e064ce69d2a53f3527f3182bc2964a21460d60db6c26b71825d1359dce9354b7

Sharing

Copy URL Twitter E-mail

General

Target

e064ce69d2a53f3527f3182bc2964a21460d60db6c26b71825d1359dce9354b7
Size

159KB
MD5

ed23399a7e611d9a89debf98350bb47c
SHA1

499df590eaddf88b870b38b6b32a0a758b10fdf2
SHA256

e064ce69d2a53f3527f3182bc2964a21460d60db6c26b71825d1359dce9354b7
SHA512

a13f4335b7537220d0c5c5b3798193681f24f3c5634f25627e6a38f4786798deff5b6b492f8693c31f0822b93c3ff79112324710e1805520b759a11fcc70ee1b
SSDEEP

3072:OwXVY0yyPdkY6JK3kkKF/pstBaDqwONnct437Bl3N2UmOm:PXOKlkY6JK3dKF/p/uwONct43j92Um9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e064ce69d2a53f3527f3182bc2964a21460d60db6c26b71825d1359dce9354b7

Files

e064ce69d2a53f3527f3182bc2964a21460d60db6c26b71825d1359dce9354b7
.exe windows:5 windows x64

970a1b6fa4f52d56e993dbe67ba4a4ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegOpenKeyW

shlwapi

PathFindFileNameW
PathFindExtensionW

gdi32

DeleteObject
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteDC
SelectObject
BitBlt
GetDeviceCaps

user32

GetActiveWindow
MessageBoxA
EnumWindows
GetClassNameW
GetUserObjectInformationW
GetProcessWindowStation
GetWindowRect
ShowWindowAsync
GetDesktopWindow
DrawIcon
GetClientRect
IsIconic
AppendMenuW
GetSystemMenu
MessageBoxW
SetWindowPos
SetDlgItemTextW
EndDialog
LoadIconW
EnableWindow
GetMonitorInfoW
PostMessageW
GetDC
MonitorFromWindow
SendMessageW
GetSystemMetrics
SetTimer
ReleaseDC
GetLastActivePopup
GetWindowThreadProcessId

mfc14xu

ord14088
ord7668
ord12625
ord4011
ord14216
ord7650
ord14210
ord2439
ord5183
ord8023
ord12544
ord8084
ord8167
ord2350
ord2346
ord446
ord7233
ord2689
ord14194
ord3748
ord2907
ord8440
ord4083
ord3096
ord6002
ord13401
ord3212
ord3209
ord7913
ord2698
ord14360
ord9976
ord9978
ord9977
ord9975
ord9979
ord5451
ord11414
ord11415
ord8822
ord11771
ord3718
ord11625
ord14209
ord8656
ord11902
ord6729
ord10691
ord8947
ord3173
ord13513
ord1700
ord1722
ord1748
ord1734
ord1755
ord4843
ord4788
ord4853
ord4837
ord4752
ord4767
ord4828
ord4360
ord9384
ord4352
ord2967
ord14211
ord7651
ord14217
ord6631
ord11406
ord13354
ord5723
ord2629
ord11806
ord3812
ord11850
ord5582
ord5916
ord9946
ord6342
ord990
ord2212
ord3599
ord2344
ord10163
ord4725
ord2301
ord3713
ord878
ord1369
ord10727
ord4726
ord4721
ord8507
ord2686
ord6285
ord8901
ord11854
ord8830
ord2697
ord13397
ord6000
ord3307
ord3308
ord11085
ord10704
ord8731
ord11813
ord4949
ord4955
ord12241
ord316
ord310
ord1034
ord983
ord13545
ord6122
ord14289
ord6123
ord14290
ord6121
ord14288
ord11665
ord11664
ord2011
ord3949
ord9089
ord12223
ord12222
ord296
ord1033
ord4656
ord11944
ord11940
ord4776
ord4806
ord4800
ord4794
ord4782
ord4859
ord4814
ord3279
ord3278
ord3172
ord2187
ord1501
ord2431
ord8161
ord1503
ord280
ord2415
ord12240
ord286
ord2909
ord13986
ord5709
ord285
ord3071
ord2921
ord4947
ord4675
ord278
ord12442
ord12563
ord8058
ord2370
ord7719
ord3731
ord5706
ord11921
ord11929
ord7920
ord10124
ord11933
ord11901
ord12606
ord5080
ord5363
ord5552
ord9041
ord5339
ord5555
ord5083
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord9941
ord8900
ord6614
ord4445
ord2288
ord1157
ord1089
ord3951
ord2178
ord2269
ord2273
ord7716
ord1450
ord7393
ord10070
ord12212

kernel32

TlsGetValue
GetModuleHandleW
DeleteCriticalSection
Process32FirstW
DeleteFileW
TlsAlloc
OutputDebugStringW
Process32NextW
GetFileAttributesExW
FormatMessageW
CreateToolhelp32Snapshot
OpenThread
IsProcessorFeaturePresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
TlsSetValue
CreateDirectoryW
UnregisterWaitEx
GetLocalTime
SetEnvironmentVariableW
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
OpenProcess
GetFileSizeEx
GetExitCodeProcess
CreateProcessW
GetCommandLineW
GetProcessTimes
DeleteTimerQueueTimer
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
GetCurrentProcessId
LocalFree
GetProcAddress
HeapAlloc
ResetEvent
LoadLibraryW
RaiseException
CloseHandle
WaitForSingleObjectEx
SetEvent
GetLastError
Sleep
GetExitCodeThread
MultiByteToWideChar
CreateEventW
GetSystemDirectoryW
ReleaseMutex
GetVersionExW
GetFileAttributesW
CreateFileW
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessId
GetModuleFileNameW
TerminateProcess
RegisterWaitForSingleObject
ReleaseSemaphore
GetCurrentProcess
EnterCriticalSection
SetLastError
HeapFree
CreateTimerQueueTimer

comctl32

InitCommonControlsEx

oleaut32

SystemTimeToVariantTime
VariantClear
VariantChangeType
GetErrorInfo
SysFreeString
VariantTimeToSystemTime

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdiplusStartup
GdiplusShutdown

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

winsta

WinStationQueryInformationW

ntdll

RtlGetVersion
RtlSetHeapInformation
RtlCreateHeap
NtCreateKeyedEvent
NtQuerySystemInformationEx
NtQueryObject
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlRaiseStatus
RtlInitializeSListHead
RtlInterlockedPushEntrySList
NtDuplicateObject
NtClose
NtResumeProcess
NtSuspendProcess
NtQueryInformationJobObject
NtOpenProcess
NtQuerySystemInformation

msvcr14x

_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
__current_exception_context
__current_exception
terminate
_callnewh
_crt_atexit
_register_onexit_function
_initialize_onexit_table
__p__commode
_set_new_mode
_configthreadlocale
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_fmode
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
__setusermatherr
_set_app_type
_seh_filter_exe
wcsncmp
wcsncpy
exit
_resetstkoflw
malloc
_beginthreadex
getenv
__stdio_common_vswprintf
_recalloc
free
calloc
_wcsnicmp
fclose
fwrite
_wfopen
_errno
_invalid_parameter_noinfo
_localtime64_s
_time64
_wcsicmp
__C_specific_handler
__std_terminate
__CxxFrameHandler4
fread
memcpy

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

970a1b6fa4f52d56e993dbe67ba4a4ea

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

gdi32

user32

mfc14xu

kernel32

comctl32

oleaut32

gdiplus

wtsapi32

winsta

ntdll

msvcr14x

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 2KB - Virtual size: 1KB