e280009e4e63028ea39c553b6287955ff23838918a0a9e9eb302daad9fa81540

Sharing

Copy URL Twitter E-mail

General

Target

e280009e4e63028ea39c553b6287955ff23838918a0a9e9eb302daad9fa81540
Size

2.4MB
MD5

ad71a15bc07e4edb379f84b4ecd3ec9b
SHA1

2dfe2e56883093e29951bfa26d5372411ff07622
SHA256

e280009e4e63028ea39c553b6287955ff23838918a0a9e9eb302daad9fa81540
SHA512

9a1d25c954c3a1d4f1f15cc99ee50bde5af275eb5b5721dd292a88b1c4d26e49718f69e7bf23f24f35b32f2fc2104a09b5306e3ea1c3b4a15163084f63584ba2
SSDEEP

24576:N8+mj2eNUJCdyEMirQcDZLFdsAIhsg9bLFVkhZmX:N50ZNCEMHcJtglFaZw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e280009e4e63028ea39c553b6287955ff23838918a0a9e9eb302daad9fa81540

Files

e280009e4e63028ea39c553b6287955ff23838918a0a9e9eb302daad9fa81540
.exe windows:6 windows x64 arch:x64

c290d322adc870a7f4ccabeddc26ff65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_Interface_List_SizeW
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
CM_Get_Device_Interface_ListW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

StrCpyW
PathRemoveFileSpecW

kernel32

OpenProcess
GetSystemDirectoryW
GetWindowsDirectoryW
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
LoadLibraryW
K32EnumProcessModules
K32GetModuleBaseNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetFileSizeEx
SetConsoleCtrlHandler
WriteConsoleW
GetFileType
HeapQueryInformation
HeapReAlloc
GetCurrentThread
GetStdHandle
ExitProcess
InitializeCriticalSection
HeapValidate
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
VirtualQuery
InitializeSListHead
GetPriorityClass
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
CreateProcessW
TerminateThread
ExitThread
GetCurrentThreadId
CreateThread
WaitForMultipleObjects
Sleep
GetOverlappedResult
DeviceIoControl
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
WriteFile
ReadFile
CreateFileW
GetCommandLineW
MultiByteToWideChar
FormatMessageW
LocalFree
LocalAlloc
GetCurrentProcess
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
GetConsoleMode
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
RtlUnwind
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
GetLocaleInfoEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
GetModuleHandleW
CloseThreadpoolWait
SetThreadpoolWait
CreateEventW
OpenMutexW
CreateMutexW
WaitForSingleObject
ResetEvent
SetEvent
DeleteCriticalSection
GetCurrentProcessId
InitializeCriticalSectionEx
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadConsoleW
SetEndOfFile
GetSystemInfo
FormatMessageA
WideCharToMultiByte
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
EncodePointer
LCMapStringEx
QueryPerformanceCounter
QueryPerformanceFrequency
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait

user32

GetClientRect
EndPaint
BeginPaint
UpdateWindow
CalculatePopupWindowPosition
AppendMenuW
InsertMenuW
GetMenuItemID
CreatePopupMenu
CreateMenu
FindWindowW
SetTimer
SetWindowPos
ShowWindow
LoadCursorW
PostMessageW
AdjustWindowRectEx
RegisterDeviceNotificationW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadImageW
SetForegroundWindow
TrackPopupMenu
DestroyMenu
GetSystemMetrics
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
wvsprintfW
LoadIconW
GetWindowRect
UnregisterDeviceNotification
GetCursorPos
GetDoubleClickTime
KillTimer

gdi32

BitBlt
DeleteDC
DeleteObject
SelectObject
TextOutW
CreateCompatibleDC

advapi32

OpenServiceW
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
OpenSCManagerW
ControlService
CloseServiceHandle
ChangeServiceConfigW
GetNamedSecurityInfoW
SetEntriesInAclW
RegSetValueExW
RegSetKeySecurity
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegGetKeySecurity
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
SetSecurityDescriptorOwner
OpenProcessToken

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW
Shell_NotifyIconGetRect
CommandLineToArgvW

ole32

StringFromCLSID
CoTaskMemFree
CoUninitialize
CLSIDFromString
CoInitialize

hid

HidP_GetUsageValue
HidD_GetAttributes
HidD_GetHidGuid
HidD_GetPreparsedData
HidD_FreePreparsedData
HidP_GetCaps
HidP_GetValueCaps
HidD_SetOutputReport

authz

AuthzFreeResourceManager
AuthzInitializeContextFromSid
AuthzFreeContext
AuthzInitializeResourceManager
AuthzAccessCheck

Sections

.textbss
Size: - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 727B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c290d322adc870a7f4ccabeddc26ff65

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

version

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

hid

authz

Sections

.textbss Size: - Virtual size: 794KB

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 410KB - Virtual size: 410KB

.data Size: 12KB - Virtual size: 37KB

.pdata Size: 89KB - Virtual size: 89KB

.idata Size: 13KB - Virtual size: 13KB

.msvcjmc Size: 1024B - Virtual size: 727B

.00cfg Size: 512B - Virtual size: 337B

_RDATA Size: 1024B - Virtual size: 562B

.rsrc Size: 176KB - Virtual size: 176KB

.reloc Size: 14KB - Virtual size: 14KB

.textbss
Size: - Virtual size: 794KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 410KB - Virtual size: 410KB

.data
Size: 12KB - Virtual size: 37KB

.pdata
Size: 89KB - Virtual size: 89KB

.idata
Size: 13KB - Virtual size: 13KB

.msvcjmc
Size: 1024B - Virtual size: 727B

.00cfg
Size: 512B - Virtual size: 337B

_RDATA
Size: 1024B - Virtual size: 562B

.rsrc
Size: 176KB - Virtual size: 176KB

.reloc
Size: 14KB - Virtual size: 14KB