
RegisterHotKey
MapVirtualKeyW
SetFocus
GetWindow
MessageBoxW
BringWindowToTop
LoadIconW
FillRect
GetDpiForSystem
KillTimer
SetTimer
SetClipboardData
EmptyClipboard
DestroyCaret
SetCaretPos
CreateCaret
GetUpdateRect
GetDoubleClickTime
GetCursorInfo
CloseClipboard
GetClipboardData
OpenClipboard
GetSysColor
SetCursor
DispatchMessageW
TranslateMessage
GetMessageW
SystemParametersInfoW
PostQuitMessage
SetLayeredWindowAttributes
GetIconInfo
GetCursor
ReleaseDC
GetDC
GetFocus
IsWindowVisible
ShowWindow
GetCursorPos
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetWindowLongW
GetWindowLongW
AdjustWindowRectExForDpi
TrackMouseEvent
PostMessageW
InvalidateRect
ValidateRect
SendMessageW

gdi32

GetDIBits
GetObjectW
DeleteObject
GetStockObject
GetDeviceCaps

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegGetValueW
OpenProcessToken
RegSetKeyValueW
RegCloseKey

shell32

ShellExecuteExW
SHChangeNotify
SHGetPathFromIDListW
Shell_NotifyIconW
CommandLineToArgvW
DragQueryFileW
ShellExecuteW
SHGetKnownFolderPath

ole32

PropVariantClear
CoInitialize
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
OleDuplicateData
ReleaseStgMedium

oleaut32

SysFreeString
VariantClear

bcrypt

BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGetProperty
BCryptHashData
BCryptDestroyHash
BCryptCreateHash
BCryptOpenAlgorithmProvider

d2d1

ord2
ord1

dwrite

DWriteCreateFactory

imm32

ImmReleaseContext
ImmGetContext

propsys

PropVariantToUInt16

shlwapi

SHCreateStreamOnFileEx
StrRetToBufW

xmllite

CreateXmlReader

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7279b15c89355c1b19fa7e15a2f511c7

Headers

DLL Characteristics

File Characteristics

Imports

version

userenv

dwmapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

bcrypt

d2d1

dwrite

imm32

propsys

shlwapi

xmllite

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 736KB - Virtual size: 735KB

.data Size: 200KB - Virtual size: 248KB

.pdata Size: 104KB - Virtual size: 104KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 140KB - Virtual size: 140KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 736KB - Virtual size: 735KB

.data
Size: 200KB - Virtual size: 248KB

.pdata
Size: 104KB - Virtual size: 104KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 140KB - Virtual size: 140KB

.reloc
Size: 33KB - Virtual size: 33KB