23223b1aa6c3829f8ed3f0c1ff2e323f

Sharing

Copy URL Twitter E-mail

General

Target

23223b1aa6c3829f8ed3f0c1ff2e323f
Size

357KB
MD5

23223b1aa6c3829f8ed3f0c1ff2e323f
SHA1

acc0cc4c9bd30d03dc05d743bc7aa7a5fe7204ee
SHA256

d60c9aceab5a78c7331ddb2a34f26267df0b068633ec8845f5c8ad9c628a6520
SHA512

9951f9090bb5042be4cac50e9e14f68830f2dea35af3dd9cdcd63c87986cdcfd8081118ca895dd4d94acce92696b73ea10ec8a0dc208082b09c958331ebd4e26
SSDEEP

6144:M05hdIrjUn3IAxFMlgUO994Vygx2/Yj2kc6HYAbxRG+1Jm2S:M0lsChpN994Vy7YjNGq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23223b1aa6c3829f8ed3f0c1ff2e323f

Files

23223b1aa6c3829f8ed3f0c1ff2e323f
.exe windows:6 windows x64 arch:x64

c2ae82d74851f310dfb66da9b301ef7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

CreateRectRgn
CombineRgn
InvertRgn
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SelectPalette
StretchDIBits
DeleteDC
CreateDIBitmap
GetObjectW
BitBlt
GetDIBits
GetStockObject
PolyPatBlt
GdiFlush
GetNearestColor
SetDCBrushColor
SetTextColor
SetBkColor
CreateFontIndirectW
PatBlt
GetTextExtentPoint32W
CreateDCW
EnumFontFamiliesExW
SetFontEnumeration
GetTextFaceW
GetDeviceCaps
SetBkMode
GetCurrentObject
GetRegionData
GetRgnBox
PolyTextOutW
SetSystemPaletteUse
RealizePalette
GetStringBitmapW
CreateSolidBrush
GetCharWidth32W
CreateBitmap
TranslateCharsetInfo
SetBitmapBits
StretchBlt
GetBitmapBits
GetTextMetricsW
SetDIBitsToDevice

user32

SetCursor
TrackPopupMenuEx
GetKeyboardLayout
EnumDisplaySettingsW
LoadIconW
LoadImageW
RegisterClassExW
SetProcessDPIAware
NotifyWinEvent
ReleaseCapture
SetCapture
GetKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
VkKeyScanW
MapVirtualKeyW
GetClipboardData
InvalidateRect
GetCursorPos
GetClientRect
WindowFromPoint
PtInRect
ScreenToClient
LoadStringW
PostMessageW
SendMessageW
GetSystemMetrics
SetWindowLongPtrW
SendDlgItemMessageW
CheckRadioButton
GetDlgItemTextW
IsDlgButtonChecked
SendNotifyMessageW
EndDialog
DialogBoxParamW
GetWindowPlacement
DefWindowProcW
ReleaseDC
KillTimer
GetWindowLongW
ScrollDC
SetScrollInfo
SetTimer
IsIconic
DrawIcon
BeginPaint
ReuseDDElParam
SendMessageTimeoutW
CreateIconFromResourceEx
MapWindowPoints
UnpackDDElParam
ShowWindow
SetActiveWindow
GetSystemMenu
DestroyWindow
GetDC
CreateWindowExW
ClientToScreen
GetWindowRect
LoadCursorW
SetWindowPlacement
SetWindowLongW
GetMonitorInfoW
MonitorFromRect
GetCaretBlinkTime
AdjustWindowRectEx
PrivateExtractIconExW
EnterReaderModeHelper
TranslateMessageEx
ConsoleControl
SetWindowPos
SetWindowTextW
GetWindowTextW
EnableMenuItem
AppendMenuW
LoadMenuW
SetMenuItemInfoW
ToUnicodeEx
GetKeyboardState
UnhookWindowsHookEx
DispatchMessageW
GetMessageW
SetWindowsHookExW
RegisterWindowMessageW
GetWindowLongPtrW
GetKeyboardLayoutNameW
GetKeyboardLayoutNameA
ActivateKeyboardLayout
SystemParametersInfoW
DestroyIcon
CopyIcon
EndPaint

msvcrt

free
memset
memcpy
memcmp
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_vsnwprintf
wcschr
wcsncmp
wcsrchr
atoi
_itoa
memmove
malloc
_local_unwind

