f2d33482fe559c448bab412874a6b336d47532948dba7bfe6887e8b501dc0272

Sharing

Copy URL Twitter E-mail

General

Target

f2d33482fe559c448bab412874a6b336d47532948dba7bfe6887e8b501dc0272
Size

590KB
MD5

59118fce3b963fe36e632f28300fc5bb
SHA1

a1809be9a0a19bb019973a0d25a92d474e503862
SHA256

f2d33482fe559c448bab412874a6b336d47532948dba7bfe6887e8b501dc0272
SHA512

359d85e40fd4758c4b86896cc8d562f9aec653fa57c2de5fd2b61d5b970a8f252a38f1b0d325dfc9ceee4bb17b34629f8562a998bb661481c335aa3ffbf314da
SSDEEP

12288:UBmDz6R6BjLythmIsVJt2LqfYvcfMyZIRcfhEK0UhHhj/IldeC:kmDzg6BfywVJteqf/fXIRcq6NhjglUC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2d33482fe559c448bab412874a6b336d47532948dba7bfe6887e8b501dc0272

Files

f2d33482fe559c448bab412874a6b336d47532948dba7bfe6887e8b501dc0272
.exe windows:5 windows x86 arch:x86

3d16b96d6b37f2f853517ae16e480418

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sentry

sentry_options_set_group_names
sentry_init
sentry_remove_tag
sentry_capture_event
sentry_value_new_event
sentry_value_new_stacktrace
sentry_set_transaction
sentry_value_new_object
sentry_value_set_by_key
sentry_set_user
sentry_options_set_logger
sentry_handle_exception
sentry_set_tag
sentry_value_new_exception
sentry_event_add_exception
sentry_value_new_string
sentry_options_set_release
sentry_options_set_environment
sentry_options_set_auto_session_tracking
sentry_options_set_database_pathw
sentry_options_set_dsn
sentry_options_new

kernel32

GetCurrentThreadId
GetLastError
WideCharToMultiByte
OutputDebugStringA
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
LoadLibraryW
GetModuleFileNameA
GetLongPathNameA
GetFullPathNameA
LoadLibraryA
FreeLibrary
GetComputerNameExW
GetModuleFileNameW
CreateProcessW
CloseHandle
SetLastError
VerSetConditionMask
VerifyVersionInfoW
GetCurrentProcess
WaitForSingleObject
GetExitCodeProcess
SetEnvironmentVariableW
GetEnvironmentVariableW
SetErrorMode
HeapSetInformation
OpenEventW
RtlCaptureContext
GetTickCount
TerminateProcess
Sleep
GetCommandLineW
OutputDebugStringW
ExitProcess
GetModuleHandleA
SetCurrentDirectoryW
GetCommandLineA
GetModuleHandleExW
DecodePointer
ResumeThread
WriteProcessMemory
IsWow64Process
VirtualAllocEx
VirtualProtectEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
CreateMutexW
Process32NextW
OpenProcess
Process32FirstW
ReadProcessMemory
VirtualQueryEx
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
EncodePointer
IsDebuggerPresent
DeviceIoControl
SwitchToThread
GetPrivateProfileStringA
InterlockedExchange
CreateDirectoryA
GetPrivateProfileIntA
SetEndOfFile
SetFilePointer
GetFileSize
CreateFileA
lstrlenW
lstrlenA
GetSystemDirectoryW
GetFileTime
WriteFile
CreateFileW
GetFileAttributesW
InterlockedCompareExchange
MoveFileExW
GetFileAttributesExW
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
GetLongPathNameW
GetShortPathNameW
DuplicateHandle
GetFullPathNameW
VirtualQuery
OpenFileMappingW
GetCurrentProcessId
MapViewOfFile
LocalFree
UnmapViewOfFile
WaitForMultipleObjects
SystemTimeToFileTime
GetSystemTime
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
InterlockedIncrement
FindFirstFileW

user32

DestroyWindow
CreateWindowExW
RegisterClassExW
GetClassInfoExW
SetTimer
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SendNotifyMessageW
PostQuitMessage
GetWindowThreadProcessId
SetWindowLongW
GetWindowLongW
GetForegroundWindow
AllowSetForegroundWindow
DefWindowProcW
FindWindowW
MessageBoxW

advapi32

SetNamedSecurityInfoW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid
GetNamedSecurityInfoW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
GetTokenInformation
OpenProcessToken
FreeSid
CheckTokenMembership

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW
SHChangeNotify
SHGetFolderPathA
CommandLineToArgvW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathRemoveBackslashW
PathRemoveArgsW
PathUnquoteSpacesW
PathGetArgsW
PathAppendW
SHRegGetPathW
PathAddBackslashW
PathIsDirectoryW
PathCombineW
PathQuoteSpacesW
SHRegSetPathW
PathIsRelativeW
PathFileExistsW
PathCanonicalizeW
PathRelativePathToW
PathMakePrettyW
PathRemoveFileSpecW

msvcp120

?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
_Wcsxfrm
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0facet@locale@std@@IAE@I@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
_Wcscoll
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
??_7?$codecvt@_WDH@std@@6B@
??_7codecvt_base@std@@6B@
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??Bid@locale@std@@QAEIXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
_Xtime_get_ticks
??1facet@locale@std@@MAE@XZ
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

msvcr120

wcscpy_s
_wcsdup
free
_get_heap_handle
signal
strcpy_s
_vsnprintf_s
_vscprintf
wprintf_s
swprintf_s
srand
rand_s
swscanf_s
wcsstr
_wcsnicmp
?terminate@@YAXXZ
??_V@YAXPAX@Z
_wtoi
calloc
atoi
isalnum
isalpha
isdigit
longjmp
fwrite
_errno
wcstol
_wtol
__wargv
abort
malloc
realloc
_vscwprintf
_vsnwprintf_s
vswprintf_s
_stricmp
strchr
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
tolower
_wfullpath
_wfopen_s
fread
ftell
fseek
fclose
fputs
rand
printf
_waccess
towlower
_recalloc
_wtoi64
memcpy_s
isspace
memchr
_snwprintf_s
_snprintf_s
_strnset_s
strncpy_s
strncmp
memset
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__winitenv
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
__CxxFrameHandler3
wcschr
_vswprintf_c_l
wcsncpy_s
vsprintf_s
vprintf_s
isprint
_except1
_ecvt_s
_ldtest
??8type_info@@QBE_NABV0@@Z
localeconv
_wcsicmp
_purecall
sprintf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_ui64tow_s
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
_CxxThrowException
_setjmp3
memcpy
_dtest

wintrust

WinVerifyTrust

imm32

ImmDisableIME

ws2_32

ntohl
htonl

netapi32

Netbios

ole32

CoInitialize
PropVariantClear
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d16b96d6b37f2f853517ae16e480418

Headers

DLL Characteristics

File Characteristics

Imports

sentry

kernel32

user32

advapi32

shell32

version

shlwapi

msvcp120

msvcr120

wintrust

imm32

ws2_32

netapi32

ole32

oleaut32

Sections

.text Size: 293KB - Virtual size: 292KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 4KB - Virtual size: 6KB

.tls Size: 512B - Virtual size: 2B

.QMGuid Size: 512B - Virtual size: 20B

.detourd Size: 512B - Virtual size: 12B

.detourc Size: 4KB - Virtual size: 4KB

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 84KB - Virtual size: 88KB

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 4KB - Virtual size: 6KB

.tls
Size: 512B - Virtual size: 2B

.QMGuid
Size: 512B - Virtual size: 20B

.detourd
Size: 512B - Virtual size: 12B

.detourc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 84KB - Virtual size: 88KB