123c6e3e2852793f8398736b15ffe8dcc5a4acca0dc6395a13d99d23bedb08c7

Sharing

Copy URL Twitter E-mail

General

Target

123c6e3e2852793f8398736b15ffe8dcc5a4acca0dc6395a13d99d23bedb08c7
Size

8.7MB
MD5

bb410295fc75d62b14bdd453d1bf0ec9
SHA1

41c8676460d794a10ad3a9121b35dcba83a52171
SHA256

123c6e3e2852793f8398736b15ffe8dcc5a4acca0dc6395a13d99d23bedb08c7
SHA512

309c1d0c61db095cea7aebe56a3b48dc358dd46331893e0b1ad38d620d1c2ed5c4af221e5cbd569d1add1942cb0fa4578aeaea0609d9974d2b0ead01f01a496f
SSDEEP

98304:vnj9Ol3K44oplmVKVckLKSQtWP+aBsuoTv74rBGqx9m1iQhmBvSYrr6UWe1:fjK4+lm/OKSQtO+YSTv74T9+ha0e1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
123c6e3e2852793f8398736b15ffe8dcc5a4acca0dc6395a13d99d23bedb08c7

Files

123c6e3e2852793f8398736b15ffe8dcc5a4acca0dc6395a13d99d23bedb08c7
.exe windows:6 windows x64 arch:x64

f5267a6f1f7711ccff6988a95cdf791f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
GetConsoleScreenBufferInfo
GetStdHandle
SetFileCompletionNotificationModes
InitializeCriticalSection
InitializeSRWLock
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetHandleInformation
CreateEventA
ReleaseMutex
ResetEvent
GetVersionExA
SetEnvironmentVariableW
GetEnvironmentVariableW
ReadFile
GetFileSize
SetFilePointer
SetEndOfFile
RemoveDirectoryW
GetLongPathNameW
GetLogicalDriveStringsW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
lstrcmpiW
ExitThread
SetUnhandledExceptionFilter
GetComputerNameW
GetThreadTimes
GetThreadId
GetFirmwareEnvironmentVariableW
GetCurrentDirectoryW
GetModuleHandleExW
GetModuleFileNameA
DecodePointer
DebugBreak
LoadLibraryExW
WaitForMultipleObjects
CreateEventW
SetEvent
TlsFree
GetProcessHeap
FindResourceExW
TlsSetValue
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
WakeConditionVariable
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
SwitchToThread
WaitForSingleObjectEx
IsProcessorFeaturePresent
SleepConditionVariableSRW
WakeAllConditionVariable
QueryPerformanceFrequency
LCMapStringEx
TryAcquireSRWLockShared
ResumeThread
ReleaseSRWLockShared
GetLocaleInfoEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CreateDirectoryExW
AreFileApisANSI
GetTempPathW
SetFileTime
SetFileInformationByHandle
SetFileAttributesW
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileAttributesExW
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetStringTypeW
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FormatMessageA
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
K32GetPerformanceInfo
GetVersionExW
GetWindowsDirectoryA
LoadResource
LockResource
SizeofResource
FindResourceW
FreeLibraryAndExitThread
ExitProcess
GetFileType
SetConsoleCtrlHandler
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
HeapQueryInformation
WriteConsoleW
SetDllDirectoryW
GetExitCodeProcess
CreateProcessW
GetConsoleWindow
TerminateProcess
GetProcessTimes
Heap32ListNext
Heap32ListFirst
CreateToolhelp32Snapshot
K32GetMappedFileNameW
GetNativeSystemInfo
lstrcmpW
VirtualQuery
GlobalMemoryStatusEx
SetPriorityClass
GetCurrentThread
GetModuleFileNameW
GetDriveTypeW
TerminateJobObject
QueryInformationJobObject
GetWindowsDirectoryW
GetSystemDirectoryW
QueryDosDeviceW
GetLogicalDrives
WriteFile
WriteProcessMemory
ReadProcessMemory
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FormatMessageW
LocalFree
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
DeleteFileW
lstrlenW
GetProcessIdOfThread
OpenThread
GetExitCodeThread
GetProcessAffinityMask
SetThreadAffinityMask
CreatePipe
SetConsoleTextAttribute
RtlUnwind
AcquireSRWLockShared
GetActiveProcessorCount
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentThreadId
FindFirstFileExW
VirtualQueryEx
Module32NextW
Module32FirstW
GetTickCount64
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
Process32FirstW
SetLastError
Process32NextW
VerifyVersionInfoW
CloseHandle
GetCurrentProcessId
FreeResource
GetProcessId
GetSystemInfo
QueryPerformanceCounter
GetModuleHandleW
GlobalLock
GlobalUnlock
GlobalAlloc
QueryFullProcessImageNameW
IsWow64Process
GetPriorityClass
WaitForSingleObject
K32EnumProcessModulesEx
IsProcessInJob
K32GetModuleFileNameExW
CopyFileW
CreateThread
SetThreadPriority
TerminateThread
MulDiv
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
lstrcpyW
GetCurrentProcess
Sleep
CreateFileW
DuplicateHandle
FreeLibrary
GetProcAddress
DeviceIoControl
LoadLibraryW
HeapCreate
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetFileSizeEx
HeapSize
OpenProcess
CreateDirectoryW
CreateMutexW
RaiseException

