8d774adb4e1b1f5ff5b19927a029817fcbb5047d417155492caa817e34b677ff

Sharing

Copy URL

Twitter E-mail

General

Target

8d774adb4e1b1f5ff5b19927a029817fcbb5047d417155492caa817e34b677ff
Size

15.0MB
MD5

1f2f58d0768a36078d2a5ce0697d0091
SHA1

6a9f1f3824c9b4ee52582ac0e13f6a8b01a16917
SHA256

8d774adb4e1b1f5ff5b19927a029817fcbb5047d417155492caa817e34b677ff
SHA512

14ccdf276dc27c8f6190f414147eb15723aa5558d0385fd0c8ff612c96a62c078976b993965b39894f37fe9afb6de7d95470db058358e76fd8a86cd38c8cc189
SSDEEP

196608:/FRE7NfdXlTmP0zNAV82x2E4mQIvnPmvM3l:/07JdXlTi0hAVt2dp0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d774adb4e1b1f5ff5b19927a029817fcbb5047d417155492caa817e34b677ff

Files

8d774adb4e1b1f5ff5b19927a029817fcbb5047d417155492caa817e34b677ff
.exe windows:4 windows x64

cf35dc1855b8f3eaf09a3cdc77c6161e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CancelIo
CancelIoEx
CloseHandle
CompareStringEx
CompareStringW
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileW
CreateEventA
CreateEventW
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreatePipe
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
CreateWaitableTimerA
CreateWaitableTimerW
DebugBreak
DecodePointer
DeleteCriticalSection
DeleteFiber
DeleteFileW
DeviceIoControl
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadContext
GetTickCount
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
IsBadReadPtr
IsBadStringPtrA
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MapViewOfFileEx
MultiByteToWideChar
OpenEventA
OpenEventW
OpenFileMappingW
OpenMutexW
OpenProcess
OpenThread
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableSRW
SleepEx
SuspendThread
SwitchToFiber
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcmpA

ntdll

LdrLockLoaderLock
LdrUnloadDll
LdrUnlockLoaderLock
NtAllocateVirtualMemory
NtClose
NtCreateFile
NtCreateSection
NtDeviceIoControlFile
NtFsControlFile
NtGetContextThread
NtMapViewOfSection
NtOpenSection
NtOpenSymbolicLinkObject
NtProtectVirtualMemory
NtQueryInformationProcess
NtQuerySymbolicLinkObject
NtQuerySystemInformation
NtQuerySystemTime
NtQueryVirtualMemory
NtReadVirtualMemory
NtResumeProcess
NtSuspendProcess
NtTerminateProcess
NtUnmapViewOfSection
NtWaitForSingleObject
NtWriteVirtualMemory
RtlAcquirePebLock
RtlAllocateHeap
RtlCaptureContext
RtlCompareMemory
RtlDosPathNameToNtPathName_U
RtlExitUserThread
RtlFreeHeap
RtlFreeUnicodeString
RtlGetNtVersionNumbers
RtlHashUnicodeString
RtlImageDirectoryEntryToData
RtlImageNtHeader
RtlInitUnicodeString
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlPcToFileHeader
RtlRaiseStatus
RtlReleasePebLock
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlUnwind
RtlUnwindEx
RtlUpcaseUnicodeChar
RtlVirtualUnwind
ZwClose
ZwCreateSection
ZwLoadDriver
ZwMapViewOfSection
ZwOpenDirectoryObject
ZwOpenFile
ZwQueryAttributesFile
ZwQueryDirectoryObject
ZwQueryInformationFile
ZwQueryInformationThread
ZwUnloadDriver
ZwUnmapViewOfSection

user32

CloseClipboard
CreateWindowExW
DefWindowProcW
DestroyIcon
DispatchMessageW
DrawIconEx
EmptyClipboard
FindWindowExW
FindWindowW
GetClipboardData
GetDC
GetDesktopWindow
GetForegroundWindow
GetMessageW
GetParent
GetProcessWindowStation
GetRawInputData
GetRawInputDeviceInfoW
GetSystemMetrics
GetUserObjectInformationW
GetWindow
GetWindowInfo
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
IsWindow
IsWindowVisible
MapVirtualKeyW
MessageBoxW
OpenClipboard
PostMessageW
PostQuitMessage
RealGetWindowClassW
RegisterClassExW
RegisterRawInputDevices
ReleaseDC
SendInput
SetTimer
SetWindowsHookExW
ShowWindow
TranslateMessage
UnregisterClassW
UpdateWindow
wsprintfW

advapi32

AdjustTokenPrivileges
CloseServiceHandle
CloseTrace
ControlService
ControlTraceW
CreateServiceW
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeleteService
DeregisterEventSource
EnableTraceEx2
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
OpenTraceW
ProcessTrace
QueryServiceStatus
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
StartServiceW
StartTraceW
TraceSetInformation
UpdateTraceW

ole32

CLSIDFromString
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CreateStreamOnHGlobal

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateSolidBrush
DeleteDC
DeleteObject
GetBitmapBits
GetObjectW
SelectObject

shell32

ExtractIconExW
SHGetFolderPathW
SHGetSpecialFolderPathW

setupapi

CM_Locate_DevNodeW
CM_Reenumerate_DevNode
SetupDiBuildDriverInfoList
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiEnumDriverInfoW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDevicePropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey

hid

HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetHidGuid
HidD_GetManufacturerString
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetValueCaps

d3d11

D3D11CreateDevice

oleaut32

SafeArrayGetElement
SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

crypt32

CertCloseStore
CertComparePublicKeyInfo
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateContext
CertGetNameStringA
CertOpenStore
CryptBinaryToStringA
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CryptMsgOpenToDecode
CryptMsgUpdate
CryptQueryObject

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAAddressToStringW
WSACleanup
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSARecv
WSASend
WSASetLastError
WSASocketW
WSAStartup
WSAStringToAddressW
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

gdiplus

GdipAlloc
GdipCloneImage
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipDisposeImage
GdipDrawImageRectI
GdipFree
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImageWidth
GdipSaveImageToStream
GdipSetInterpolationMode
GdiplusStartup

dbghelp

MiniDumpWriteDump

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
WinVerifyTrust

winmm

mciSendCommandW

bcrypt

BCryptGenRandom

Exports

Exports

FreeLibraryMemoryAndExitThread
LdrUnloadDllMemoryAndExitThread

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 976KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gxfg
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT2
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf35dc1855b8f3eaf09a3cdc77c6161e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

user32

advapi32

ole32

gdi32

shell32

setupapi

hid

d3d11

oleaut32

crypt32

version

ws2_32

gdiplus

dbghelp

wintrust

winmm

bcrypt

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 4.4MB - Virtual size: 4.4MB

.data Size: 976KB - Virtual size: 1.0MB

.pdata Size: 463KB - Virtual size: 463KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.gxfg Size: 13KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 29B

.vmp0 Size: 6.5MB - Virtual size: 6.5MB

_RDATA Size: 512B - Virtual size: 348B

INIT2 Size: 13KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 92KB - Virtual size: 91KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 4.4MB - Virtual size: 4.4MB

.data
Size: 976KB - Virtual size: 1.0MB

.pdata
Size: 463KB - Virtual size: 463KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.gxfg
Size: 13KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 29B

.vmp0
Size: 6.5MB - Virtual size: 6.5MB

_RDATA
Size: 512B - Virtual size: 348B

INIT2
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 92KB - Virtual size: 91KB