2fae4ee84e077a5afa17d9d44b7e043039743927b9700a576c2dd1a076ab9df6

Sharing

Copy URL Twitter E-mail

General

Target

2fae4ee84e077a5afa17d9d44b7e043039743927b9700a576c2dd1a076ab9df6
Size

265KB
MD5

604fc1c214bb6d6774158d3edcb5df0b
SHA1

93d5225389e325073f05d0a892db6eed49cd99c8
SHA256

2fae4ee84e077a5afa17d9d44b7e043039743927b9700a576c2dd1a076ab9df6
SHA512

74423c46c8082469b4e272419b657a208fc4f94e8fab23b26ea232fa8b667d4ca5b3ae7579f1a98ea41bba0678ddbbab639708eb4dafdd00d265dff3f95b315c
SSDEEP

6144:I0f4GPgp61CC/Xhw6cXDcuq4sXh1H7ytifyADqiILur/jL6NFNvTq6U:RxPgpeDcXwuQRNosWiILujnYFl+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/uxtheme.dll

Files

2fae4ee84e077a5afa17d9d44b7e043039743927b9700a576c2dd1a076ab9df6
.zip
uxtheme.dll
.dll windows:10 windows x64 arch:x64

9b960f28d6527bb959b793c0e1525cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
_vsnwprintf
floor
cos
memmove
atan
memset
?terminate@@YAXXZ
pow
fflush
fputws
memcmp
fwprintf
sqrt
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
_amsg_exit
_XcptFilter
__C_specific_handler
wcstol
memmove_s
_wsplitpath_s
_wtof
wcschr
free
_purecall
rand
memcpy_s
rand_s

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetModuleFileNameW
FindResourceExW
SizeofResource
LoadResource
LoadStringW
LoadLibraryExW
GetModuleFileNameA
LockResource
GetModuleHandleW
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSemaphore
InitializeCriticalSection
CreateMutexExW
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
CreateMutexW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
InitializeSRWLock
OpenSemaphoreW
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapCreate
HeapFree
HeapReAlloc
HeapDestroy
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
GetCurrentThread
TerminateProcess
SetThreadToken
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CreateThread
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetACP

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTime
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-1-0

GetFileTime
ReadFile
SetFilePointer
GetFileAttributesW
FindClose
CreateFileW
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetFileSize

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
CompareStringOrdinal
GetStringTypeW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenCurrentUser

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
CopySid
GetLengthSid
RevertToSelf
IsValidSid
CheckTokenMembership
SetKernelObjectSecurity
GetTokenInformation

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
VirtualAlloc
VirtualFree
MapViewOfFile

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
CreateActCtxW
ReleaseActCtx
DeactivateActCtx

api-ms-win-core-atoms-l1-1-0

DeleteAtom
GetAtomNameW
AddAtomW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpW
lstrcmpiW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRStrIW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

ntdll

wcstok_s
strchr
SbSelectProcedure
wcsspn
wcstoul
NtCreateSection
NtOpenSection
NtClose
NtConnectPort
RtlInitUnicodeString
NtRequestWaitReplyPort
RtlInitializeCriticalSection
RtlGetThreadLangIdByIndex
EtwEventSetInformation
EtwEventUnregister
EtwEventRegister
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlInitializeSRWLock
EtwEventWriteTransfer
bsearch_s

gdi32

GetStockObject
CreateDIBitmap
SelectObject
GetClipRgn
CreateRectRgn
IntersectClipRect
CreatePen
CreateSolidBrush
Rectangle
RoundRect
BeginPath
EndPath
Ellipse
SelectClipPath
BitBlt
SelectClipRgn
SetBkColor
ExtTextOutW
GetBkColor
PathToRegion
GetObjectType
ExcludeClipRect
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetDCDpiScaleValue
CreateDPIScaledDIBSection
CreateDIBSection
DeleteDC
GetLayout
GetRandomRgn
LPtoDP
OffsetRgn
GetDeviceCaps
GdiFlush
SetViewportOrgEx
SetWindowOrgEx
CreateRectRgnIndirect
GdiAlphaBlend
SetStretchBltMode
StretchBlt
CreateFontIndirectW
PtInRegion
GdiGradientFill
Arc
SetLayout
GetRegionData
GdiDrawStream
SetTextColor
SetBkMode
GetRgnBox
GetCurrentObject
GetWindowOrgEx
GetViewportOrgEx
SetBitmapAttributes
SetTextAlign
GetTextAlign
GetDIBits
CreatePatternBrush
RectVisible
GetClipBox
SetBrushOrgEx
SetDIBits
ExtCreateRegion
CombineRgn
ExtCreatePen
AbortPath
StrokeAndFillPath
GetTextMetricsW
PatBlt
GdiTransparentBlt
SetBoundsRect
GetBoundsRect
CreateSessionMappedDIBSection
ClearBitmapAttributes
DeleteObject