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIntegerToUnicodeString
RtlUnicodeToMultiByteSize
RtlInitializeCriticalSectionAndSpinCount
RtlConsoleMultiByteToUnicodeN
NtOpenKey
NtReplyWaitReceivePort
RtlExitUserProcess
ShipAssert
NtOpenDirectoryObject
NtCreatePort
NtAcceptConnectPort
RtlOpenCurrentUser
NtEnumerateValueKey
NtQueryValueKey
RtlCreateTagHeap
RtlDosSearchPath_U
NtSetInformationProcess
RtlInitCodePageTable
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlCustomCPToUnicodeN
RtlOemToUnicodeN
RtlUnicodeToOemN
RtlReAllocateHeap
RtlExitUserThread
RtlUnicodeStringToInteger
RtlInitUnicodeString
RtlGetCriticalSectionRecursionCount
NtDuplicateObject
NtSetEvent
NtClearEvent
NtCreateEvent
RtlDeleteCriticalSection
DbgPrintEx
RtlAllocateHeap
NtCreateSection
RtlFreeHeap
RtlInitializeCriticalSection
NtQueryInformationProcess
NtOpenProcess
NtVdmControl
NtReadVirtualMemory
RtlLeaveCriticalSection
RtlEnterCriticalSection
NtReplyPort
RtlCompareUnicodeString
RtlSizeHeap
NtReleaseMutant
NtWaitForSingleObject
NtCreateMutant
NtUnmapViewOfSection
NtClose
NtMapViewOfSection

api-ms-win-core-localregistry-l1-1-0

RegGetValueW

kernel32

GetEnvironmentVariableW
CreateActCtxW
GetModuleFileNameW
GetCurrentThreadId
GetLastError
CloseHandle
GetCurrentProcessId
IsValidCodePage
LockResource
LoadResource
FindResourceExW
lstrlenA
GlobalSize
GetStringTypeW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetEnvironmentVariableW
ExpandEnvironmentStringsW
Beep
GetCurrentThread
GetSystemDirectoryA
CreateFileA
GetModuleHandleW
GetOEMCP
GetACP
CreateThread
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LoadLibraryExW
FreeLibrary
ReadFile
SetFilePointer
LocalAlloc
LocalFree
LocalReAlloc
GetVersionExW
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
MultiByteToWideChar
CreateFileW
SetProcessShutdownParameters
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
WideCharToMultiByte
GetCPInfo
GetPrivateProfileStringW
lstrlenW

imm32

ImmGetCompositionStringW
ImmGetGuideLineW
ImmReleaseContext
ImmGetConversionStatus
ImmGetOpenStatus
ImmGetContext
ImmAssociateContextEx
ImmTranslateMessage
ImmAssociateContext
ImmNotifyIME
ImmGetProperty
ImmGetCandidateListW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
SysReAllocString
VariantInit

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

FE_TEXT
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jlhgxau
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2ae82d74851f310dfb66da9b301ef7e

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

kernel32

imm32

ole32

oleaut32

Sections

.text Size: 220KB - Virtual size: 220KB

FE_TEXT Size: 25KB - Virtual size: 25KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 5KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 27KB - Virtual size: 28KB

jlhgxau Size: - Virtual size: 4KB

.text
Size: 220KB - Virtual size: 220KB

FE_TEXT
Size: 25KB - Virtual size: 25KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 5KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 27KB - Virtual size: 28KB

jlhgxau
Size: - Virtual size: 4KB