4b838ba036802f1b965a79047331d82b8b3b8c88f607a59e38dee03040830d0b

Sharing

Copy URL Twitter E-mail

General

Target

4b838ba036802f1b965a79047331d82b8b3b8c88f607a59e38dee03040830d0b
Size

534KB
MD5

6e25123d4f54e877be7603a72d101a11
SHA1

9577849ad96cadbe221fe9f3fbc40f105c369a1d
SHA256

4b838ba036802f1b965a79047331d82b8b3b8c88f607a59e38dee03040830d0b
SHA512

146d6064a8c1171a0de6231cce6b5f9359f0f5f9af380c4956bde191104418d6229e8fe7eae9a2491fcfda9adb0117bb29d8534e0d600a073bfdcb5d774a2623
SSDEEP

6144:iBSWOKNh7W1Kou076REfEwNgkOT/B4jpg/sX/2oEUD7JS/n4QC+b6x5+PS/iO6h9:0ZOKNh700PEfE8gkOz6FNxnJ1uXnh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b838ba036802f1b965a79047331d82b8b3b8c88f607a59e38dee03040830d0b

Files

4b838ba036802f1b965a79047331d82b8b3b8c88f607a59e38dee03040830d0b
.dll windows:6 windows x64 arch:x64

01c38feb19c8caa18fbf15810776c9dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetCurrentThread
OutputDebugStringW
GetVolumePathNameW
CreateHardLinkW
GetTickCount64
WaitForSingleObject
CloseHandle
GlobalSize
GlobalUnlock
GlobalLock
CreateEventW
SetEvent
ResetEvent
GlobalAlloc
GlobalFree
LoadLibraryExW
GetTickCount
lstrlenW
VerSetConditionMask
VerifyVersionInfoW
GetVersionExW
GetThreadPriority
SetThreadPriority
ResumeThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
IsDebuggerPresent
GetCurrentProcess
GetSystemTimeAsFileTime
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
DecodePointer
MoveFileExW
GetProcessHeap
GetProcAddress
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
ReleaseSRWLockExclusive
QueryPerformanceCounter
GetCurrentProcessId
DisableThreadLibraryCalls
WakeAllConditionVariable
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
RaiseException
MulDiv
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSectionEx
DeleteCriticalSection
GetLastError
GetFileAttributesW
SetLastError

user32

CopyRect
SystemParametersInfoW
ScrollWindowEx
SetScrollPos
UpdateWindow
IsIconic
MonitorFromRect
SetScrollInfo
SetRectEmpty
SetGestureConfig
CloseGestureInfoHandle
GetMenu
GetClipboardData
GetGestureInfo
CloseClipboard
OpenClipboard
AdjustWindowRect
RegisterWindowMessageW
DrawEdge
AdjustWindowRectEx
MapWindowPoints
IsRectEmpty
GetDC
MapDialogRect
IsZoomed
FillRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetDlgCtrlID
GetScrollInfo
DrawFrameControl
IsWindowVisible
GetWindowTextW
EnumThreadWindows
GetSystemMetrics
NotifyWinEvent
RedrawWindow
GetWindowPlacement
OffsetRect
InvalidateRgn
GetSysColor
CharLowerW
SetActiveWindow
GetNextDlgTabItem
CallNextHookEx
WindowFromPoint
SetWindowsHookExW
UnhookWindowsHookEx
FrameRect
InflateRect
GetMessagePos
GetWindowDC
TrackMouseEvent
ReleaseDC
DrawTextW
DestroyMenu
MonitorFromPoint
RegisterClassW
CreatePopupMenu
TrackPopupMenuEx
AppendMenuW
GetActiveWindow
GetFocus
MessageBeep
SetWindowTextW
GetDlgItem
GetMonitorInfoW
GetKeyState
PostMessageW
GetParent
CreateDialogParamW
SetTimer
SetCursor
SetCapture
KillTimer
SetFocus
GetCursorPos
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
PtInRect
ClientToScreen
IntersectRect
ScreenToClient
GetWindowRect
EnableWindow
ShowWindow
GetWindowLongW
SetWindowLongW
SetWindowPos
IsWindowEnabled
InvalidateRect
EndPaint
BeginPaint
GetClientRect
SetLayeredWindowAttributes
CallWindowProcW
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
DestroyWindow
UnregisterClassW
SendMessageW
GetWindowTextLengthW

