d210ecddf5ee25e56743aee5e1a3253f756093bccc9c0222c41c51cc7e068710

Sharing

Copy URL Twitter E-mail

General

Target

d210ecddf5ee25e56743aee5e1a3253f756093bccc9c0222c41c51cc7e068710
Size

590KB
MD5

17e72db1f0b601d7a08a456b35b2ce75
SHA1

ade8b534bf5546c6dada4d0129bda849748bf3e0
SHA256

d210ecddf5ee25e56743aee5e1a3253f756093bccc9c0222c41c51cc7e068710
SHA512

4d2533f2994862a602f2a72b6a7cc6e49adcb40e56dc324212c52f1b3958c5a2cc1720b2f7d48cedb14053c0e9e7b98864526984c617a7f855d25f3da381aa12
SSDEEP

12288:fBmDz6R6BjLythmIsVJt2LffYvcfMyZIRcfhEK0UWM+SSC:pmDzg6BfywVJteff/fXIRcq6nEC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d210ecddf5ee25e56743aee5e1a3253f756093bccc9c0222c41c51cc7e068710

Files

d210ecddf5ee25e56743aee5e1a3253f756093bccc9c0222c41c51cc7e068710
.exe windows:5 windows x86 arch:x86

3d16b96d6b37f2f853517ae16e480418

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sentry

sentry_options_set_group_names
sentry_init
sentry_remove_tag
sentry_capture_event
sentry_value_new_event
sentry_value_new_stacktrace
sentry_set_transaction
sentry_value_new_object
sentry_value_set_by_key
sentry_set_user
sentry_options_set_logger
sentry_handle_exception
sentry_set_tag
sentry_value_new_exception
sentry_event_add_exception
sentry_value_new_string
sentry_options_set_release
sentry_options_set_environment
sentry_options_set_auto_session_tracking
sentry_options_set_database_pathw
sentry_options_set_dsn
sentry_options_new

kernel32

GetCurrentThreadId
GetLastError
WideCharToMultiByte
OutputDebugStringA
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
LoadLibraryW
GetModuleFileNameA
GetLongPathNameA
GetFullPathNameA
LoadLibraryA
FreeLibrary
GetComputerNameExW
GetModuleFileNameW
CreateProcessW
CloseHandle
SetLastError
VerSetConditionMask
VerifyVersionInfoW
GetCurrentProcess
WaitForSingleObject
GetExitCodeProcess
SetEnvironmentVariableW
GetEnvironmentVariableW
SetErrorMode
HeapSetInformation
OpenEventW
RtlCaptureContext
GetTickCount
TerminateProcess
Sleep
GetCommandLineW
OutputDebugStringW
ExitProcess
GetModuleHandleA
SetCurrentDirectoryW
GetCommandLineA
GetModuleHandleExW
DecodePointer
ResumeThread
WriteProcessMemory
IsWow64Process
VirtualAllocEx
VirtualProtectEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
CreateMutexW
Process32NextW
OpenProcess
Process32FirstW
ReadProcessMemory
VirtualQueryEx
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
EncodePointer
IsDebuggerPresent
DeviceIoControl
SwitchToThread
GetPrivateProfileStringA
InterlockedExchange
CreateDirectoryA
GetPrivateProfileIntA
SetEndOfFile
SetFilePointer
GetFileSize
CreateFileA
lstrlenW
lstrlenA
GetSystemDirectoryW
GetFileTime
WriteFile
CreateFileW
GetFileAttributesW
InterlockedCompareExchange
MoveFileExW
GetFileAttributesExW
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
GetLongPathNameW
GetShortPathNameW
DuplicateHandle
GetFullPathNameW
VirtualQuery
OpenFileMappingW
GetCurrentProcessId
MapViewOfFile
LocalFree
UnmapViewOfFile
WaitForMultipleObjects
SystemTimeToFileTime
GetSystemTime
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
InterlockedIncrement
FindFirstFileW

