6b159b28d5e088d7186e164215e9cfe4f4acf13c040629adb93c2ee33d2942bd

Sharing

Copy URL

Twitter E-mail

General

Target

6b159b28d5e088d7186e164215e9cfe4f4acf13c040629adb93c2ee33d2942bd
Size

860KB
MD5

c268935f0f5f82c94c918ba9911a0b1d
SHA1

bdbcc1f3e28e764a41c757149878cb5acd6b869e
SHA256

6b159b28d5e088d7186e164215e9cfe4f4acf13c040629adb93c2ee33d2942bd
SHA512

a47babb3977c0c346b5cd2046250821a85f5b0d3a17f9c18cad4671c0e5a9a42305c017f2b933a8e98627d3403c118d6cd8756885d1fa333cc8caad77f7dd985
SSDEEP

12288:CwGetS/ITJqrraq/t2qny6xdRhMAK4vcmPEl0Io:kuS/UEn/tUIMGPEl0I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b159b28d5e088d7186e164215e9cfe4f4acf13c040629adb93c2ee33d2942bd

Files

6b159b28d5e088d7186e164215e9cfe4f4acf13c040629adb93c2ee33d2942bd
.exe windows:6 windows x64

02bc376d1ae63a2fef892492d891a666

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventRegister
EventUnregister
EventWrite
RegQueryValueExW

kernel32

FlushInstructionCache
CreateFileW
WriteFile
CopyFileW
GetSystemTime
WideCharToMultiByte
GetSystemDirectoryW
GetCurrentProcess
LocalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LockResource
EnterCriticalSection
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
GetLastError
LoadResource
SizeofResource
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
LoadLibraryW
GetProcAddress
lstrlenW
FreeLibrary
FormatMessageW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
GetVersionExA
UnhandledExceptionFilter
OutputDebugStringA
LeaveCriticalSection
RaiseException
DeleteCriticalSection
GetCurrentThreadId
TerminateProcess

gdi32

GetStockObject
StretchBlt
CreateCompatibleBitmap
SetStretchBltMode
SelectObject
CreateCompatibleDC
GetObjectW
GetTextExtentPoint32W
SetDeviceGammaRamp
GetDeviceGammaRamp
SetBkMode
SetBkColor
SetTextColor
CreateSolidBrush
GetDeviceCaps
CreateDCW
DeleteDC
DeleteObject

user32

GetWindowTextLengthW
GetWindowTextW
ReleaseDC
MessageBoxW
ShowWindow
GetWindow
GetWindowLongW
DestroyWindow
CharNextW
GetSystemMetrics
GetActiveWindow
RegisterWindowMessageW
FindWindowW
GetWindowThreadProcessId
AllowSetForegroundWindow
SendMessageTimeoutW
MonitorFromRect
EnumChildWindows
GetWindowLongPtrW
SetWindowLongPtrW
OpenIcon
GetDC
SetWindowPos
CallWindowProcW
SendMessageW
DefWindowProcW
GetDlgItem
GetWindowRect
MapWindowPoints
MoveWindow
InvalidateRect
GetParent
KillTimer
SetTimer
SetWindowTextW
PostMessageW
MonitorFromWindow
EnumDisplayMonitors
UnregisterClassA
GetMonitorInfoW
SetCursor
LoadCursorW
ShowCursor
EnumDisplayDevicesW
SetForegroundWindow
MapDialogRect
LoadStringW

msvcrt

_vsnwprintf
powf
?terminate@@YAXXZ
_errno
realloc
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
__C_specific_handler
memset
swscanf_s
_wcsupr
_purecall
??_U@YAPEAX_K@Z
memcpy_s
malloc
wcsncpy_s
free
??2@YAPEAX_K@Z
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
wcsstr
memcpy

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
WinSqmAddToStream
RtlVirtualUnwind

dxva2

GetNumberOfPhysicalMonitorsFromHMONITOR
GetPhysicalMonitorsFromHMONITOR
DestroyPhysicalMonitors
GetMonitorBrightness
SetMonitorBrightness
GetMonitorContrast
SetMonitorContrast
GetVCPFeatureAndVCPFeatureReply
SetVCPFeature

mscms

DccwReleaseDisplayProfileAssociationList
SetColorProfileElementSize
SetColorProfileElement
WcsDisassociateColorProfileFromDevice
WcsSetDefaultColorProfile
UninstallColorProfileW
DccwGetDisplayProfileAssociationList
DccwCreateDisplayProfileAssociationList
DccwGetGamutSize
WcsOpenColorProfileW
WcsGetDefaultColorProfile
WcsGetUsePerUserProfiles
DccwSetDisplayProfileAssociationList
CloseColorProfile
InstallColorProfileW
GetColorProfileFromHandle
WcsCreateIccProfile
WcsSetCalibrationManagementState
WcsGetCalibrationManagementState
GetColorDirectoryW

shell32

ShellExecuteW

gdiplus

GdipCloneImage
GdipCreateBitmapFromStream
GdipFree
GdipCreateLineBrushI
GdipFillRectangleI
GdipAlloc
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipDisposeImage
GdiplusStartup
GdipCreateHBITMAPFromBitmap

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW
ord345
PropertySheetW

ole32

CoTaskMemAlloc
CoCreateInstance
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 762KB - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02bc376d1ae63a2fef892492d891a666

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

dxva2

mscms

shell32

gdiplus

comctl32

ole32

oleaut32

Sections

.text Size: 87KB - Virtual size: 86KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 762KB - Virtual size: 764KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 87KB - Virtual size: 86KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 762KB - Virtual size: 764KB

.reloc
Size: 4KB - Virtual size: 3KB