400df7035088206b0204c1a791155063

Sharing

Copy URL Twitter E-mail

General

Target

400df7035088206b0204c1a791155063
Size

214KB
MD5

400df7035088206b0204c1a791155063
SHA1

f789a501097de13f85433a2c716b1b2702a71158
SHA256

73bedf66a3c0fee54d1a11f64e4073aada53963fb5f3dd583e69672b4fab7dbb
SHA512

9812e88ef6f4e67abdc372750013461092b9b0874ff10f3b98279302cb6dc2565621511c6a5fa6cd4900a0b9ab1573eff598c85001f0193d3313f4bebc89b247
SSDEEP

3072:Q+OLS3Mc1mEiHEGAm0aSjpC+zHzAFS5q9C4fbvs1B1HsWIxg:Q1cRd3akpC+TEFNChB1Hs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
400df7035088206b0204c1a791155063

Files

400df7035088206b0204c1a791155063
.exe windows:6 windows x86 arch:x86

89cefd8464501ed3c23895ae7cbf03d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExW
RegisterClassW
UnregisterClassW
ShowWindow
UpdateWindow
DispatchMessageW
LoadStringW
ShutdownBlockReasonCreate
PostQuitMessage
DefWindowProcW
GetMonitorInfoW
AllowSetForegroundWindow
GetAncestor
MsgWaitForMultipleObjects
PeekMessageW
PostMessageW
EnumThreadWindows
MessageBoxW
GetWindowThreadProcessId
TranslateMessage
EnumWindows
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
SetCursor
LoadCursorW
DestroyWindow
EnableWindow
IsWindow

msvcrt

memmove_s
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
??0exception@@QAE@XZ
wcsncmp
wcschr
memset
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_vsnwprintf
_wtol
iswdigit
memcpy
_wcsicmp
malloc
memcpy_s
fclose
fflush
fputws
fopen_s
calloc
_wcsnicmp
wcsrchr
_wsplitpath_s
rand
srand
wcscat_s
??1type_info@@UAE@XZ
_unlock
__p__fmode
__set_app_type
_CxxThrowException
_purecall
free
__p__commode
__setusermatherr
_amsg_exit
_initterm
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_controlfp

ntdll

NtSetInformationProcess
EtwEventRegister
EtwEventActivityIdControl
EtwEventEnabled
EtwEventWriteTransfer
EtwEventWrite
EtwEventUnregister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwTraceMessage

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
CreateFileW
ReadFile
GetFileSizeEx
FileTimeToLocalFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSetInformation
GetProcessHeap
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
HeapSize

api-ms-win-core-interlocked-l1-1-0

InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryExA
GetModuleHandleA
LoadLibraryExW

api-ms-win-core-misc-l1-1-0

LocalFree
lstrlenW
Sleep

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

SetProcessShutdownParameters
SetThreadPriority
GetCurrentThread
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateThread
GetThreadPriority
GetExitCodeProcess
CreateProcessW
OpenThreadToken
ResumeThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
CreateEventW
EnterCriticalSection
SetEvent
ResetEvent
SetWaitableTimer
CancelWaitableTimer
WaitForSingleObject
InitializeCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
SystemTimeToFileTime

api-ms-win-core-threadpool-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetAclInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetSecurityDescriptorDacl
GetLengthSid
CopySid
CheckTokenMembership
MakeAbsoluteSD
GetSecurityDescriptorControl
InitializeAcl
AddAce
CreateWellKnownSid
GetSecurityDescriptorSacl

ole32

CoEnableCallCancellation
CoCancelCall
CoUninitialize
CoInitializeEx
CoDisconnectObject
CoRevertToSelf
CoImpersonateClient
CoMarshalInterface
CreateStreamOnHGlobal
CLSIDFromString
CoTaskMemFree
StringFromCLSID
IIDFromString
StringFromGUID2
CoCreateInstance
CoDisableCallCancellation
CoInitializeSecurity

oleaut32

SysReAllocString
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysStringLen
SysAllocString
SysFreeString

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcAsyncCompleteCall
RpcAsyncCancelCall
NdrAsyncClientCall
RpcStringFreeW
RpcBindingSetAuthInfoExW

kernel32

IsWow64Process
LocalAlloc
GetThreadPreferredUILanguages
SetThreadPreferredUILanguages
UnregisterWait
RegisterWaitForSingleObject
DelayLoadFailureHook
CreateWaitableTimerW
WaitForMultipleObjects
DeleteAtom
GetCurrentDirectoryW
DebugBreak
InitializeCriticalSectionAndSpinCount

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89cefd8464501ed3c23895ae7cbf03d0

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

ntdll

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-1-0

api-ms-win-security-base-l1-1-0

ole32

oleaut32

rpcrt4

kernel32

Sections

.text Size: 132KB - Virtual size: 131KB

.data Size: 44KB - Virtual size: 43KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 35KB - Virtual size: 36KB

.text
Size: 132KB - Virtual size: 131KB

.data
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 35KB - Virtual size: 36KB