be754456f9b4323f2645c5c65caa1e1452243aad46aff4058d1433c70bf108cd

Sharing

Copy URL Twitter E-mail

General

Target

be754456f9b4323f2645c5c65caa1e1452243aad46aff4058d1433c70bf108cd
Size

8.4MB
MD5

c16c26e970a38d4bba272601f992547c
SHA1

c3d5a14d6b817aaa913a018b58a22782b419431f
SHA256

be754456f9b4323f2645c5c65caa1e1452243aad46aff4058d1433c70bf108cd
SHA512

d6560ca01caf849be8e012816670dc86338917f3fda4da0047a4575d32eb8d7a5965abd79c13c2683b95f899ac97148d5db0c53eaca5ec6a251da278fd199006
SSDEEP

98304:OLLC7U2GM3TIlG/2XOrqWSSV4y+eFDPnappcQZZpaoyYcp65h1PK/Xt0V++:OYhSSVJFDPaEUZ0WcpMhc/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be754456f9b4323f2645c5c65caa1e1452243aad46aff4058d1433c70bf108cd

Files

be754456f9b4323f2645c5c65caa1e1452243aad46aff4058d1433c70bf108cd
.exe windows:6 windows x64 arch:x64

58b38735fdec550325bc5270a20f2e5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CreateStreamOnHGlobal
CoTaskMemAlloc
RegisterDragDrop
OleInitialize
RevokeDragDrop
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemFree

kernel32

CreateNamedPipeW
LocalFree
GetConsoleMode
GetProcessId
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
GetCurrentThread
LoadLibraryExW
MultiByteToWideChar
SetLastError
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetTempPathW
GetModuleFileNameW
GetCommandLineW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateFileW
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
WriteConsoleW
SetHandleInformation
ReadFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ExitProcess
GetCurrentProcess
GetSystemTimeAsFileTime
RtlCaptureContext
DeleteFileW
MoveFileExW
Sleep
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
SystemTimeToFileTime
ReadProcessMemory
TzSpecificLocalTimeToSystemTime
RtlVirtualUnwind
OpenProcess
PostQueuedCompletionStatus
VirtualQueryEx
GlobalMemoryStatusEx
ReleaseSRWLockShared
AcquireSRWLockShared
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
GetDiskFreeSpaceExW
CreateIoCompletionPort
HeapReAlloc
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetConsoleScreenBufferInfo
GetStdHandle
lstrlenW
CopyFileExW
SetConsoleTextAttribute
GetSystemInfo
SetEnvironmentVariableW
FindClose
CloseHandle
LoadLibraryW
GetTickCount64
GlobalUnlock
GlobalLock
GlobalAlloc
SetFileCompletionNotificationModes
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreatePipe
WakeAllConditionVariable
IsProcessorFeaturePresent
RtlUnwindEx
GetLastError
GetModuleHandleW
RtlPcToFileHeader
RaiseException
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetCurrentThreadId
TlsAlloc
TlsGetValue
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SwitchToThread
HeapFree
TlsSetValue
OutputDebugStringW
OutputDebugStringA
GetSystemTime
GetTimeZoneInformation
LCIDToLocaleName
GetUserDefaultUILanguage
FreeLibrary
GetModuleHandleA
WakeConditionVariable
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
QueryPerformanceCounter
SleepConditionVariableSRW
TlsFree

user32

ShowCursor
ClipCursor
DispatchMessageW
GetSystemMetrics
GetClipCursor
GetActiveWindow
TranslateMessage
GetKeyState
GetMessageW
ClientToScreen
LoadCursorW
GetAsyncKeyState
PeekMessageW
MsgWaitForMultipleObjectsEx
GetWindowRect
MonitorFromRect
GetWindowLongPtrW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyExW
ReleaseCapture
SetWindowLongW
SendMessageW
EnableMenuItem
GetSystemMenu
TrackMouseEvent
SetWindowPlacement
ChangeDisplaySettingsExW
IsProcessDPIAware
MonitorFromWindow
GetDC
PostMessageW
SystemParametersInfoA
GetWindowPlacement
TrackPopupMenu
SetForegroundWindow
GetCursorPos
ScreenToClient
SetCapture
ShowWindow
PostQuitMessage
SendInput
SetMenuItemInfoW
AppendMenuW
CreateIcon
UnregisterHotKey
VkKeyScanW
DefWindowProcW
RegisterClassExW
GetTouchInputInfo
CloseTouchInputHandle
DestroyAcceleratorTable
DestroyIcon
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
RegisterWindowMessageA
GetAncestor
SetCursor
RegisterClassW
IsWindow
RegisterHotKey
CheckMenuItem
IsIconic
EnumChildWindows
IsWindowVisible
MonitorFromPoint
DispatchMessageA
GetMessageA
PostThreadMessageW
GetClientRect
TranslateAcceleratorW
CreateWindowExW
SetWindowLongPtrW
RegisterRawInputDevices
GetRawInputData
ValidateRect
GetUpdateRect
MapVirtualKeyW
RedrawWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CreateMenu
CreatePopupMenu
SetCursorPos
GetForegroundWindow
FlashWindowEx
CreateAcceleratorTableW
EnumDisplayMonitors
SetMenu
SetWindowDisplayAffinity
CloseClipboard
DestroyWindow
GetMonitorInfoW
RegisterTouchWindow
SetWindowPos