user32

GetDlgItem
MoveWindow
ShowWindow
CreateWindowExW
RedrawWindow
SetWindowTextW
SetWindowLongW
LoadImageW
GetClassInfoExW
RegisterClassExW
SetCursor
GetKeyState
GetCapture
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetGuiResources
GetSystemMetrics
InvalidateRect
SetDlgItemInt
DestroyWindow
IsWindow
DefWindowProcW
GetCursorPos
MessageBoxW
TrackPopupMenu
GetSubMenu
DestroyMenu
LoadMenuW
LoadCursorW
IsWindowVisible
CheckMenuRadioItem
SetWindowLongPtrW
GetClientRect
GetWindowRect
MapWindowPoints
GetWindowLongW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowLongPtrW
SetScrollPos
OffsetRect
GetSysColor
GetScrollPos
ScreenToClient
EndPaint
BeginPaint
SetMenuDefaultItem
SetMenuItemInfoW
EndDialog
SetWindowPos
EnumDesktopWindows
GetMenuItemInfoW
SetScrollRange
EnumDesktopsW
EnumWindows
EnumChildWindows
GetDesktopWindow
IsZoomed
IsIconic
UnregisterClassW
GetClassLongPtrW
SendMessageTimeoutW
DestroyIcon
GetWindowThreadProcessId
FrameRect
GetSysColorBrush
WindowFromPoint
GetMenuItemID
LoadAcceleratorsW
CharNextW
CharLowerW
DispatchMessageW
TranslateMessage
GetMessageW
DrawFrameControl
ClientToScreen
SetActiveWindow
GetFocus
IsWindowEnabled
SetDlgItemTextA
AdjustWindowRectEx
GetAncestor
DestroyAcceleratorTable
IsClipboardFormatAvailable
GetClipboardData
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
wsprintfW
FindWindowW
SetForegroundWindow
SetMenuInfo
SystemParametersInfoW
IsDialogMessageW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetRectEmpty
SetCursorPos
GetWindowDC
UpdateWindow
DeleteMenu
ModifyMenuW
GetMenuStringW
GetMenu
TranslateAcceleratorW
GetDlgCtrlID
BringWindowToTop
IsMenu
GetMessagePos
DrawEdge
InflateRect
DrawTextW
GetScrollInfo
SetScrollInfo
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
LoadStringW
SetFocus
AdjustWindowRect
FillRect
DefMDIChildProcW
SetDlgItemTextW
GetDialogBaseUnits
CreateCaret
SetWindowTextA
GetActiveWindow
LoadStringA
PeekMessageW
PostQuitMessage
CreateDialogParamW
ReleaseDC
GetDC
CallWindowProcW
PostMessageW
GetWindowTextLengthW
GetWindowTextW
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
EnableWindow
EnableMenuItem
DialogBoxParamW
LockWindowUpdate
SetLayeredWindowAttributes
TrackMouseEvent
RegisterWindowMessageW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MonitorFromPoint
GetClassNameW
PtInRect
MessageBeep
TrackPopupMenuEx
CreatePopupMenu
GetMenuItemCount
AppendMenuW
RemoveMenu
SendMessageW
FlashWindowEx
SetCaretBlinkTime

