60d17a65b26a91b78f27d9709761fd9c9f1825f7b48c1e953a3c2ed7e5293715

Sharing

Copy URL Twitter E-mail

General

Target

60d17a65b26a91b78f27d9709761fd9c9f1825f7b48c1e953a3c2ed7e5293715
Size

12.5MB
MD5

02270f0ae5c5a5a5965dddddf0fefbcb
SHA1

7295653906e046b9cd2c1b481db3ac8b84b8d12e
SHA256

60d17a65b26a91b78f27d9709761fd9c9f1825f7b48c1e953a3c2ed7e5293715
SHA512

3f979080462cb6b127cb1d2d9d3481801f85cdba2f6f3c73318acf737b7ddfb95a20c20d7f75058314a26cd09960be0299774d0a61c7ea753edc2441b2a05665
SSDEEP

98304:RVRABxlVnlgvXREtv1Wg+wgMOZL7pl9Qfoa1Xx/:OvlfUhwoLwB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60d17a65b26a91b78f27d9709761fd9c9f1825f7b48c1e953a3c2ed7e5293715

Files

60d17a65b26a91b78f27d9709761fd9c9f1825f7b48c1e953a3c2ed7e5293715
.exe windows:6 windows x64

8105228cf4b4fce5f94b6a16368306ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
NtWriteFile
NtReadFile
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile

user32

GetAsyncKeyState
GetActiveWindow
MapVirtualKeyW
ToUnicodeEx
GetKeyState
SetCapture
CloseTouchInputHandle
GetRawInputData
SetPropW
GetMenu
MsgWaitForMultipleObjectsEx
SetWindowDisplayAffinity
RegisterWindowMessageA
SystemParametersInfoA
SetForegroundWindow
SetWindowPlacement
PostThreadMessageW
GetWindowPlacement
AdjustWindowRectEx
SetWindowLongPtrW
RegisterClassExW
CreateWindowExW
RegisterRawInputDevices
SetWindowLongW
RegisterTouchWindow
GetWindowLongW
EnableMenuItem
DefWindowProcW
GetWindowRect
GetSystemMenu
MapVirtualKeyExW
GetClientRect
SetWindowPos
SendMessageW
PostMessageW
PeekMessageW
GetMessageW
DestroyIcon
ShowCursor
CreateIcon
ClipCursor
GetWindowLongPtrW
GetKeyboardLayout
SendInput
DispatchMessageA
GetMessageA
GetTouchInputInfo
RedrawWindow
ValidateRect
SetCursor
IsProcessDPIAware
EnumChildWindows
DestroyWindow
LoadCursorW
ScreenToClient
ReleaseCapture
GetUpdateRect
GetWindowThreadProcessId
InvalidateRgn
IsWindowVisible
ClientToScreen
ShowWindow
GetMonitorInfoW
GetKeyboardState
EnumWindows
GetClipCursor
MonitorFromRect
GetCursorPos
DispatchMessageW
GetSystemMetrics
TranslateMessage
MonitorFromWindow
TrackMouseEvent
IsWindow
ChangeDisplaySettingsExW
GetDC

dwmapi

DwmEnableBlurBehindWindow

kernel32

TlsSetValue
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TlsFree
GetModuleHandleExW
GetCommandLineA
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
GetStringTypeW
FlsAlloc
FlsGetValue
CreateEventW
TlsAlloc
EncodePointer
SetHandleInformation
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
InitializeSListHead
ResetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForSingleObject
FlsSetValue
HeapAlloc
TlsGetValue
FlsFree
TzSpecificLocalTimeToSystemTime
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
Process32Next
GetLastError
GetCurrentProcess
OpenProcess
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
CloseHandle
SystemTimeToTzSpecificLocalTime
Process32First
CreateToolhelp32Snapshot
SleepConditionVariableSRW
GetSystemInfo
CompareStringW
GetSystemTimeAsFileTime
CreateThread
WideCharToMultiByte
WriteConsoleW
MultiByteToWideChar
LCIDToLocaleName
GetUserDefaultUILanguage
GetFullPathNameW
lstrlenW
GetFileAttributesW
CreateFileW
OutputDebugStringA
OutputDebugStringW
GetModuleFileNameW
GetProcAddress
LCMapStringW
HeapSize
GetConsoleOutputCP
FormatMessageW
LoadLibraryExW
GetProcessHeap
HeapFree
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
FreeLibrary
GetEnvironmentVariableW
ExitProcess
Sleep
GetCurrentThreadId
GetFileType
GetConsoleMode
GetFinalPathNameByHandleW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GetFileInformationByHandle
FindNextFileW
CreateMutexA
WaitForSingleObjectEx
HeapReAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
SystemTimeToFileTime
WakeConditionVariable
WakeAllConditionVariable
TerminateProcess
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
FlushFileBuffers
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
GetCurrentThread
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
FindClose
ReleaseMutex
CreateMutexW
FreeEnvironmentStringsW
LoadLibraryA

psapi

GetModuleFileNameExW

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

ole32

CoTaskMemAlloc
CoInitializeEx
RevokeDragDrop
CoUninitialize
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
RegisterDragDrop
OleInitialize

shell32

DragFinish
DragQueryFileW
SHAppBarMessage

advapi32

RegCloseKey
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

secur32

InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
DecryptMessage
EncryptMessage
ApplyControlToken
DeleteSecurityContext
AcquireCredentialsHandleA
QueryContextAttributesW
FreeCredentialsHandle

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertOpenStore
CertCloseStore
CertDuplicateStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore

ws2_32

connect
bind
WSASocketW
getsockname
getpeername
shutdown
recv
WSASend
WSAIoctl
getsockopt
setsockopt
WSAStartup
ioctlsocket
closesocket
WSAGetLastError
send
getaddrinfo
freeaddrinfo
WSACleanup

bcrypt

BCryptGenRandom

comctl32

SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass

oleaut32

SysStringLen
SetErrorInfo
GetErrorInfo
SysFreeString

Sections

.text
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 636KB - Virtual size: 635KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8105228cf4b4fce5f94b6a16368306ce

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

user32

dwmapi

kernel32

psapi

gdi32

ole32

shell32

advapi32

secur32

crypt32

ws2_32

bcrypt

comctl32

oleaut32

Sections

.text Size: 9.1MB - Virtual size: 9.1MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 15KB - Virtual size: 21KB

.pdata Size: 636KB - Virtual size: 635KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 50KB - Virtual size: 49KB

.text
Size: 9.1MB - Virtual size: 9.1MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 15KB - Virtual size: 21KB

.pdata
Size: 636KB - Virtual size: 635KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 50KB - Virtual size: 49KB