tvtools-alterid[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

tvtools-alterid.exe
Size

96KB
MD5

290d2267039a01322b590592cbf0c13c
SHA1

188996bfb808374f09a6f5a087d47f4fc450d668
SHA256

16fdf499c06543dedab6f17279fdf1fabb29779f54cb1f4cc2e61fdb6961ed33
SHA512

cc17869703a6c875b507bf6bb4d7a11d4ee1ebdff8a0c2e7aa0483a89f03252904c596d92be75ccacc40ac025d9d8917d3ec9a7d4546e54bfca3c3816a5fafd4
SSDEEP

1536:nV4MllIAZdhS+VEoJuLVBWra2kfHzR04c3TOT0792TOOYnMrOk:neClBlcCOtHl04cj207o6E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tvtools-alterid.exe

Files

tvtools-alterid.exe
.exe windows:4 windows x86

fef49af49f73d89a6ccab9a7aad6bf79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncpy
wcslen
wcscpy
wcscat
wcsncmp
wcscmp
fabs
malloc
free
ceil
floor
fseek
ftell
fread
memcpy
fclose
pow
??3@YAXPAX@Z
wcsstr
_wcsnicmp
memmove
_wcsdup
_wcsicmp
tolower
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
MultiByteToWideChar
GetCurrentProcess
CreateToolhelp32Snapshot
CloseHandle
GetLogicalDriveStringsW
QueryDosDeviceW
WritePrivateProfileStringW
OpenProcess
TerminateProcess
GetPrivateProfileStringW
Sleep
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
GetCommandLineW
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessW
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
HeapFree
SetUnhandledExceptionFilter
WideCharToMultiByte
GetVersionExW
SetLastError
CreateFileW
WriteFile
DeleteFileW
TlsAlloc
GetCurrentDirectoryW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
GetTempPathW
SetFileAttributesW
SetFilePointer
GetFileSize
SetEndOfFile
ReadFile
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

SendMessageW
PostMessageW
MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongW
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
DestroyWindow
ValidateRect
CallWindowProcW
GetWindowRect
GetParent
MapWindowPoints
InvalidateRect
CreateWindowExW
SetWindowLongW
GetDC
GetWindowTextLengthW
GetWindowTextW
ReleaseDC
GetWindow
GetSysColor
GetSysColorBrush
SetRect
DrawTextW
GetSystemMetrics
SetFocus
SetWindowTextW
MoveWindow
RedrawWindow
RemovePropW
DefWindowProcW
GetPropW
SetPropW
SetActiveWindow
UnregisterClassW
DestroyAcceleratorTable
DestroyIcon
LoadIconW
LoadCursorW
RegisterClassW
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DefFrameProcW
GetFocus
GetClientRect
FillRect
EnumChildWindows
GetKeyState
GetClassNameW
IsChild
CharLowerW
CharUpperW
RegisterWindowMessageW

gdi32

GetStockObject
SelectObject
GetTextExtentPoint32W
SetTextColor
SetBkColor
CreateSolidBrush
DeleteObject
GetDeviceCaps
GetObjectW
CreateBitmap
CreateCompatibleDC
SetPixel
DeleteDC
CreateDIBSection
GetDIBits
BitBlt
GetObjectType
CreateDCW

advapi32

OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegSetValueExW
RegCloseKey
StartServiceW
RegDeleteValueW
ControlService

comctl32

InitCommonControlsEx

oleaut32

SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
CoInitialize
CoTaskMemFree
RevokeDragDrop

shell32

ShellExecuteExW

winmm

timeBeginPeriod

Sections

.code
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fef49af49f73d89a6ccab9a7aad6bf79

Headers

File Characteristics

Imports

msvcrt

kernel32

gdiplus

user32

gdi32

advapi32

comctl32

oleaut32

ole32

shell32

winmm

Sections

.code Size: 15KB - Virtual size: 14KB

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 17KB - Virtual size: 16KB

.code
Size: 15KB - Virtual size: 14KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 17KB - Virtual size: 16KB