325afec40a95d9fa121f8ea6d9d31d5c503c7cddb7c8124b5beee7f3f3c34821

Sharing

Copy URL Twitter E-mail

General

Target

325afec40a95d9fa121f8ea6d9d31d5c503c7cddb7c8124b5beee7f3f3c34821
Size

1.8MB
MD5

3e9c846a9794644fcfc5f64e3c5d2794
SHA1

2f45f6b6bed1582e648d2f1f4fbc9481c491b10d
SHA256

325afec40a95d9fa121f8ea6d9d31d5c503c7cddb7c8124b5beee7f3f3c34821
SHA512

c0ff7c00b2389023b4f1adb080d7e8a9bb1c3bdcb80039f83ff0836ed82a00353cfc2f08d2ee7096353415607463573c86ef6386f92fa47d4ac164a0f9098253
SSDEEP

24576:22+EcWl9J2luKQTrSkr22/j6mKLgXe4i7ojhsP5Lgrk1TWb4AN5:x+EllSmGki2WSe30jaNf1TWbdz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
325afec40a95d9fa121f8ea6d9d31d5c503c7cddb7c8124b5beee7f3f3c34821

Files

325afec40a95d9fa121f8ea6d9d31d5c503c7cddb7c8124b5beee7f3f3c34821
.exe windows:6 windows x64 arch:x64

b50762017fa543ef5bed2970832237a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dbghelp

SymSetOptions
SymFunctionTableAccess64
SymInitialize
SymGetLineFromAddr64
SymGetModuleBase64
StackWalk64
SymGetSymFromAddr64

kernel32

GetCurrentThreadId
OpenProcess
GetCurrentThread
CloseHandle
CreateMutexW
IsValidCodePage
HeapReAlloc
ReadConsoleW
ReadFile
FlushFileBuffers
GetTimeZoneInformation
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
GetModuleFileNameW
GetCurrentProcess
RtlCaptureContext
SetPriorityClass
GetModuleHandleW
LocalFree
WaitForSingleObject
LocalSize
GetLastError
LocalAlloc
lstrlenW
GetFileTime
GetSystemTimePreciseAsFileTime
SetUnhandledExceptionFilter
SetEndOfFile
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
WriteConsoleW
GetDynamicTimeZoneInformation
GetFileAttributesW
MultiByteToWideChar
Sleep
GetCurrentProcessId
WideCharToMultiByte
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
GetConsoleMode
OutputDebugStringA
SetEnvironmentVariableW
IsDebuggerPresent
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
TerminateProcess
WaitForMultipleObjects
SetThreadPriority
ReleaseMutex
CreateEventW
FormatMessageW
OutputDebugStringW
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW
HeapAlloc
GetProcAddress
CreateMutexExW
GetProcessHeap
DebugBreak
QueryFullProcessImageNameW
ProcessIdToSessionId
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
LoadLibraryW
FreeLibrary
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
RtlPcToFileHeader
RaiseException
InitOnceComplete
InitOnceBeginInitialize
EnterCriticalSection
LeaveCriticalSection
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
EnumSystemLocalesW
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
SetStdHandle
GetFileType
DeleteFileW
ExitProcess
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
GetACP

user32

MonitorFromWindow
SetProcessDpiAwarenessContext
MonitorFromPoint
SetThreadDpiHostingBehavior
GetForegroundWindow
SetThreadDpiAwarenessContext
RegisterHotKey
GetMonitorInfoW
GetAsyncKeyState
RegisterClassExW
GetWindowLongPtrW
CreateWindowExW
EnumDisplayMonitors
SetWindowLongPtrW
DestroyWindow
GetWindowRect
PostMessageW
UnregisterHotKey
DefWindowProcW
GetPhysicalCursorPos
RegisterWindowMessageW
IsWindow
EnumChildWindows
GetWindowThreadProcessId
GetKeyNameTextW
CharUpperBuffW
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyExW
SetPropW
RemovePropW
GetPropW
IsIconic
EnumWindows
SetWindowLongW
AreDpiAwarenessContextsEqual
MapWindowPoints
GetLayeredWindowAttributes
GetWindowLongW
LoadCursorW
MoveWindow
ShowWindow
SetWindowPos
GetWindowTextW
SendInput
GetAncestor
SetForegroundWindow
GetWindowDpiAwarenessContext
GetClassNameW
SetWindowPlacement
GetCursorInfo
UnhookWindowsHookEx
GetShellWindow
GetClassNameA
GetSystemMetrics
MonitorFromRect
IsWindowVisible
GetWindow
EnumDisplayDevicesW
SystemParametersInfoW
GetClientRect
LoadStringW
CallNextHookEx
GetCursorPos
GetMessageW
DispatchMessageW
SetTimer
TranslateMessage
PostThreadMessageW
KillTimer
MessageBoxW
SetWindowsHookExW
PostQuitMessage
GetDesktopWindow
SetWinEventHook
UnhookWinEvent
SetLayeredWindowAttributes
GetWindowPlacement

advapi32

RegQueryValueExW
GetTokenInformation
RegGetValueW
RegCloseKey
EventWriteTransfer
EventRegister
RegOpenKeyExW
OpenProcessToken
EventSetInformation
EventUnregister

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

uxtheme

BufferedPaintInit
BufferedPaintUnInit

dwmapi

DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmGetWindowAttribute

gdi32

DeleteObject
CreateRectRgn

shell32

SHGetKnownFolderPath
ShellExecuteExW

ole32

CoCreateInstance
CoCreateGuid
CoInitializeEx
StringFromCLSID
CoUninitialize
CoTaskMemFree
CLSIDFromString
CoSetProxyBlanket
CoInitializeSecurity
CoCreateFreeThreadedMarshaler

oleaut32

SysFreeString
GetErrorInfo
VariantClear
SetErrorInfo
SysAllocString
SysStringLen

rpcrt4

UuidHash

dwrite

DWriteCreateFactory

d2d1

ord1

Sections

.text
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b50762017fa543ef5bed2970832237a8

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

kernel32

user32

advapi32

api-ms-win-shcore-scaling-l1-1-1

uxtheme

dwmapi

gdi32

shell32

ole32

oleaut32

rpcrt4

dwrite

d2d1

Sections

.text Size: 850KB - Virtual size: 850KB

.rdata Size: 232KB - Virtual size: 232KB

.data Size: 25KB - Virtual size: 40KB

.pdata Size: 39KB - Virtual size: 39KB

_RDATA Size: 512B - Virtual size: 512B

.rsrc Size: 150KB - Virtual size: 150KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 850KB - Virtual size: 850KB

.rdata
Size: 232KB - Virtual size: 232KB

.data
Size: 25KB - Virtual size: 40KB

.pdata
Size: 39KB - Virtual size: 39KB

_RDATA
Size: 512B - Virtual size: 512B

.rsrc
Size: 150KB - Virtual size: 150KB

.reloc
Size: 572KB - Virtual size: 576KB