b9ea2577fb53f186e35942fa329257c3

Sharing

Copy URL

Twitter E-mail

General

Target

b9ea2577fb53f186e35942fa329257c3
Size

1.4MB
MD5

b9ea2577fb53f186e35942fa329257c3
SHA1

2447bc58c6ce5d320f5f2a0378a6ad091697d1b2
SHA256

6eec4f2363d1393678a6862411f4f464bdc418e57c45946af016ce8b14010c80
SHA512

6973744342c8abd48232a57dd4d9b3c9430b443e7eab64da7c2800fa3b986b6b017daaecd0ec4bcf2ba817e5e01b5e9775f2db2d62f31301547e6e05eb519164
SSDEEP

24576:yuEmh/Edz8NjO4XXmTPVvO9s2PWlhObcQHCh/QFgA:v/ECI4HmTPVvOS2OlhVQih/QF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9ea2577fb53f186e35942fa329257c3

Files

b9ea2577fb53f186e35942fa329257c3
.exe windows:10 windows x64 arch:x64

c436e1e9d93384ded0a3550de7a5c996

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

setlocale
___lc_collate_cp_func
swscanf
bsearch
wcstok
towupper
_wtol
wcschr
iswxdigit
??0bad_cast@@QEAA@PEBD@Z
iswspace
___mb_cur_max_func
_set_errno
realloc
_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
??1bad_cast@@UEAA@XZ
_unlock
??0bad_cast@@QEAA@AEBV0@@Z
_get_errno
_wcslwr_s
?terminate@@YAXXZ
vswprintf_s
_commode
_free_locale
_get_current_locale
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
qsort
exit
__set_app_type
__getmainargs
wcspbrk
_amsg_exit
_XcptFilter
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
__crtLCMapStringW
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
__crtCompareStringW
calloc
memset
strncmp
_wcsdup
wcsncpy_s
malloc
wcscat_s
wcscpy_s
_lock
__C_specific_handler
wcsncmp
_wcsnicmp
free
abort
memcmp
strchr
_vscwprintf
wcsstr
_wcsicmp
__pctype_func
wcstol
memmove_s
___lc_codepage_func
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
memmove
_vsnwprintf
___lc_handle_func
wcscmp

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FindStringOrdinal
FreeLibraryAndExitThread
GetModuleHandleExW
SizeofResource
GetModuleHandleW
LoadStringW
GetModuleFileNameW
FreeLibrary
LockResource
GetModuleFileNameA
LoadResource
FindResourceExW
GetProcAddress

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetFileAttributesW
FindClose
GetLogicalDrives
GetFileAttributesExW
FindNextVolumeW
SetFileTime
FindFirstFileExW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
FindFirstVolumeW
CreateFileW
FindFirstFileW
FindNextFileW
GetFileTime
FindVolumeClose
GetVolumeInformationW
DeleteFileW
CompareFileTime

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceInitialize
Sleep
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetPriorityClass
TerminateProcess
GetStartupInfoW
GetCurrentThread
GetCurrentProcessId
OpenProcessToken
TlsFree
GetCurrentProcess
CreateThread

api-ms-win-core-synch-l1-1-0

SetEvent
ReleaseSRWLockExclusive
OpenEventW
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateMutexW
InitializeSRWLock
CreateEventW
OpenSemaphoreW
ReleaseMutex
CreateSemaphoreExW
CreateEventExW
EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapSetInformation
HeapReAlloc
HeapDestroy
HeapSize
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode

api-ms-win-core-com-l1-1-0

CoMarshalInterface
CoInitializeSecurity
CoRevokeClassObject
CoImpersonateClient
CoRevertToSelf
CLSIDFromString
StringFromGUID2
CoInitializeEx
CoTaskMemRealloc
IIDFromString
CoRegisterClassObject
CoGetMalloc
CoTaskMemAlloc
PropVariantClear
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance
CoWaitForMultipleHandles
CoGetApartmentType
CoUninitialize

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef
SHSetThreadRef
SHCreateThreadRef

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

CreateThreadpool
SetThreadpoolTimer
CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns
CallbackMayRunLong
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
CloseThreadpoolWork
CloseThreadpool
CreateThreadpoolTimer
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
CreateThreadpoolWork

ntdll

RtlGetPersistedStateLocation
RtlIsStateSeparationEnabled
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
NtOpenFile
RtlNtStatusToDosError
RtlInitUnicodeString
RtlQueryPackageClaims

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegGetKeySecurity
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyExW
RegQueryValueExW
RegSetValueExW
RegGetValueW
RegEnumValueW
RegOpenKeyExW
RegDeleteTreeW
RegCloseKey

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount
GetVersionExA
GetSystemDirectoryW

api-ms-win-core-localization-l1-2-0

GetNLSVersionEx
FormatMessageW
GetSystemDefaultLCID
LCMapStringW
GetLocaleInfoW
GetSystemPreferredUILanguages
LocaleNameToLCID
ResolveLocaleName

oleaut32

LoadRegTypeLi
VarUI4FromStr
VariantInit
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
VarBstrCat
SysStringLen
SysAllocStringLen
VariantClear
SafeArrayGetUBound
SysFreeString
SysAllocString
SafeArrayDestroy
SafeArrayGetElement

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindNextComponentW
PathIsRootW
PathFileExistsW
PathStripToRootW
PathIsUNCServerW
PathIsUNCW
PathAppendW
PathCanonicalizeW
PathRemoveBackslashW
PathIsUNCServerShareW
PathSkipRootW
PathAddBackslashW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
CompareStringOrdinal
CompareStringW
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
SetEnvironmentVariableW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventWriteTransfer
EventEnabled
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW
SHCopyKeyW
SHGetValueW
SHSetValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

tquery

ciNewNoThrow
ciNew
ciDelete

shcore

SHStrDupW
ord1

mssrch

??0CSearchServiceObj@@QEAA@XZ
??1CSearchServiceObj@@QEAA@XZ
?Cleanup@CSearchServiceObj@@SAXXZ
?GetFileChangeClientManagerInstance@@YA?AV?$shared_ptr@UIFileChangeClientManager@ChangeTracking@Windows@@@std@@XZ

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNICW
StrStrIW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-service-core-l1-1-1

EnumDependentServicesW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Sections

.text
Size: 551KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 404KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c436e1e9d93384ded0a3550de7a5c996

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-threadpool-l1-2-0

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-localization-l1-2-0

oleaut32

api-ms-win-core-debug-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-apiquery-l1-1-0

tquery

shcore

mssrch

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-service-core-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-util-l1-1-0

Sections

.text Size: 551KB - Virtual size: 550KB

.rdata Size: 242KB - Virtual size: 241KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 36KB - Virtual size: 36KB

.didat Size: 1024B - Virtual size: 768B

.rsrc Size: 191KB - Virtual size: 191KB

.reloc Size: 404KB - Virtual size: 1.1MB

.text
Size: 551KB - Virtual size: 550KB

.rdata
Size: 242KB - Virtual size: 241KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 36KB - Virtual size: 36KB

.didat
Size: 1024B - Virtual size: 768B

.rsrc
Size: 191KB - Virtual size: 191KB

.reloc
Size: 404KB - Virtual size: 1.1MB