3c11b0859ef009be8b1a59296fb3e475429ac1739d80dc24d602281085ab78f3

Sharing

Copy URL Twitter E-mail

General

Target

3c11b0859ef009be8b1a59296fb3e475429ac1739d80dc24d602281085ab78f3
Size

1.1MB
MD5

647b9e132be871199f26ea2b49ef475f
SHA1

6a19923087e9d27547f76a426e328eacf5fde75d
SHA256

3c11b0859ef009be8b1a59296fb3e475429ac1739d80dc24d602281085ab78f3
SHA512

29da0017e52b5c627c678b190ca163df66b4d323246d4a2358902459ad4d89c49f0e1ce1977e21207cb55c2dd60ca5ed11c68f83c1358ae11f3f8a1945920f88
SSDEEP

24576:Es3o4P1dcDThzvjA01uSztWM4W1W9mfSt5jL2N7:EsFP1KHpA01uSBJhkAmqN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c11b0859ef009be8b1a59296fb3e475429ac1739d80dc24d602281085ab78f3

Files

3c11b0859ef009be8b1a59296fb3e475429ac1739d80dc24d602281085ab78f3
.exe windows:6 windows x64

bb4aa6621355046ce95b00f3a341f4c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

strstr
wcstok_s
_wcsnicmp
_snwprintf
wcscat
free
_wcsicmp
wcscmp
wcsncpy
wcslen
wcsncmp
__wgetmainargs
swscanf
wcscpy
malloc
setlocale
_gmtime64
wcsstr
wcsrchr
strrchr
floor
calloc
memset
memcmp
memcpy
_time64
wcstol
_strnicmp
ceil
_wcsdup
sqrt
wcstod
_wstati64
wcschr
wcstok
_wtol
_wsystem
memmove
tolower
_mktime64
_itow
_wtoi
pow
_vsnwprintf
wcstoul
_localtime64
wcsspn
realloc
_stricmp

kernel32

GetSystemWindowsDirectoryW
GetFileSizeEx
SetFilePointerEx
GetExitCodeThread
ReadFile
GetFirmwareEnvironmentVariableW
SetFirmwareEnvironmentVariableW
FormatMessageW
Sleep
CreateDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetLogicalProcessorInformation
GetCurrentThread
SetFileAttributesW
GetNativeSystemInfo
GetEnvironmentVariableW
GetPrivateProfileIntW
SetDllDirectoryW
GetSystemInfo
GetPrivateProfileStringW
SetErrorMode
lstrcatW
RtlCompareMemory
WriteConsoleW
OpenProcess
QueryFullProcessImageNameW
ReadProcessMemory
GetLocalTime
GetTimeFormatW
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetLogicalDrives
AttachConsole
AllocConsole
ReadConsoleOutputW
SetEndOfFile
SetFileValidData
CreateEventW
SetFilePointer
GetTickCount
SetVolumeMountPointW
WideCharToMultiByte
WriteConsoleA
FindFirstFileNameW
FindNextFileNameW
RemoveDirectoryW
FindFirstFileW
FindResourceExW
SizeofResource
LockResource
FreeResource
GetDiskFreeSpaceW
MoveFileW
SetLastError
GetCurrentDirectoryW
SetCurrentDirectoryW
GetVolumeNameForVolumeMountPointW
GetDateFormatW
LCIDToLocaleName
SetThreadExecutionState
GetCommandLineW
GetProcessId
FlushFileBuffers
DosDateTimeToFileTime
LocalFileTimeToFileTime
GlobalMemoryStatusEx
FileTimeToSystemTime
WritePrivateProfileSectionW
GetFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
UnregisterWait
RegisterWaitForSingleObject
DeleteCriticalSection
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
GetVersionExW
HeapReAlloc
GetExitCodeProcess
PeekNamedPipe
CreateProcessW
CreatePipe
DuplicateHandle
HeapFree
HeapAlloc
CreateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetSystemTime
SystemTimeToFileTime
SetFileTime
GetModuleHandleW
HeapCreate
GetTempPathW
GetLongPathNameW
GetModuleFileNameW
GetWindowsDirectoryW
GetUserDefaultLCID
GetUserDefaultLocaleName
GetCurrentProcess
GetLastError
LocalAlloc
LocalFree
HeapDestroy
ExitProcess
GetStdHandle
GetFileType
GetConsoleScreenBufferInfo
QueryPerformanceCounter
LoadLibraryExW
FreeLibrary
SetEnvironmentVariableW
FindResourceW
LoadResource
QueryPerformanceFrequency
RtlZeroMemory
LoadLibraryW
MulDiv
FindFirstFileExW
FindNextFileW
FindClose
WaitForSingleObject
DefineDosDeviceW
VirtualProtect
WriteFile
BeginUpdateResourceW
EnumResourceNamesW
UpdateResourceW
EndUpdateResourceW
CopyFileW
DeleteFileW
SetEvent
GetFileAttributesW
lstrcmpA
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetConsoleTitleW
SetConsoleCtrlHandler
SetConsoleCursorInfo
GetFullPathNameW
DeviceIoControl
SetConsoleCursorPosition
GetConsoleWindow
K32GetModuleInformation
FindFirstVolumeW
QueryDosDeviceW
GetVolumePathNamesForVolumeNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindNextVolumeW
FindVolumeClose
lstrlenA
RtlMoveMemory
MultiByteToWideChar
lstrcpyW
lstrcmpiW
SetConsoleTextAttribute
lstrcmpW
lstrcpynW
lstrlenW
GetFinalPathNameByHandleW