gdi32

DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
LineTo
SelectObject
SetBrushOrgEx
GetNearestColor
CreatePen
CreateSolidBrush
GetObjectW
CreateDIBSection
PatBlt
CreatePatternBrush
CreateBitmap
DPtoLP
PolyTextOutW
GetDeviceCaps
CreateFontIndirectW
TextOutW
GetTextExtentPoint32W
GetCurrentObject
SetDCPenColor
SetDCBrushColor
Rectangle
GetStockObject
ExtTextOutW
ExtTextOutA
MoveToEx
GetTextMetricsW
SetTextAlign
SetTextColor
SetBkMode
SetBkColor
DeleteDC

comdlg32

GetSaveFileNameW
ReplaceTextW
ChooseColorW
ChooseFontW
GetOpenFileNameW
FindTextW

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
ConvertStringSidToSidW
PrivilegeCheck
LookupPrivilegeNameW
LookupPrivilegeDisplayNameW
SetTokenInformation
IsWellKnownSid
CreateProcessWithTokenW
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx
LsaOpenPolicy
LookupPrivilegeValueW
AdjustTokenPrivileges
StartTraceW
ProcessTrace
CloseTrace
TraceSetInformation
ControlTraceW
OpenTraceW
GetSidSubAuthorityCount
ChangeServiceConfig2W
DeleteService
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatusEx
LookupAccountNameW
CreateServiceW
QueryServiceStatus
OpenSCManagerW
ControlService
StartServiceW
ChangeServiceConfigW
OpenServiceW
RegDeleteTreeW
RegCreateKeyExW
RegOpenKeyExW
RegCopyTreeW
CopySid
GetLengthSid
IsValidSid
ConvertSidToStringSidW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegSaveKeyExW
RegLoadMUIStringW
RegSaveKeyW
RegRestoreKeyW
LookupAccountSidW
GetTokenInformation
GetSidSubAuthority
CloseServiceHandle
GetSecurityInfo
SetKernelObjectSecurity
GetKernelObjectSecurity
RegRenameKey
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegConnectRegistryW
OpenProcessToken
RegDeleteValueW
RegCloseKey

shell32

SHGetFileInfoW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetStockIconInfo
SHGetFolderPathW
ExtractIconExW
ShellExecuteW
ShellExecuteExW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
StgOpenStorageEx
StgCreateStorageEx
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr
SysStringLen
VariantClear
VariantInit
VariantChangeType
SysAllocString

shlwapi

SHAutoComplete
StrRetToStrW
StrChrW

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw
ImageList_Create
CreateStatusWindowW
ord381
InitCommonControlsEx
ImageList_GetImageCount
ImageList_DrawIndirect

uxtheme

SetWindowTheme
EndBufferedPaint
BeginBufferedPaint
BufferedPaintUnInit
BufferedPaintInit
IsThemeActive
IsAppThemed