user32

GetWindowCompositionAttribute
IsThreadDesktopComposited
TrackMouseEvent
CallWindowProcW
SetWindowLongW
SetWindowLongPtrW
GetWindowLongW
DefWindowProcW
GetDCEx
IsChild
GetWindowThreadProcessId
PostMessageW
ord2525
ord2527
GetDesktopWindow
ReleaseDC
GetDC
SetSysColors
SetProcessDPIAware
GetClassNameW
EnumDesktopsW
CloseDesktop
EnumDesktopWindows
OpenDesktopW
EnumChildWindows
GetWindow
RemovePropW
SetPropW
SetWindowPos
ord2706
ord2703
IsTopLevelWindow
GetSysColor
SystemParametersInfoW
SendNotifyMessageW
GetPropW
InflateRect
DrawTextW
DrawTextExW
GetGUIThreadInfo
GetUserObjectInformationW
GetProcessWindowStation
CopyRect
GetSystemMetrics
PtInRect
WindowFromDC
RedrawWindow
KillTimer
SetTimer
EqualRect
OffsetRect
MapWindowPoints
GetWindowRect
IsRectEmpty
IntersectRect
SetRect
FillRect
IsWindow
SetWindowCompositionAttribute
GetClassLongW
GetClientRect
GetSystemMetricsForDpi
GetAncestor
SendMessageW
MonitorFromWindow
GetMonitorInfoW
IsZoomed
GetTitleBarInfo
GetSystemMenu
GetMenuItemInfoW
GetIconInfo
CreateIconIndirect
GetWindowLongPtrW
GetParent
GetWindowInfo
IsIconic
GetForegroundWindow
GetWindowRgnBox
InvalidateRect
IsWindowInDestroy
SetWindowRgn
SetRectEmpty
CalcMenuBar
InternalGetWindowText
GetWindowTextW
GetWindowDC
LoadIconW
DestroyIcon
SetCapture
MsgWaitForMultipleObjectsEx
PeekMessageW
ReleaseCapture
DispatchMessageW
GetCapture
ClientToScreen
DrawEdge
DrawIconEx
IsWindowVisible
IsWindowRedirectedForPrint
PaintMenuBar
GetSysColorBrush
ValidateRect
DefFrameProcW
IsServerSideWindow
MonitorFromRect
GetMessagePos
GetKeyState
GetMenuBarInfo
GetMenuItemCount
DrawMenuBar
ord2707
GetDpiForSystem
SetMenuItemInfoW
CopyImage
RegisterUserApiHook
RegisterDManipHook
ord2708
SystemParametersInfoA
SystemParametersInfoForDpi
AdjustWindowRectEx
GetWindowPlacement
FindWindowW
GetShellWindow
SetWindowsHookExW
UnhookWindowsHookEx
AllowSetForegroundWindow
CallNextHookEx
IsMenu
GetMenuInfo
SendMessageTimeoutW
GetClassLongPtrW
GetThreadDesktop
IsProcessDPIAware
EnumDisplayDevicesW
ord2705
DisplayConfigGetDeviceInfo
GetDpiForMonitorInternal
ord2711
EnumDisplayMonitors
EnumDisplaySettingsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BeginBufferedAnimation
BeginBufferedPaint
BeginPanningFeedback
BufferedPaintClear
BufferedPaintInit
BufferedPaintRenderAnimation
BufferedPaintSetAlpha
BufferedPaintStopAllAnimations
BufferedPaintUnInit
CloseThemeData
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DrawThemeBackground
DrawThemeBackgroundEx
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeParentBackgroundEx
DrawThemeText
DrawThemeTextEx
EnableThemeDialogTexture
EnableTheming
EndBufferedAnimation
EndBufferedPaint
EndPanningFeedback
GetBufferedPaintBits
GetBufferedPaintDC
GetBufferedPaintTargetDC
GetBufferedPaintTargetRect
GetColorFromPreference
GetCurrentThemeName
GetImmersiveColorFromColorSetEx
GetImmersiveUserColorSetPreference
GetThemeAnimationProperty
GetThemeAnimationTransform
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBitmap
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeStream
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetThemeTimingFunction
GetThemeTransitionDuration
GetUserColorPreference
GetWindowTheme
HitTestThemeBackground
IsAppThemed
IsCompositionActive
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
OpenThemeData
OpenThemeDataEx
OpenThemeDataForDpi
SetThemeAppProperties
SetWindowTheme
SetWindowThemeAttribute
ThemeInitApiHook
UpdatePanningFeedback

Sections

.text
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b960f28d6527bb959b793c0e1525cfd

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

ntdll

gdi32

user32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 375KB - Virtual size: 375KB

.rdata Size: 200KB - Virtual size: 199KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 24KB - Virtual size: 23KB

.didat Size: 512B - Virtual size: 248B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 375KB - Virtual size: 375KB

.rdata
Size: 200KB - Virtual size: 199KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 24KB - Virtual size: 23KB

.didat
Size: 512B - Virtual size: 248B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB