fe107dc63a315949cea533d7ea5f67dda93463d438355146e0f980719b083e24

Sharing

Copy URL Twitter E-mail

General

Target

fe107dc63a315949cea533d7ea5f67dda93463d438355146e0f980719b083e24
Size

10.2MB
MD5

93ac8a62addf6a50c059a7b6bd9e96c8
SHA1

8774de11c0de872598b0082ce9bcaad5e62abc2b
SHA256

fe107dc63a315949cea533d7ea5f67dda93463d438355146e0f980719b083e24
SHA512

219b6c6ffde587c92e2562876018520587ba997786dc3b10912377aa33676c57d48cc6630956112b19a53f5ea91af50d079db024fc9d1f1424a2ea32a635b5cc
SSDEEP

98304:kYayAFIz9s+Aqw0X6fGHjeFanjih6M8YBJFMcR4cysi:HavYkm9c5R4S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe107dc63a315949cea533d7ea5f67dda93463d438355146e0f980719b083e24

Files

fe107dc63a315949cea533d7ea5f67dda93463d438355146e0f980719b083e24
.exe windows:6 windows x64 arch:x64

1a242c06915aee29d4cd016187d0613c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtCreateFile
RtlNtStatusToDosError
NtReadFile
NtWriteFile
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwind
RtlCaptureContext
RtlGetNtVersionNumbers
RtlUnwindEx

kernel32

LoadLibraryA
GetSystemDirectoryW
GetFullPathNameW
ExitProcess
CopyFileExW
GetFinalPathNameByHandleW
TlsSetValue
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindFirstFileW
CreateDirectoryW
CreateFileW
FindNextFileW
CreateMutexA
WaitForSingleObjectEx
GetWindowsDirectoryW
CreateProcessW
GlobalAlloc
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
GetProcessId
TerminateProcess
ReadFileEx
SleepEx
WriteFileEx
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
GetSystemTimeAsFileTime
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
GetCurrentThread
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
GetTempPathW
lstrlenW
CreateThread
HeapReAlloc
LoadLibraryExW
TlsGetValue
WriteConsoleW
FreeLibrary
GetEnvironmentVariableW
CompareStringOrdinal
LoadLibraryW
FindClose
ReleaseMutex
FreeEnvironmentStringsW
SetFileCompletionNotificationModes
CreateEventW
GetProcessHeap
HeapAlloc
PostQueuedCompletionStatus
HeapFree
GetQueuedCompletionStatusEx
FormatMessageW
SetEvent
WaitForSingleObject
SleepConditionVariableSRW
LCIDToLocaleName
GetUserDefaultUILanguage
Sleep
CreatePipe
GetCurrentProcess
DuplicateHandle
GetFileInformationByHandle
GetStdHandle
GetConsoleMode
GetFileInformationByHandleEx
GetSystemInfo
GetProcAddress
GetModuleHandleA
AcquireSRWLockShared
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
GlobalUnlock
GetFileAttributesW
GlobalLock
GetModuleHandleW
TlsFree
GetCurrentThreadId
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
IsProcessorFeaturePresent
RaiseException
CreateIoCompletionPort
CreateNamedPipeW
EncodePointer
TlsAlloc
SetHandleInformation
CancelIoEx
GetExitCodeProcess
GetCurrentProcessId

user32

VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
DestroyIcon
SetWindowLongW
GetSystemMenu
ShowWindow
DestroyWindow
SendInput
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
IsProcessDPIAware
GetDC
MonitorFromPoint
EnumDisplayMonitors
IsWindowVisible
ClipCursor
GetClipCursor
ShowCursor
AdjustWindowRectEx
IsIconic
RegisterHotKey
CreateIcon
GetKeyboardLayout
GetRawInputData
GetWindowLongPtrW
SetWindowDisplayAffinity
CreateMenu
SetCursor
SystemParametersInfoA
SetClipboardData
RegisterClipboardFormatW
EmptyClipboard
CreateAcceleratorTableW
CheckMenuItem
EnableMenuItem
UnregisterHotKey
CloseClipboard
GetClipboardData
OpenClipboard
DestroyAcceleratorTable
ClientToScreen
SetCursorPos
InvalidateRgn
CreatePopupMenu
SetCapture
SetWindowLongPtrW
SetWindowPos
SetMenuItemInfoW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
TrackPopupMenu
GetActiveWindow
SetForegroundWindow
GetForegroundWindow
AppendMenuW
SetMenu
ValidateRect
SendMessageW
PostQuitMessage
LoadCursorW
RegisterClassExW
RegisterWindowMessageA
ReleaseCapture
GetCursorPos
ToUnicodeEx
EnumChildWindows
PostMessageW
DispatchMessageA
GetMenu
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
GetClientRect
RedrawWindow
RegisterTouchWindow
GetSystemMetrics
DispatchMessageW
TranslateMessage
IsWindow
CreateWindowExW
RegisterClassW
GetMonitorInfoW
GetMessageA
MonitorFromWindow
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
GetWindowLongW
TrackMouseEvent
MonitorFromRect
GetWindowRect
GetUpdateRect
PeekMessageW
PostThreadMessageW

ws2_32

closesocket
getaddrinfo
getsockopt
freeaddrinfo
WSACleanup
WSAStartup
WSAGetOverlappedResult
WSASend
WSARecv
WSASocketW
WSAGetLastError
bind
connect
ioctlsocket
select
getpeername
WSAIoctl
setsockopt
send
recv
shutdown

secur32

DeleteSecurityContext
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
ApplyControlToken
DecryptMessage
QueryContextAttributesW
EncryptMessage
AcquireCredentialsHandleA
FreeCredentialsHandle

crypt32

CertDuplicateCertificateChain
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateStore

comctl32

TaskDialogIndirect
SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass

ole32

CoInitializeEx
RevokeDragDrop
CreateStreamOnHGlobal
RegisterDragDrop
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
CoCreateInstance
CoUninitialize

shell32

SHGetKnownFolderPath
DragQueryFileW
Shell_NotifyIconW
Shell_NotifyIconGetRect
DragFinish
SHAppBarMessage
ShellExecuteW
SHCreateItemFromParsingName

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

advapi32

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegCloseKey
RegGetValueW
SystemFunction036
RegQueryValueExW
RegOpenKeyExW

uxtheme

SetWindowTheme

oleaut32

GetErrorInfo
SysStringLen
SetErrorInfo
SysFreeString

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

trunc
__setusermatherr
round
floor

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp
wcslen
_wcsicmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

abort
_exit
_register_thread_local_exe_atexit_callback
terminate
_crt_atexit
_set_app_type
_register_onexit_function
_initialize_onexit_table
_initterm
_get_initial_narrow_environment
_initterm_e
_seh_filter_exe
_configure_narrow_argv
_c_exit
_initialize_narrow_environment
_cexit
__p___argv
__p___argc
exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
malloc
free
_callnewh

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 407KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a242c06915aee29d4cd016187d0613c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

ws2_32

secur32

crypt32

comctl32

ole32

shell32

gdi32

dwmapi

advapi32

uxtheme

oleaut32

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 12KB - Virtual size: 16KB

.pdata Size: 407KB - Virtual size: 406KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 12KB - Virtual size: 16KB

.pdata
Size: 407KB - Virtual size: 406KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 36KB - Virtual size: 35KB