9cb817dd76509328b4635adfc793dcfcc852ba3eb80bd96452483b76062dbcd5

Sharing

Copy URL Twitter E-mail

General

Target

9cb817dd76509328b4635adfc793dcfcc852ba3eb80bd96452483b76062dbcd5
Size

1.5MB
MD5

1a38ae9467a3589b56424506439d4a5c
SHA1

d54554e2ca84d51a9a014fd91e3a3115897d13a9
SHA256

9cb817dd76509328b4635adfc793dcfcc852ba3eb80bd96452483b76062dbcd5
SHA512

4d18b93ff482a0f47e6c25d47f43050499023e357e45f3c1d274a888a2090b7e42b25b6551c95f8102eb91e6ced1542393a5af31af9d494b4c684edf4650fde7
SSDEEP

24576:+OW5B4B796H5vc461YINkF/wOUmlbBW8sRPEbyJlTaN8D1o:+ODB796Zv59FIO9FBURPcyJpaNIK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9cb817dd76509328b4635adfc793dcfcc852ba3eb80bd96452483b76062dbcd5

Files

9cb817dd76509328b4635adfc793dcfcc852ba3eb80bd96452483b76062dbcd5
.exe windows:6 windows x64

a31242f061e2486c86639adaf44fdb15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdiplus

GdiplusStartup

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
CopySid
EqualSid
GetTokenInformation
MakeAbsoluteSD
GetLengthSid

api-ms-win-core-file-l1-1-0

GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
GetFileSizeEx
SetFilePointerEx
FindNextFileW
DeleteFileW
GetFileType
FindFirstFileExW
GetFileAttributesW
FindClose
CreateDirectoryW
FlushFileBuffers
CreateFileW
WriteFile
ReadFile

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo

api-ms-win-core-namedpipe-l1-1-0

ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
FreeLibrary
LoadLibraryExW
LoadStringW

oleaut32

SysStringLen
VariantInit
SetErrorInfo
SysFreeString
SysAllocString
VariantClear
GetErrorInfo

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoGetApartmentType

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle
SetStdHandle
SetCurrentDirectoryW
GetCommandLineA
GetEnvironmentStringsW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-processthreads-l1-1-0

GetExitCodeThread
CreateThread
GetProcessId
SwitchToThread
OpenProcessToken
ExitThread
UpdateProcThreadAttribute
GetCurrentProcess
GetStartupInfoW
TlsFree
TlsSetValue
CreateProcessW
GetCurrentProcessId
ExitProcess
TlsAlloc
InitializeProcThreadAttributeList
TerminateProcess
GetCurrentThreadId
TlsGetValue

api-ms-win-core-localization-l1-2-0

IsValidLocale
GetCPInfo
FormatMessageW
LCMapStringW
GetLocaleInfoW
LCMapStringEx
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
FormatMessageA
GetOEMCP

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
CreateMutexExW
ResetEvent
CreateEventW
WaitForSingleObject
ReleaseSemaphore
WaitForSingleObjectEx
EnterCriticalSection
CreateSemaphoreExW
CreateMutexW
DeleteCriticalSection
LeaveCriticalSection
ReleaseMutex
SetEvent
InitializeCriticalSectionEx
TryEnterCriticalSection

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
Sleep

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
ord219

kernel32

K32GetProcessImageFileNameW
LocalSize

user32

FindWindowW
UnregisterHotKey
MapVirtualKeyExW
SetProcessDpiAwarenessContext
PostThreadMessageW
GetKeyboardLayout
KillTimer
TranslateMessage
GetMenuItemInfoW
DefWindowProcW
LoadMenuW
DestroyWindow
CreateWindowExW
SendMessageW
RegisterHotKey
GetSubMenu
SetMenuItemInfoW
RegisterClassW
DestroyMenu
LoadIconW
ChangeWindowMessageFilterEx
LoadCursorW
RegisterWindowMessageW
GetCursorPos
GetWindowLongW
ShowWindow
EnumWindows
PostQuitMessage
SetForegroundWindow
GetWindowTextW
CallNextHookEx
GetAsyncKeyState
UnhookWindowsHookEx
SetWindowsHookExW
SendInput
GetWindowThreadProcessId
ToUnicodeEx
GetShellWindow
GetKeyNameTextW
GetMessageW
PostMessageW
TrackPopupMenu
MessageBoxW
DispatchMessageW
SetTimer

shell32

Shell_NotifyIconW
SHGetKnownFolderPath
ShellExecuteExW

ole32

CoInitialize

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleA
ReadConsoleW
WriteConsoleW
GetConsoleMode

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
GetDynamicTimeZoneInformation

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-file-l1-2-2

AreFileApisANSI

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RtlUnwind
RtlVirtualUnwind
RtlPcToFileHeader

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

Sections

.text
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a31242f061e2486c86639adaf44fdb15

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

api-ms-win-security-base-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-libraryloader-l1-2-0

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-synch-l1-2-0

rpcrt4

api-ms-win-core-psapi-l1-1-0

api-ms-win-eventing-provider-l1-1-0

shlwapi

kernel32

user32

shell32

ole32

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-file-l1-2-2

api-ms-win-core-file-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-datetime-l1-1-0

Sections

.text Size: 660KB - Virtual size: 659KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 30KB - Virtual size: 39KB

.pdata Size: 31KB - Virtual size: 31KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 84KB - Virtual size: 83KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 660KB - Virtual size: 659KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 30KB - Virtual size: 39KB

.pdata
Size: 31KB - Virtual size: 31KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 84KB - Virtual size: 83KB

.reloc
Size: 572KB - Virtual size: 576KB