0f7389336b7075f0ad2b1ad4555773d1

Sharing

Copy URL

Twitter E-mail

General

Target

0f7389336b7075f0ad2b1ad4555773d1
Size

1.3MB
MD5

0f7389336b7075f0ad2b1ad4555773d1
SHA1

8b6868edd428fdd55d16298e4a3dfb1e8d04f640
SHA256

513b6328e59425cedbf7fe8ca5d8876ccdb77e43ea2950ea71ce588246fe3708
SHA512

9fda4e3408bd4f1f29f5b4d35986467c9bd3cf71f0d75b9dd7ef0e38d81337a153868804e7eb3775f21e197a416c1dd4defa81c858907de036c953db12aed8b2
SSDEEP

24576:Y8ZViZM9MTGqNvZT/yveodXSyHsqzWQqdiVl607Qjc:Y8XiZMu/xj1oVdsqz0d0l6Vc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f7389336b7075f0ad2b1ad4555773d1

Files

0f7389336b7075f0ad2b1ad4555773d1
.exe windows:10 windows x64 arch:x64

59458795a99b893a748fe57ffa878250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Cnd_wait
?_Throw_C_error@std@@YAXH@Z
_Cnd_init
_Mtx_init
_Cnd_do_broadcast_at_thread_exit
_Mtx_lock
_Cnd_signal
_Thrd_start
_Mtx_unlock
_Mtx_destroy
_Cnd_destroy
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-private-l1-1-0

_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
memmove
_o__get_initial_wide_environment
_o__wtoi64
_o_exit
_o_free
_o_getc
_o_malloc
_o_terminate
_o_wcscpy_s
_o_wcstof
_o_wcstoul
__C_specific_handler
_CxxThrowException
_o__fpclass
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler3
memcmp
memcpy
__std_type_info_compare
wcsrchr

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
FindStringOrdinal
LoadLibraryExA
FreeLibrary
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
SleepEx
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSemaphore
CreateEventW
CreateMutexW
InitializeSRWLock
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObjectEx
CreateEventExW
SetEvent
ResetEvent
TryAcquireSRWLockExclusive
OpenSemaphoreW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
GetProcessId
GetProcessTimes
GetCurrentProcess
CreateThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CompareObjectHandles
CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
IsThreadpoolTimerSet
CloseThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Get_Device_Interface_List_SizeW
CM_Locate_DevNodeW
CM_Get_Device_Interface_ListW
CM_Open_DevNode_Key
CM_Unregister_Notification
CM_Get_Device_Interface_PropertyW
CM_Get_DevNode_Status

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend
PathCchSkipRoot

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-file-l1-1-0

WriteFile
FindClose
GetFileAttributesExW
DeleteFileW
ReadFile
RemoveDirectoryW
FindFirstFileExW
FindNextFileW
CreateDirectoryW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoSetProxyBlanket
CoTaskMemFree
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CLSIDFromString
CoCreateInstance
CoCreateGuid

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
ControlTraceW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTime
GetWindowsDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-eventing-consumer-l1-1-0

CloseTrace

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW

api-ms-win-service-management-l1-1-0

StartServiceW
CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-service-core-l1-1-1

QueryServiceDynamicInformation

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

NtQueryInformationProcess
RtlIsStateSeparationEnabled
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlUnsubscribeWnfNotificationWaitForCompletion

ext-ms-win-resourcemanager-gamemode-l1-2-0

RmGameModeGetLargestValidResourceRequest
RmGameModeUnregisterProcess
RmGameModeRegisterProcess
RmGameModeInitializeResourceRequest

ext-ms-win-resourcemanager-gamemode-l1-2-1

RmGameModeRegisterProcessById

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-crt-math-l1-1-0

tanf
sqrtf

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegEnumValueW
RegGetValueW

oleaut32

SysFreeString
SysAllocString

api-ms-win-security-base-l1-1-0

AllocateLocallyUniqueId
RevertToSelf
GetTokenInformation
CheckTokenMembership
DuplicateTokenEx
ImpersonateLoggedOnUser

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-memory-l1-1-1

MapViewOfFileFromApp
CreateFileMappingFromApp

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualProtect
VirtualQuery

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetProcessImageFileNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

rpcrt4

RpcBindingVectorFree
I_RpcBindingInqLocalClientPID
RpcEpRegisterW
RpcImpersonateClient
NdrServerCallAll
RpcServerUnregisterIfEx
RpcEpUnregister
NdrServerCall2
RpcServerRegisterIf3
RpcServerUseProtseqW
RpcServerInqBindings
RpcRevertToSelf

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-winsvc-l1-1-0

OpenSCManagerA

api-ms-win-core-kernel32-legacy-l1-1-5

SetThreadExecutionState

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-security-accesshlpr-l1-1-0

FreeTransientObjectSecurityDescriptor
QueryTransientObjectSecurityDescriptor

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-appmodel-state-l1-2-0

CloseState
GetStateSettingsFolder
OpenStateExplicit

powrprof

PowerSetAlsBrightnessOffset

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

spectrumsyncclient

SpectrumSyncJoinFrameRendezvous

Sections

.text
Size: 671KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 404KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59458795a99b893a748fe57ffa878250

Headers

DLL Characteristics

File Characteristics

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-consumer-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-interlocked-l1-1-0

ntdll

ext-ms-win-resourcemanager-gamemode-l1-2-0

ext-ms-win-resourcemanager-gamemode-l1-2-1

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-registry-l1-1-0

oleaut32

api-ms-win-security-base-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

rpcrt4

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-service-management-l2-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-5

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-security-accesshlpr-l1-1-0

api-ms-win-security-capability-l1-1-0

api-ms-win-appmodel-state-l1-2-0

powrprof

api-ms-win-appmodel-runtime-l1-1-0

spectrumsyncclient

Sections

.text Size: 671KB - Virtual size: 670KB

.rdata Size: 239KB - Virtual size: 239KB

.data Size: 11KB - Virtual size: 16KB

.pdata Size: 30KB - Virtual size: 30KB

.text
Size: 671KB - Virtual size: 670KB

.rdata
Size: 239KB - Virtual size: 239KB

.data
Size: 11KB - Virtual size: 16KB

.pdata
Size: 30KB - Virtual size: 30KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 404KB - Virtual size: 1.1MB