0b4c7714da8ff4acb982995604d8feaf5b014adfc6762f540f788f36846e89fc

Sharing

Copy URL Twitter E-mail

General

Target

0b4c7714da8ff4acb982995604d8feaf5b014adfc6762f540f788f36846e89fc
Size

4.0MB
MD5

0b202a206db7e0c5f2d13876295adc17
SHA1

fdc5a5acf5f2c3121d1dab60956c9959e7292ace
SHA256

0b4c7714da8ff4acb982995604d8feaf5b014adfc6762f540f788f36846e89fc
SHA512

614d47ccf95d51123359b6c9d098da8f8bdf4a52e3bb76a54967fe7cff6aef0e24378519b12f865c49afc07f87043014c0ca2df4179a53ad8930af9795d80a5b
SSDEEP

49152:5z4PKFrJst41URB7elNsfecrLE5vtRT4ZPzwFI/wOifnzH:qPK5qLePsFr4RQYtH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b4c7714da8ff4acb982995604d8feaf5b014adfc6762f540f788f36846e89fc

Files

0b4c7714da8ff4acb982995604d8feaf5b014adfc6762f540f788f36846e89fc
.exe windows:6 windows x64

d5a49263039d689c98dc8a60122a9643

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

magnification

MagSetWindowSource
MagUninitialize
MagSetWindowTransform
MagInitialize

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiW
OpenProcess
FreeLibrary
lstrcpynW
SetFileAttributesW
GetLastError
GetFileAttributesW
FindFirstFileW
FindClose
CreateMutexW
SetEndOfFile
HeapSize
ReadConsoleW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
HeapFree
HeapAlloc
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
GetCommandLineA
GetLocalTime
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ReleaseMutex
GetProcAddress
GetModuleHandleW
IsWow64Process
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
OpenEventW
ResetEvent
lstrcatW
CreateProcessW
ExitThread
CreateThread
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
GetFileSize
lstrlenW
QueryPerformanceFrequency
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
lstrcpyW
lstrcmpW
CreateFileW
GlobalFree
GlobalAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
QueryFullProcessImageNameW
MapViewOfFileEx
CreateFileMappingW
GetSystemInfo
UnmapViewOfFile
K32GetModuleFileNameExW
K32EnumProcessModules
OpenThread
GetCommandLineW
GetModuleHandleA
GetVersionExW
GetUserDefaultUILanguage
QueryPerformanceCounter
MulDiv
LoadLibraryW
FormatMessageW
GetCurrentThreadId
GetCurrentProcessId
VerifyVersionInfoW
LoadLibraryExW
GetModuleFileNameW
SetLastError
OutputDebugStringW
GetFullPathNameW
ExpandEnvironmentStringsW
VerSetConditionMask
LocalFree
LocalAlloc
GlobalLock
GlobalUnlock
FreeResource
ReadFile
GetTickCount
GetSystemWindowsDirectoryW
CopyFileW
FindNextFileW
WriteFile
SetFilePointer
GetSystemDirectoryW

user32

SetWindowPlacement
IsIconic
IntersectRect
UnionRect
DefWindowProcW
RegisterClassW
CreateWindowExW
ShowWindow
SetLayeredWindowAttributes
GetPhysicalCursorPos
EndPaint
SetWindowPos
InflateRect
SetWindowLongPtrW
LoadCursorW
SystemParametersInfoW
GetParent
FindWindowW
GetAsyncKeyState
GetMessageW
IsWindowEnabled
RegisterWindowMessageW
CopyRect
GetWindowPlacement
UnhookWinEvent
SetWinEventHook
EnumWindows
IsWindowVisible
SendMessageTimeoutW
PtInRect
InvalidateRect
GetWindowRect
GetClientRect
PostMessageW
GetWindow
GetClassLongPtrW
GetWindowLongPtrW
IsDlgButtonChecked
CheckDlgButton
ClientToScreen
GetDlgItem
GetLayeredWindowAttributes
DestroyWindow
SendMessageW
wsprintfW
BeginPaint
EnumDisplayMonitors
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
CheckMenuRadioItem
GetSysColorBrush
InsertMenuItemW
TrackPopupMenu
CreatePopupMenu
OffsetRect
IsRectEmpty
GetMonitorInfoW
MonitorFromRect
DestroyIcon
ReleaseDC
GetDC
IsWindow
GetWindowThreadProcessId
FindWindowExW
EqualRect
WaitForInputIdle
SetRectEmpty
MsgWaitForMultipleObjects
RegisterDeviceNotificationW
PeekMessageW
LoadIconW
SetWindowLongW
GetWindowLongW
UpdateWindow
GetMenuItemInfoW
AppendMenuW
CheckMenuItem
CreateMenu
SetMenu
CharUpperW
RegisterClassExW
CloseDesktop
OpenInputDesktop
GetActiveWindow
UnregisterHotKey
RegisterHotKey
GetDesktopWindow
SetCursorPos
DialogBoxParamW
CreateDialogParamW
IsZoomed
MoveWindow
ShowWindowAsync
GetCursorPos
GetWindowTextW
SetForegroundWindow
GetForegroundWindow
KillTimer
SetTimer
UnregisterClassW
PostQuitMessage
DispatchMessageW
TranslateMessage
MessageBoxW
CharLowerW
GetSysColor
LoadImageW
ValidateRect
GetClassNameW
DrawIconEx
GetAncestor
MonitorFromPoint
SetProcessDPIAware
LoadStringW
DisplayConfigGetDeviceInfo
EnumDisplayDevicesW
EnumDisplaySettingsW
EnumDisplaySettingsExW
WindowFromPoint
GetSystemMetrics

gdi32

SetBrushOrgEx
StrokeAndFillPath
EndPath
BeginPath
SetStretchBltMode
CreatePen
BitBlt
GetDeviceCaps
CreateCompatibleBitmap
CreateFontIndirectW
DeleteObject
GetStockObject
GetTextExtentPoint32W
LineTo
RoundRect
SelectObject
SetDCBrushColor
SetDCPenColor
SetBkMode
SetTextColor
MoveToEx
TextOutW
CreateCompatibleDC
DeleteDC
StretchBlt
GetObjectW
CreateSolidBrush
GetDIBits

advapi32

RegSetValueExW
GetUserNameW
LookupAccountSidW
GetTokenInformation
SetEntriesInAclW
RegQueryInfoKeyW
OpenProcessToken
RegQueryValueExW
RegEnumKeyExW
RegEnumKeyW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegOpenCurrentUser
RegCreateKeyExW
RegOpenKeyW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCopyTreeW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW
ExtractIconW
ExtractIconExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHCreateShellItemArrayFromShellItem
SHCreateItemFromParsingName
CommandLineToArgvW

ole32

StringFromGUID2
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
OleLoadPicture
SysFreeString

shlwapi

StrRStrIW
ord487
SHCopyKeyW
StrStrIW
SHDeleteKeyW

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawPath
GdipFillPath
GdiplusStartup
GdiplusShutdown
GdipCreatePen2
GdipSetPenWidth
GdipLoadImageFromFile
GdipDisposeImage
GdipClosePathFigure
GdipSetSmoothingMode
GdipCreatePen1
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImageRect
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipCreateSolidFill
GdipDeleteBrush
GdipStartPathFigure
GdipDeletePath
GdipCreatePath
GdipFree
GdipDeletePen
GdipCloneBrush
GdipDrawArcI
GdipSetStringFormatAlign
GdipAddPathArcI
GdipAlloc
GdipCreateBitmapFromHICON
GdipDeleteStringFormat
GdipCloneImage

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

Sections

.text
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5a49263039d689c98dc8a60122a9643

Headers

DLL Characteristics

File Characteristics

Imports

magnification

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

dwmapi

version

api-ms-win-core-winrt-string-l1-1-0

Sections

.text Size: 590KB - Virtual size: 589KB

.rdata Size: 183KB - Virtual size: 182KB

.data Size: 12KB - Virtual size: 37KB

.pdata Size: 29KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 590KB - Virtual size: 589KB

.rdata
Size: 183KB - Virtual size: 182KB

.data
Size: 12KB - Virtual size: 37KB

.pdata
Size: 29KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 572KB - Virtual size: 576KB