user32

UnhookWindowsHookEx
SetWindowsHookExW
MessageBoxW
LoadStringW
GetWindowTextW
GetParent
GetClassWord
TrackPopupMenu
RealChildWindowFromPoint
ScreenToClient
WindowFromPoint
FlashWindowEx
MessageBeep
GetMessagePos
SetWindowTextW
PostMessageW
SetFocus
UpdateWindow
GetWindowPlacement
SetWindowPlacement
SetTimer
InvalidateRect
CreateWindowExW
GetSystemMenu
GetSysColor
IsChild
DefFrameProcW
GetFocus
AdjustWindowRectEx
UnregisterClassW
RegisterClassW
TranslateAcceleratorW
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
WindowFromDC
GetClassLongPtrW
CallNextHookEx
MapWindowPoints
GetUpdateRect
SetRect
GetDlgItem
InflateRect
GetMessageW
IsZoomed
GetMenu
DestroyAcceleratorTable
DrawTextW
SetActiveWindow
DrawFrameControl
GetScrollPos
RegisterClassExW
SetScrollPos
GetWindowDC
GetAsyncKeyState
GetWindowLongW
DrawStateW
ReleaseCapture
SetCapture
GetWindowTextLengthW
RedrawWindow
IntersectRect
DestroyWindow
EnableWindow
GetDC
ReleaseDC
GetClassInfoExW
RegisterWindowMessageW
GetSystemMetrics
SystemParametersInfoW
GetIconInfo
DestroyIcon
LoadImageW
CreateIconIndirect
SetPropW
GetWindowLongPtrW
SetWindowLongPtrW
SendMessageW
CreatePopupMenu
InsertMenuW
CheckMenuItem
SetMenuDefaultItem
CheckMenuRadioItem
AppendMenuW
SetMenuItemInfoW
GetPropW
GetSysColorBrush
IsWindowEnabled
GetClientRect
SetWindowPos
FindWindowExW
GetComboBoxInfo
LockWindowUpdate
EnumChildWindows
SetClassLongPtrW
DefWindowProcW
BeginPaint
FrameRect
FillRect
SetWindowCompositionAttribute
ValidateRect
CallWindowProcW
DrawIconEx
RemovePropW
GetDoubleClickTime
IsWindowVisible
LoadIconW
SetRectEmpty
MoveWindow
EndPaint
CopyRect
CharUpperW
LoadCursorW
EnableMenuItem
CharLowerW
EnumDisplayDevicesW
EnumWindows
ShowWindow
EnumDisplaySettingsW
EnumDisplaySettingsExW
ChangeDisplaySettingsW
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
DisplayConfigSetDeviceInfo
GetShellWindow
GetWindowThreadProcessId
GetWindowRect
GetWindow
SetParent
DestroyMenu
GetKeyState
MessageBoxIndirectW
SetForegroundWindow
KillTimer
CreateAcceleratorTableW
GetClassNameW
FindWindowW
GetDlgCtrlID
DestroyCursor
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ClientToScreen
CopyImage
GetForegroundWindow
IsIconic
SetCursor
GetActiveWindow

gdi32

GetObjectType
OffsetViewportOrgEx
CreateDCW
SetViewportOrgEx
CreatePatternBrush
GetClipRgn
SelectClipRgn
ExtSelectClipRgn
StretchBlt
SetBrushOrgEx
CreateBitmap
GetDIBits
SetPixel
GetStockObject
CreateRectRgnIndirect
ExcludeClipRect
LineTo
MoveToEx
Rectangle
CreatePen
ExtTextOutW
FrameRgn
CreateRectRgn
GdiAlphaBlend
SetStretchBltMode
GetTextExtentPoint32W
AddFontResourceW
GetTextMetricsW
EnumFontFamiliesW
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
SetTextColor
SetBkColor
SetBkMode
CreateFontW
CreateFontIndirectW
CreateDIBSection
CreateCompatibleBitmap
GetObjectW
DeleteObject
CreateSolidBrush
GetDeviceCaps

