3fea1f7aa8e38e40b1646b3c07b49a461e441ba57d2599541dba8af2f9b9788a

Sharing

Copy URL Twitter E-mail

General

Target

3fea1f7aa8e38e40b1646b3c07b49a461e441ba57d2599541dba8af2f9b9788a
Size

11.1MB
MD5

4da92a7090710ff6029a2b36379a1873
SHA1

3ecc5e7d39f91b2df20a429dae49a8b8795cafdf
SHA256

3fea1f7aa8e38e40b1646b3c07b49a461e441ba57d2599541dba8af2f9b9788a
SHA512

947fcb2e9725b83cb75f4098b95eb43d83673d7ea824dad1b982144e8b76982b73d891fc4db6e1a85c3176cc1570b2b26e2e8d5190a9617ec6c63ef72d444d03
SSDEEP

196608:Bs6DxZcmKLW5wA4T0Zrc5xU4c4fU7JpF+TgjjIlZiaDN3kW0lFMf8cc7j2J5D:Bs6DTV/4T0aPUtfoUcjDNdiimS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fea1f7aa8e38e40b1646b3c07b49a461e441ba57d2599541dba8af2f9b9788a

Files

3fea1f7aa8e38e40b1646b3c07b49a461e441ba57d2599541dba8af2f9b9788a
.exe windows:6 windows x64

f030204fe3374a673c471b649c58f885

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcess
GetCurrentDirectoryA
UnmapViewOfFile
DuplicateHandle
GetModuleHandleA
Sleep
FormatMessageW
GetLastError
TlsAlloc
CloseHandle
ReleaseSRWLockShared
GetCommandLineW
K32EnumProcesses
SwitchToThread
GetProcAddress
LocalFree
AcquireSRWLockShared
WideCharToMultiByte
OpenFileMappingA
TlsFree
FormatMessageA
MapViewOfFileEx
IsDebuggerPresent
SetConsoleCtrlHandler
GetSystemInfo
GetModuleFileNameA
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
OpenEventA
ReleaseSemaphore
ResetEvent
QueryPerformanceCounter
AreFileApisANSI
DeviceIoControl
SetFileAttributesW
RemoveDirectoryW
GetFileTime
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
CreateFileW
GetModuleHandleW
GetCurrentThreadId
TlsSetValue
TlsGetValue
CreateEventA
WaitForSingleObjectEx
SetEvent
SleepConditionVariableSRW
WakeAllConditionVariable
MultiByteToWideChar
GetSystemTimeAsFileTime
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetProcessHeap
HeapFree
HeapAlloc
InitializeSRWLock
GetStartupInfoW
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
HeapAlloc
RtlUnwindEx
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetSystemTimeAsFileTime
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
GetVersion

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

CommandLineToArgvW

msvcp140

?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?clear@ios_base@std@@QEAAXH_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Syserror_map@std@@YAPEBDH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?exceptions@ios_base@std@@QEAAXH@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Winerror_map@std@@YAHH@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_unlock
_Thrd_join
_Thrd_id
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
??Bid@locale@std@@QEAA_KXZ
?length@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1_K@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

ws2_32

WSAStartup
WSACleanup

waveaudioutils

auVcEngineVoiceChangerStart
voicengineVcEngineVoiceChangerStart
fmodVcEngineVoiceChangerProcess
auVcEngineNoiseReduceStart
voicengineVcEngineNoiseReduceStart
voicemodVcEngineNoiseReduceProcess
auVcEngineNoiseReduceProcess
auVcEngineVoiceChangerResult
auVcEngineNoiseReduceResult
fmodVcEngineVoiceChangerStart
auVcEngineVoiceChangerProcess
fmodVcEngineNoiseReduceResult
voicengineVcEngineNoiseReduceResult
voicengineVcEngineVoiceChangerProcess
voicemodVcEngineVoiceChangerStart
voicengineVcEngineNoiseReduceProcess
voicemodVcEngineVoiceChangerProcess
fmodVcEngineNoiseReduceProcess
voicengineVcEngineVoiceChangerResult
voiceChangerStart
?debug@@YA_NXZ
?log_init@mp@@YAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
voiceChangerExit
fmodVcEngineVoiceChangerResult
voicemodVcEngineNoiseReduceStart
voicemodVcEngineNoiseReduceResult
voicemodVcEngineVoiceChangerResult
fmodVcEngineNoiseReduceStart

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__current_exception_context
__C_specific_handler
__RTDynamicCast
__std_type_info_name
strstr
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
_CxxThrowException
memcpy
memmove
memset
__std_type_info_compare
memcmp

api-ms-win-crt-runtime-l1-1-0

_c_exit
_exit
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
terminate
_get_wide_winmain_command_line
_beginthreadex
_initialize_wide_environment
_configure_wide_argv
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
strerror
_register_thread_local_exe_atexit_callback

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__p__commode
freopen_s
_set_fmode
fflush
fclose
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
_gmtime64

api-ms-win-crt-convert-l1-1-0

atol

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

CharUpperBuffW

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RtaivcSe
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.:q_
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.78Y
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.H8;
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f030204fe3374a673c471b649c58f885

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msvcp140

ws2_32

waveaudioutils

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

Sections

.text Size: 192KB - Virtual size: 192KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 16KB - Virtual size: 16KB

.pdata Size: 12KB - Virtual size: 12KB

RtaivcSe Size: 4KB - Virtual size: 4KB

.:q_ Size: 4.2MB - Virtual size: 4.2MB

.78Y Size: 4KB - Virtual size: 4KB

.H8; Size: 6.6MB - Virtual size: 6.6MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 40KB - Virtual size: 40KB

.l1 Size: 21KB - Virtual size: 21KB

.text
Size: 192KB - Virtual size: 192KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 16KB - Virtual size: 16KB

.pdata
Size: 12KB - Virtual size: 12KB

RtaivcSe
Size: 4KB - Virtual size: 4KB

.:q_
Size: 4.2MB - Virtual size: 4.2MB

.78Y
Size: 4KB - Virtual size: 4KB

.H8;
Size: 6.6MB - Virtual size: 6.6MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 40KB - Virtual size: 40KB

.l1
Size: 21KB - Virtual size: 21KB