comctl32

TaskDialogIndirect
RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc

ws2_32

connect
getsockopt
bind
setsockopt
WSASocketW
freeaddrinfo
accept
WSACleanup
getsockname
listen
WSAIoctl
getpeername
closesocket
getaddrinfo
ioctlsocket
recv
WSAGetLastError
shutdown
WSASend
send
WSAStartup

shell32

DragFinish
Shell_NotifyIconW
Shell_NotifyIconGetRect
SHGetKnownFolderPath
DragQueryFileW
SHAppBarMessage
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW

advapi32

CheckTokenMembership
GetLengthSid
IsWellKnownSid
RegQueryValueExW
RegCloseKey
IsValidSid
CopySid
RegOpenKeyExW
RegSetValueExW
GetTokenInformation
CreateWellKnownSid
DuplicateTokenEx
RegDeleteValueW
SystemFunction036
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
OpenProcessToken
RegGetValueW

dwmapi

DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow

bcrypt

BCryptGenRandom

ntdll

RtlGetVersion
NtQuerySystemInformation
NtCancelIoFileEx
NtQueryInformationProcess
NtReadFile
NtWriteFile
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertDuplicateStore
CertDuplicateCertificateChain
CertFreeCertificateContext
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertVerifyCertificateChainPolicy
CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain

secur32

FreeContextBuffer
DecryptMessage
QueryContextAttributesW
AcquireCredentialsHandleA
AcceptSecurityContext
EncryptMessage
FreeCredentialsHandle
DeleteSecurityContext
ApplyControlToken
InitializeSecurityContextW

psapi

GetModuleFileNameExW
GetPerformanceInfo

pdh

PdhCollectQueryData
PdhCloseQuery
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhRemoveCounter

iphlpapi

GetIfEntry2

powrprof

CallNtPowerInformation

oleaut32

SysStringLen
GetErrorInfo
SysFreeString
SysAllocString
SetErrorInfo
VariantClear

wininet

InternetSetOptionA

uxtheme

SetWindowTheme

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

api-ms-win-crt-math-l1-1-0

sinh
sin
sqrt
asinh
tan
log10
log
fabs
hypot
exp
cbrt
_fdclass
tanh
cosh
acosh
_dsign
fmod
fmax
fmin
cos
lrint
atan2
atan
log2
atanh
expm1
asin
acos
pow
log1p
trunc
__setusermatherr
floor
round
ceil
_dclass

api-ms-win-crt-string-l1-1-0

wcsncmp
strlen
strcpy_s
strcpy
strcmp
strcat
_wcsicmp
wcslen

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
_callnewh
_msize
realloc
malloc

api-ms-win-crt-runtime-l1-1-0

_initterm
exit
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
__p___argc
_seh_filter_exe
_cexit
__p___argv
_initterm_e
_wassert
terminate
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
abort
_crt_atexit
fesetround

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol
atoi
strtod

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf
_set_fmode
__acrt_iob_func
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58b38735fdec550325bc5270a20f2e5e

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

user32

comctl32

ws2_32

shell32

advapi32

dwmapi

bcrypt

ntdll

crypt32

secur32

psapi

pdh

iphlpapi

powrprof

oleaut32

wininet

uxtheme

gdi32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 12KB - Virtual size: 17KB

.pdata Size: 98KB - Virtual size: 97KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 12KB - Virtual size: 17KB

.pdata
Size: 98KB - Virtual size: 97KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 40KB - Virtual size: 39KB