b1aa87b15c09ad50d9692c1da70b1593285023c84d5627b204c0cf84799a9660

Sharing

Copy URL Twitter E-mail

General

Target

b1aa87b15c09ad50d9692c1da70b1593285023c84d5627b204c0cf84799a9660
Size

2.6MB
MD5

7d0526fe8e205773cb7464401caedf03
SHA1

f59d7c03537502907a8503a6f8fb70c1abb94cb5
SHA256

b1aa87b15c09ad50d9692c1da70b1593285023c84d5627b204c0cf84799a9660
SHA512

8ec3d34b93eb73cd22d5c6f6038b8df4c863d8c2d7af8db6f834ea3248ceba4433f23aea992a496cb642261fcbb5a5480043e6c0dd54b80aa7a14fdf6f0d66c7
SSDEEP

49152:X4XwwLwGruBtgNrJtXcVApWGgwhKprdJl6Hg9hGmXOwLnr:8rBWGol6HEew

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1aa87b15c09ad50d9692c1da70b1593285023c84d5627b204c0cf84799a9660

Files

b1aa87b15c09ad50d9692c1da70b1593285023c84d5627b204c0cf84799a9660
.exe windows:6 windows x64

a938b798462a78ab4e46202bd491e45c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
FreeLibrary
MultiByteToWideChar
GetVolumeInformationW
DeviceIoControl
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLogicalDriveStringsW
CreateIoCompletionPort
GetQueuedCompletionStatus
ReadDirectoryChangesW
GetCurrentThreadId
GetModuleHandleW
OpenEventW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
MulDiv
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceW
ExitProcess
CreateDirectoryW
SetLastError
GetCurrentProcess
GetFileAttributesW
GetLastError
GlobalFlags
GetSystemInfo
GetCurrentDirectoryW
SetCurrentDirectoryW
VirtualQuery
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
ResetEvent
GetLocalTime
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
GetTempPathW
SetEndOfFile
WriteConsoleW
HeapSize
FlushFileBuffers
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetSystemDirectoryW
LCMapStringW
WideCharToMultiByte
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetFileType
GetStdHandle
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
DeleteFileW
Module32FirstW
CreateToolhelp32Snapshot
GetCommandLineW
OpenProcess
TerminateProcess
IsDebuggerPresent
CreateEventW
CreateThread
WaitForSingleObject
SetEvent
SetFilePointerEx
WriteFile
SetFilePointer
ReadFile
CreateFileW
CloseHandle
FindNextFileW
FindClose
FindFirstFileW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetTickCount
GetTimeZoneInformation
Sleep
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalSize
GlobalUnlock
InitializeCriticalSectionEx
SwitchToThread
WaitForSingleObjectEx
GetNumaNodeProcessorMask
GetNumaProcessorNode
GetNumaHighestNodeNumber
LoadLibraryA
VirtualUnlock
GetLargePageMinimum
GetCurrentProcessorNumber
K32GetProcessMemoryInfo
GetProcessTimes
QueryPerformanceFrequency
QueryPerformanceCounter
FlsFree
FlsSetValue
FlsAlloc
GetEnvironmentVariableA
LoadLibraryW
CompareStringW
GetModuleFileNameW
GlobalAlloc
GlobalLock
GlobalFree
FindFirstFileExW

user32

MonitorFromWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
EnumWindows
DefWindowProcW
DestroyWindow
GetPropW
CreateWindowExW
RemovePropW
LoadStringW
GetClassInfoW
SetPropW
LoadIconW
LoadCursorW
GetParent
LoadImageW
WindowFromPoint
SetWindowPos
SetActiveWindow
AttachThreadInput
GetWindowThreadProcessId
keybd_event
IsWindowVisible
GetAncestor
CloseClipboard
SetClipboardData
RegisterClipboardFormatW
EmptyClipboard
OpenClipboard
PeekMessageW
MessageBoxA
SetWindowTextW
SendMessageW
DestroyIcon
DispatchMessageW
TranslateMessage
GetMessageW
SetFocus
IsWindow
GetDesktopWindow
GetActiveWindow
GetFocus
GetCursorPos
IsClipboardFormatAvailable
GetForegroundWindow
PostMessageW
SetForegroundWindow
SetWindowLongPtrW
GetWindowLongPtrW
MessageBoxW
DrawIconEx
ReleaseDC
GetDC
GetIconInfo
RegisterClassW

gdi32

DeleteObject
SetDIBColorTable
GetStockObject
GetObjectW
GetDeviceCaps
SelectObject
DeleteDC
CreateDIBSection
CreateCompatibleDC

