colorpicker[.]f9[.]update4[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

colorpicker.f9.update4.exe
Size

68.5MB
MD5

a87a84050ba71582dfcd7a9b9a14e36b
SHA1

69c629f348bfade970b67e930478682c3731946b
SHA256

d24cffd5992b3fb1e2b16b1a01b45d7de61a1a22c0541bb659f16cff980f5ebe
SHA512

c276a397d583afbc1e39bc137236bb2cad10c5b18938def7a1b0dcf4b89a5707b5a90b2eab22f55775716e1a6829ad44c201fd7ad9f4922853247c2cb943e543
SSDEEP

1572864:SHNScmR7i6Bh3b1X5zGjKzl2H46hPCEYRrp3FZPOMWMjoOEz7:SHXqWUV59xNVdrp1ZegC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
colorpicker.f9.update4.exe

Files

colorpicker.f9.update4.exe
.exe windows:6 windows x64

7a3dc296321ae333549ee61672f1f2d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LockResource
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA

comdlg32

GetOpenFileNameA

advapi32

CryptDestroyHash

shell32

ShellExecuteA

msvcp140

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

crypt32

CertGetCertificateChain

ws2_32

htons

rpcrt4

UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

fseek

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-string-l1-1-0

strpbrk

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

__p___argc

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

Sections

.text
Size: - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xaX
Size: - Virtual size: 71.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.-QB
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.<C~
Size: 68.0MB - Virtual size: 68.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a3dc296321ae333549ee61672f1f2d3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

msvcp140

crypt32

ws2_32

rpcrt4

psapi

userenv

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Sections

.text Size: - Virtual size: 611KB

.rdata Size: - Virtual size: 352KB

.data Size: - Virtual size: 8KB

.pdata Size: - Virtual size: 26KB

.xaX Size: - Virtual size: 71.2MB

.-QB Size: 5KB - Virtual size: 5KB

.<C~ Size: 68.0MB - Virtual size: 68.0MB

.rsrc Size: 453KB - Virtual size: 452KB

.text
Size: - Virtual size: 611KB

.rdata
Size: - Virtual size: 352KB

.data
Size: - Virtual size: 8KB

.pdata
Size: - Virtual size: 26KB

.xaX
Size: - Virtual size: 71.2MB

.-QB
Size: 5KB - Virtual size: 5KB

.<C~
Size: 68.0MB - Virtual size: 68.0MB

.rsrc
Size: 453KB - Virtual size: 452KB