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegEnumKeyExW
IsWellKnownSid
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
SetEntriesInAclW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
ConvertSidToStringSidW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
AllocateAndInitializeSid
CheckTokenMembership
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RevertToSelf
OpenServiceW
RegCreateKeyW
SetNamedSecurityInfoW
RegEnumValueW
StartServiceW
QueryServiceStatus
SetThreadToken
CreateProcessWithTokenW
CreateProcessAsUserW
ControlService
RegQueryValueW
RegLoadKeyW
RegUnLoadKeyW
RegQueryInfoKeyW
SetFileSecurityW
GetFileSecurityW
IsValidSecurityDescriptor

comctl32

ImageList_Merge
ImageList_GetIcon
ImageList_Destroy
InitCommonControlsEx
CreateToolbarEx
ord410
ImageList_Remove
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Add
ImageList_GetImageCount
ord412
ImageList_ReplaceIcon
ord413
ImageList_Create
ImageList_Replace
ImageList_AddMasked
ImageList_Draw

oleaut32

VariantClear
SafeArrayCreate
SafeArrayLock
SafeArrayUnlock
SysFreeString
SafeArrayDestroy
SysAllocString

ntdll

RtlFreeUnicodeString
RtlIsNameInExpression
RtlUpcaseUnicodeString
RtlCreateUnicodeString
NtCreatePagingFile
NtSetInformationFile
RtlNtStatusToDosError
NtWriteFile
NtReadFile
RtlGetLastNtStatus
NtTranslateFilePath
NtQueryInformationFile
NtFsControlFile
RtlRandom
RtlComputeCrc32
NtQueryDirectoryObject
NtOpenDirectoryObject
RtlInitUnicodeString
NtQueryVolumeInformationFile
RtlGetVersion
NtShutdownSystem
NtFreeVirtualMemory
RtlCreateUserThread
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtQueryInformationProcess
NtOpenProcess
RtlGetNtVersionNumbers
RtlFreeHeap
NtClose
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlAllocateHeap
RtlGetProcessHeaps
NtQuerySystemInformation
RtlAdjustPrivilege

ole32

CoCreateInstance
CLSIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoUninitialize
RevokeDragDrop
CoInitialize

shell32

SHDefExtractIconW
SHGetFileInfoW
SHGetImageList
SHGetStockIconInfo
ShellExecuteW
SHChangeNotify
ILCreateFromPath
ILFree
StrStrIW
SHParseDisplayName
SHCreateShellItem
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
SHFormatDrive
ShellExecuteExW

shlwapi

PathMatchSpecW
PathCompactPathW
PathGetArgsW
StrCmpLogicalW
StrStrNIW
PathCompactPathExW
PathIsNetworkPathW
PathParseIconLocationW
PathRemoveExtensionW
StrTrimW
StrToIntExW
PathSearchAndQualifyW
PathCombineW
SHCreateStreamOnFileW
SHCreateStreamOnFileEx
PathIsDirectoryW
PathStripToRootW
PathRemoveBackslashW
StrToIntW
StrFormatByteSizeW
PathRemoveFileSpecW
PathIsRelativeW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathAddBackslashW

cfgmgr32

CM_Get_Parent
CM_Get_Device_IDW

crypt32

CryptBinaryToStringW

rpcrt4

UuidCreate

setupapi

SetupOpenInfFileW
SetupDiGetDeviceRegistryPropertyW
SetupGetStringFieldW
SetupCloseInfFile
SetupDecompressOrCopyFileW
SetupFindFirstLineW
SetupIterateCabinetW
SetupGetLineByIndexW
SetupGetFieldCount
SetupGetBinaryField
SetupGetMultiSzFieldW
SetupGetIntField
SetupEnumInfSectionsW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupGetLineCountW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

uxtheme

GetThemePartSize
BeginBufferedPaint
DrawThemeTextEx
BufferedPaintSetAlpha
GetThemeInt
OpenThemeData
BufferedPaintInit
SetWindowTheme
EndBufferedPaint
DrawThemeBackground
GetThemeFont
DrawThemeText

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW
WTSEnumerateSessionsW

tools\x64\offreg

ORCloseHive
ORGetValue
ORQueryInfoKey
OREnumKey
OROpenKey
ORCloseKey
ORDeleteValue
ORSetValue
ORSaveHive
ORCreateKey
ORDeleteKey
ORCreateHive
OROpenHive

virtdisk

GetStorageDependencyInformation
OpenVirtualDisk
DetachVirtualDisk
AttachVirtualDisk
CreateVirtualDisk
GetVirtualDiskOperationProgress
GetVirtualDiskInformation
GetVirtualDiskPhysicalPath

cabinet

ord22
ord20
ord23

fltlib

FilterAttach
FilterLoad

Sections

.text
Size: 822KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 178KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 119KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb4aa6621355046ce95b00f3a341f4c8

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

comctl32

oleaut32

ntdll

ole32

shell32

shlwapi

cfgmgr32

crypt32

rpcrt4

setupapi

userenv

uxtheme

version

wtsapi32

tools\x64\offreg

virtdisk

cabinet

fltlib

Sections

.text Size: 822KB - Virtual size: 822KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 178KB - Virtual size: 4.3MB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 119KB - Virtual size: 120KB

.text
Size: 822KB - Virtual size: 822KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 178KB - Virtual size: 4.3MB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 119KB - Virtual size: 120KB