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyW

shell32

ShellExecuteExW
ord680
ShellExecuteW
ord155
SHOpenFolderAndSelectItems
ord190
SHFileOperationW
SHGetFileInfoW
Shell_NotifyIconW
SHGetSpecialFolderPathW

ole32

GetHGlobalFromStream
StringFromGUID2
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy

xcgui

XEle_Create
XBtn_Create
XBtn_SetText
XListBox_Create
XListBox_GetSelectAll
XListBox_SetSelectItem
XEdit_Create
XEdit_GetSelectTextLength
XEdit_GetSelectText
XEdit_GetLength
XEdit_GetText
XEdit_SetText
XComboBox_Create
XComboBox_SetSelItem
XComboBox_GetState
XMenu_SetItemHeight
XSView_Create
_XEle_RemoveEvent
_XWnd_RemoveEvent
XWnd_SetFocusEle
_XWnd_RegEvent
XImage_LoadMemory
XDraw_DrawText
XInitXCGUI
XC_GetTextSize
XShapeText_SetFont
XShapeText_SetText
XShapeGif_SetImage
XMenu_AddItemIcon
XSvg_LoadStringUtf8
XSvg_SetSize
XC_GetObjectType
XNotifyMsg_WindowPopupEx
XC_MessageBox
XEle_IsEnable
XWnd_SetTitle
XWnd_SetIcon
XImage_SetDrawType
XImage_LoadFromHICON
XWidget_IsShow
XModalWnd_DoModal
XWnd_AdjustLayout
XC_CallUiThread
XDraw_TextOutEx
XImage_LoadSvg
XFont_Destroy
XDraw_SetFont
XEdit_ReleaseStyle
XEdit_AddTextEx
XEdit_AddStyle
XC_SetActivateTopWindow
XWnd_Center
XWidget_GetHWND
XEdit_DeleteSelect
XEdit_ClipboardPaste
XEdit_ClipboardCopy
XEdit_ClipboardCut
XEdit_SelectAll
XWnd_CloseWindow
XComboBox_GetItemText
XEle_SetPosition
XEle_GetPosition
XEle_GetUserData
XBtn_GetText
XShapeText_SetTextColor
XFont_EnableAutoDestroy
XFont_CreateEx
XBkObj_SetImage
XDraw_ImageSuper
XImage_SetScaleSize
XEle_GetStateFlags
XEle_DrawEle
XTemp_Load
XC_GetObjectByName
XC_LoadLayout
XC_LoadStyle
XImage_EnableAutoDestroy
XListBox_SelectAll
XC_LoadResource
XMenu_Popup
XMenu_Create
XListBox_GetItemMouseStay
XDraw_DrawRect
XDraw_FillRect
XListBox_GetSelectItem
XListBox_GetSelectCount
XListBox_GetTemplateObject
XWnd_Redraw
XListBox_VisibleItem
XShape_Redraw
XListBox_SetVirtualRowCount
XWnd_GetDrawRect
XDraw_SetTextAlign
XDraw_Image
XDraw_DrawLine
XDraw_SetBrushColor
XDraw_GDI_FillRgn
XDraw_GDI_CreateSolidBrush
XDraw_GDI_CreatePolygonRgn
XDraw_FillRectColor
XEle_AddBkFill
XEle_EnableBkTransparent
XMenuBar_GetButton
XWnd_GetRect
XEle_GetChildCount
XMenu_AddItem
XMenuBar_AddButton
XMenuBar_GetMenu
XComboBox_AddItemText
XComboBox_EnableEdit
XComboBox_CreateAdapter
XToolBar_InsertEle
XEle_GetWidth
XEle_SetUserData
XToolBar_EnableButtonMenu
XEle_Redraw
XListBox_RefreshData
XExitXCGUI
XRunXCGUI
XWnd_ShowWindow
XWnd_EnableAutoFocus
XWnd_EnableLayout
XC_SetPaintFrequency
XWidget_Show
XWnd_GetButton
XWnd_GetHWND
XWnd_SetTimer
XListBox_CreateAdapter
XListBox_SetItemHeightDefault
XListBox_SetItemTemplateXML
XEle_EnableFocus
XListBox_SetRowSpace
_XEle_RegEvent
XListBox_EnableVirtualTable

gdiplus

GdipCloneImage
GdipDisposeImage
GdipGetImageEncodersSize
GdiplusStartup
GdipSaveImageToStream
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipGetImageEncoders
GdipSetCompositingMode
GdipLoadImageFromStreamICM
GdipGetImageHeight
GdipGetImagePaletteSize
GdipAlloc
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipFree
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette
GdipGetImageWidth
GdiplusShutdown
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHICON
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipLoadImageFromStream

ws2_32

WSACleanup

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 906KB - Virtual size: 906KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a938b798462a78ab4e46202bd491e45c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

xcgui

gdiplus

ws2_32

bcrypt

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 349KB - Virtual size: 349KB

.data Size: 30KB - Virtual size: 407KB

.pdata Size: 46KB - Virtual size: 45KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 906KB - Virtual size: 906KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 349KB - Virtual size: 349KB

.data
Size: 30KB - Virtual size: 407KB

.pdata
Size: 46KB - Virtual size: 45KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 906KB - Virtual size: 906KB

.reloc
Size: 10KB - Virtual size: 9KB