colorpicker[.]f9[.]update8[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

colorpicker.f9.update8.exe
Size

68.7MB
MD5

673ee1a67fb26377857d21f321299ac6
SHA1

174e8e15982bcfbd5c3cf2a1099095f11803ec73
SHA256

ffd089ecfeb7d59d337fffc134bba14b37d3eb9279989be7f58d19c2aeb93df8
SHA512

f6767d55e1dedebc6000383ebf023fa24f960a4c8b3d16dcf388ca00d3b01de11ff9652e8e023ce915c83ee95dd369f1c11e7a39c43003ed1e6ae0bc822a4abd
SSDEEP

786432:2WKk/GZrRzZA9J9mNs2YqmQMtDzAgPwgyJLNdHgysJEpugnL5P4moEH0gp/dhgTN:2ucZc6NJMXFPiLLbbn9PhBH0AdhE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
colorpicker.f9.update8.exe

Files

colorpicker.f9.update8.exe
.exe windows:6 windows x64

e82ee9af09fa374e8673a8c333a97f1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LockResource
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA

comdlg32

GetOpenFileNameA

advapi32

CryptDestroyHash

shell32

ShellExecuteA

msvcp140

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

crypt32

CertGetCertificateChain

ws2_32

htons

rpcrt4

UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

fseek

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-string-l1-1-0

strpbrk

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

Sections

.text
Size: - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.9#'
Size: - Virtual size: 71.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.R?n
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l3i
Size: 68.2MB - Virtual size: 68.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e82ee9af09fa374e8673a8c333a97f1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

msvcp140

crypt32

ws2_32

rpcrt4

psapi

userenv

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Sections

.text Size: - Virtual size: 624KB

.rdata Size: - Virtual size: 354KB

.data Size: - Virtual size: 8KB

.pdata Size: - Virtual size: 27KB

.9#' Size: - Virtual size: 71.7MB

.R?n Size: 5KB - Virtual size: 4KB

.l3i Size: 68.2MB - Virtual size: 68.2MB

.rsrc Size: 453KB - Virtual size: 452KB

.text
Size: - Virtual size: 624KB

.rdata
Size: - Virtual size: 354KB

.data
Size: - Virtual size: 8KB

.pdata
Size: - Virtual size: 27KB

.9#'
Size: - Virtual size: 71.7MB

.R?n
Size: 5KB - Virtual size: 4KB

.l3i
Size: 68.2MB - Virtual size: 68.2MB

.rsrc
Size: 453KB - Virtual size: 452KB