user32

DestroyWindow
CreateWindowExW
RegisterClassExW
GetClassInfoExW
SetTimer
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SendNotifyMessageW
PostQuitMessage
GetWindowThreadProcessId
SetWindowLongW
GetWindowLongW
GetForegroundWindow
AllowSetForegroundWindow
DefWindowProcW
FindWindowW
MessageBoxW

advapi32

SetNamedSecurityInfoW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid
GetNamedSecurityInfoW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
GetTokenInformation
OpenProcessToken
FreeSid
CheckTokenMembership

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW
SHChangeNotify
SHGetFolderPathA
CommandLineToArgvW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathRemoveBackslashW
PathRemoveArgsW
PathUnquoteSpacesW
PathGetArgsW
PathAppendW
SHRegGetPathW
PathAddBackslashW
PathIsDirectoryW
PathCombineW
PathQuoteSpacesW
SHRegSetPathW
PathIsRelativeW
PathFileExistsW
PathCanonicalizeW
PathRelativePathToW
PathMakePrettyW
PathRemoveFileSpecW

msvcp120

?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
_Wcsxfrm
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0facet@locale@std@@IAE@I@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
_Wcscoll
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
??_7?$codecvt@_WDH@std@@6B@
??_7codecvt_base@std@@6B@
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??Bid@locale@std@@QAEIXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
_Xtime_get_ticks
??1facet@locale@std@@MAE@XZ
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

msvcr120

wcscpy_s
_wcsdup
free
_get_heap_handle
signal
strcpy_s
_vsnprintf_s
_vscprintf
wprintf_s
swprintf_s
srand
rand_s
swscanf_s
wcsstr
_wcsnicmp
?terminate@@YAXXZ
??_V@YAXPAX@Z
_wtoi
calloc
atoi
isalnum
isalpha
isdigit
longjmp
fwrite
_errno
wcstol
_wtol
__wargv
abort
malloc
realloc
_vscwprintf
_vsnwprintf_s
vswprintf_s
_stricmp
strchr
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
tolower
_wfullpath
_wfopen_s
fread
ftell
fseek
fclose
fputs
rand
printf
_waccess
towlower
_recalloc
_wtoi64
memcpy_s
isspace
memchr
_snwprintf_s
_snprintf_s
_strnset_s
strncpy_s
strncmp
memset
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__winitenv
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
__CxxFrameHandler3
wcschr
_vswprintf_c_l
wcsncpy_s
vsprintf_s
vprintf_s
isprint
_except1
_ecvt_s
_ldtest
??8type_info@@QBE_NABV0@@Z
localeconv
_wcsicmp
_purecall
sprintf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_ui64tow_s
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
_CxxThrowException
_setjmp3
memcpy
_dtest

wintrust

WinVerifyTrust

imm32

ImmDisableIME

ws2_32

ntohl
htonl

netapi32

Netbios

ole32

CoInitialize
PropVariantClear
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d16b96d6b37f2f853517ae16e480418

Headers

DLL Characteristics

File Characteristics

Imports

sentry

kernel32

user32

advapi32

shell32

version

shlwapi

msvcp120

msvcr120

wintrust

imm32

ws2_32

netapi32

ole32

oleaut32

Sections

.text Size: 293KB - Virtual size: 292KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 4KB - Virtual size: 6KB

.tls Size: 512B - Virtual size: 2B

.QMGuid Size: 512B - Virtual size: 20B

.detourd Size: 512B - Virtual size: 12B

.detourc Size: 4KB - Virtual size: 4KB

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 84KB - Virtual size: 88KB

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 4KB - Virtual size: 6KB

.tls
Size: 512B - Virtual size: 2B

.QMGuid
Size: 512B - Virtual size: 20B

.detourd
Size: 512B - Virtual size: 12B

.detourc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 84KB - Virtual size: 88KB