msimg32

GradientFill

ntdll

NtOpenSymbolicLinkObject
NtOpenMutant
NtTerminateProcess
NtGetNextThread
NtResumeProcess
NtQueryObject
NtQueryKey
NtQuerySystemInformation
NtQueryInformationProcess
NtQueryDirectoryObject
NtOpenDirectoryObject
RtlVirtualUnwind
RtlLookupFunctionEntry
NtQueryEvent
NtOpenJobObject
NtOpenIoCompletion
NtOpenSection
NtOpenFile
NtQueryInformationThread
RtlCaptureContext
NtQueryInformationWorkerFactory
RtlIpv4AddressToStringW
NtQueryTimer
NtQueryMutant
RtlIpv6AddressToStringW
NtSuspendProcess
RtlNtStatusToDosError
NtQuerySymbolicLinkObject
NtQuerySemaphore
NtQuerySection
NtCreateKey
NtOpenEventPair
NtOpenSemaphore
NtOpenKey
NtOpenEvent

fltlib

FilterFindClose
FilterFindFirst
FilterFindNext

setupapi

SetupDiLoadDeviceIcon
SetupDiGetClassImageIndex
SetupDiGetClassImageList
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsExW
SetupDiGetClassPropertyKeys
SetupDiGetClassDescriptionExW

version

VerQueryValueW
GetFileVersionInfoW

ws2_32

sendto
send
recvfrom
recv
listen
getsockopt
getsockname
getpeername
ioctlsocket
connect
setsockopt
bind
accept
htons
gethostname
freeaddrinfo
getaddrinfo
ntohl
inet_addr
getservbyname
ntohs
shutdown
WSAGetLastError
WSARecv
socket
WSAStartup
WSARecvFrom
WSASend
WSASendTo
WSAIoctl
__WSAFDIsSet
select
closesocket
getnameinfo
WSACleanup

api-ms-win-eventing-tdh-l1-1-0

TdhFormatProperty
TdhGetPropertySize
TdhGetEventInformation
TdhGetEventMapInformation

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

iphlpapi

GetOwnerModuleFromUdpEntry
GetExtendedUdpTable
GetOwnerModuleFromTcpEntry
GetOwnerModuleFromTcp6Entry
GetExtendedTcpTable
GetOwnerModuleFromUdp6Entry
GetAdaptersInfo

capstone

cs_option
cs_disasm
cs_free
cs_reg_name
cs_open

aclui

ord2

mswsock

TransmitFile

crypt32

CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertVerifyRevocation
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertGetCertificateChain
CertAddCertificateContextToStore
CertAddStoreToCollection
CertOpenSystemStoreW
PFXImportCertStore
CryptDecodeObjectEx
CertDuplicateCertificateContext
CertCreateCertificateContext
CertCompareCertificate
CertComparePublicKeyInfo
CertGetNameStringW
CertFreeCertificateChain

dbghelp

ImageNtHeader
SymGetModuleInfo64
SymLoadModuleEx
SymLoadModule64
ImageRvaToVa
SymInitialize
SymCleanup
SymSetOptions
UnDecorateSymbolName
SymFromAddr
SymGetSymFromName64
SymFromIndex
SymFromName
SymGetTypeInfo
SymGetTypeFromName

fwpuclnt

FwpmFreeMemory0
FwpmLayerGetByKey0
FwpmFilterCreateEnumHandle0
FwpmFilterDestroyEnumHandle0
FwpmEngineOpen0
FwpmFilterDeleteById0
FwpmEngineClose0
FwpmFilterEnum0

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

memcpy_
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5267a6f1f7711ccff6988a95cdf791f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

uxtheme

msimg32

ntdll

fltlib

setupapi

version

ws2_32

api-ms-win-eventing-tdh-l1-1-0

secur32

wtsapi32

iphlpapi

capstone

aclui

mswsock

crypt32

dbghelp

fwpuclnt

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 129KB - Virtual size: 182KB

.pdata Size: 230KB - Virtual size: 230KB

memcpy_ Size: 512B - Virtual size: 264B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 129KB - Virtual size: 182KB

.pdata
Size: 230KB - Virtual size: 230KB

memcpy_
Size: 512B - Virtual size: 264B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 20KB - Virtual size: 19KB