gdi32

CreatePolygonRgn
SaveDC
LPtoDP
GetTextMetricsW
SelectObject
OffsetWindowOrgEx
RestoreDC
CreateCompatibleDC
SetWindowOrgEx
IntersectClipRect
CreateCompatibleBitmap
SetViewportOrgEx
GetDeviceCaps
CombineRgn
CreateFontIndirectW
SetDCPenColor
LineTo
MoveToEx
SetBkMode
GetObjectW
CreateRectRgnIndirect
CreateRectRgn
GetTextExtentPoint32W
GetTextColor
GetBkColor
GetCurrentObject
CreatePen
OffsetRgn
FillRgn
FrameRgn
SetDCBrushColor
BitBlt
GetStockObject
DeleteObject
ExtTextOutW
SetBkColor
SetTextColor
DeleteDC

shell32

ord74
SHQueryRecycleBinW
SHFileOperationW

oleaut32

SysAllocString
VariantClear
VariantInit

shared

PokeWindow
uGetWindowText
uShellExecute
ModalDialog_Switch
uGetOpenFileName
ModalDialog_CanCreateNew
ModalDialog_PokeExisting
uBrowseForFolder
uSetWindowText
?g_from_system@t_font_description@@SA?AU1@H@Z
?create@t_font_description@@QEBAPEAUHFONT__@@XZ
uExceptFilterProc
stricmp_utf8
uGetFileAttributes
uPrintCrashInfo_OnEvent
stricmp_utf8_ex
??0uCallStackTracker@@QEAA@PEBD@Z
??1uCallStackTracker@@QEAA@XZ
FindOwningPopup
uFormatSystemErrorMessage
GetInfiniteWaitEvent
uAddStringLower
uBugCheck
stricmp_utf8_partial
uEvalKnownFolder

msvcp140

?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z

shlwapi

SHAutoComplete

comctl32

ord413
ord410

msimg32

GradientFill

oleacc

AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipDrawLineI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen
GdipCreatePen1
GdiplusStartup
GdiplusShutdown

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
_purecall
__std_exception_copy
__std_exception_destroy
__C_specific_handler
memset
strrchr
strstr
memcpy
strchr
memmove
memcmp
__current_exception_context
_CxxThrowException
__current_exception
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_initterm_e
_initterm
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
abort
_beginthreadex
_errno

api-ms-win-crt-string-l1-1-0

strncmp
_strdup
strlen
wcsnlen
wcslen
strcmp

api-ms-win-crt-heap-l1-1-0

free
_recalloc
_expand
malloc
realloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s

api-ms-win-crt-math-l1-1-0

pow
fabs
sqrt
lround

api-ms-win-crt-utility-l1-1-0

srand
rand

uxtheme

SetWindowTheme
DrawThemeBackground
IsThemePartDefined
CloseThemeData
OpenThemeData

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
DoDragDrop

Exports

Exports

foobar2000_get_interface

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.movehcs
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01c38feb19c8caa18fbf15810776c9dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

oleaut32

shared

msvcp140

shlwapi

comctl32

msimg32

oleacc

gdiplus

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

uxtheme

ole32

Exports

Exports

Sections

.text Size: 391KB - Virtual size: 390KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 11KB - Virtual size: 15KB

.pdata Size: 24KB - Virtual size: 24KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 4KB

.movehcs Size: 1024B - Virtual size: 4KB

.text
Size: 391KB - Virtual size: 390KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 11KB - Virtual size: 15KB

.pdata
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 4KB

.movehcs
Size: 1024B - Virtual size: 4KB