368929b956addf8de45952478deb94b6

Sharing

Copy URL Twitter E-mail

General

Target

368929b956addf8de45952478deb94b6
Size

706KB
MD5

368929b956addf8de45952478deb94b6
SHA1

df367c49e2f8147b42b87dabc7fb94aaaae421c8
SHA256

a49c46fa0117e7aa72fcb66c6842446243f15d4372c49a0ea10e876aa48439b0
SHA512

befb4de1217364836ab3a227d0cd8f1ff9b5049d19b842e73d765395d59485a642115a7f570e133c99a76fe6873874404d756256fc2b56a8346b0da5837ce612
SSDEEP

6144:XyWfCMuCpLSGExQ9q1l/gdcghWNfsuR9gpC1RjDksOoFOkciLktpq5XgcinfyA:XySbKpcdE3So5Xwt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
368929b956addf8de45952478deb94b6

Files

368929b956addf8de45952478deb94b6
.exe windows:6 windows x64 arch:x64

cfb853192db5238419286c8be8d976f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

PostThreadMessageW
LoadImageW
GetParent
PostMessageW
SetWindowPos
SetWindowLongW
RegisterClassExW
EndPaint
BeginPaint
DrawTextW
GetClientRect
ShowWindow
GetWindowLongPtrW
GetSysColor
LoadCursorW
SetCursor
EnableWindow
DrawIcon
LoadStringW
UpdateWindow
PostQuitMessage
RemovePropW
SetPropW
GetKeyboardLayoutList
ActivateKeyboardLayout
GetWindowRect
InvalidateRect
CallWindowProcW
DefWindowProcW
DestroyIcon
LoadIconW
SetForegroundWindow
SetActiveWindow
TranslateMessage
GetMessageA
GetMessageW
UnregisterClassW
SetTimer
SendMessageW
KillTimer
SystemParametersInfoW
ReleaseDC
GetDC
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
IsWindowUnicode
PeekMessageW
MsgWaitForMultipleObjects
GetSysColorBrush
AllowSetForegroundWindow
UnregisterClassA
CharUpperW
CharNextW
GetKeyboardLayout
GetSystemMetrics
DispatchMessageA
DispatchMessageW

msvcrt

ceil
__CxxFrameHandler3
memcpy
memcmp
_purecall
memset
__C_specific_handler
malloc
_errno
realloc
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_cexit
free
wcscpy_s
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_CxxThrowException
_callnewh
__wgetmainargs
_exit
swprintf_s
isalpha
isdigit
wcsstr
wcschr
wcscspn
wcsspn
iswspace
vswprintf_s
wcsncpy_s
memcpy_s
_wcsicmp
_wtoi
wcscat_s
memmove_s
_vsnwprintf
__RTDynamicCast
_vscwprintf
_XcptFilter

cryptsp

CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoUninitialize

comctl32

ord345
PropertySheetW

oleaut32

SysAllocStringByteLen
VarUI4FromStr
SysAllocString
RegisterTypeLi
VariantChangeType
SafeArrayDestroy
SafeArrayCreateVector
OleCreatePictureIndirect
VariantInit
VariantClear
SysFreeString
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
UnRegisterTypeLi
LoadTypeLi
SysStringLen

shell32

Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteExW

wer

WerReportSubmit
WerReportCloseHandle
WerReportSetParameter
WerReportAddFile
WerReportCreate

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW
UuidFromStringW

gdi32

TextOutW
GetTextExtentPoint32W
CreateFontIndirectW
DeleteObject
SetTextColor
SetBkMode
GetTextMetricsW
CreateFontW
LineTo
MoveToEx
GdiGradientFill
GetStockObject
RoundRect
SelectObject
CreatePen
GetDeviceCaps

dui70

?SetAccState@Element@DirectUI@@QEAAJH@Z
?SetActive@Element@DirectUI@@QEAAJH@Z
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
?Create@Button@DirectUI@@SAJPEAVElement@2@PEAKPEAPEAV32@@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?GetMaxLength@Edit@DirectUI@@QEAAHXZ
?SetMaxLength@Edit@DirectUI@@QEAAJH@Z
?Create@Element@DirectUI@@SAJIPEAV12@PEAKPEAPEAV12@@Z
?CreateParserCP@TaskPage@DirectUI@@EEAAJPEAPEAVDUIXmlParser@2@@Z
?CreateDUICP@TaskPage@DirectUI@@EEAAJPEAVHWNDElement@2@PEAUHWND__@@1PEAPEAVElement@2@PEAPEAVDUIXmlParser@2@@Z
?InitPropSheetPage@TaskPage@DirectUI@@MEAAXPEAU_PROPSHEETPAGEW@@@Z
?LoadPage@TaskPage@DirectUI@@MEAAJPEAVHWNDElement@2@PEAUHINSTANCE__@@PEAPEAVElement@2@PEAPEAVDUIXmlParser@2@@Z
?LoadParser@TaskPage@DirectUI@@MEAAJPEAPEAVDUIXmlParser@2@@Z
?OnListenedInput@TaskPage@DirectUI@@MEAAXPEAVElement@2@PEAUInputEvent@2@@Z
?OnListenedPropertyChanged@TaskPage@DirectUI@@MEAAXPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?GetClass@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?Create@FlowLayout@DirectUI@@SAJ_NIIIPEAPEAVLayout@2@@Z
?OnListenedPropertyChanging@TaskPage@DirectUI@@MEAA_NPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?OnListenerDetach@TaskPage@DirectUI@@MEAAXPEAVElement@2@@Z
?OnListenerAttach@TaskPage@DirectUI@@MEAAXPEAVElement@2@@Z
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?SetAccDesc@Element@DirectUI@@QEAAJPEBG@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?DestroyCP@TaskPage@DirectUI@@EEAAXXZ
?OnReset@TaskPage@DirectUI@@MEAA_JXZ
?SetWidth@Element@DirectUI@@QEAAJH@Z
?SetDirection@Element@DirectUI@@QEAAJH@Z
?Release@Value@DirectUI@@QEAAXXZ
?SetFontFace@Element@DirectUI@@QEAAJPEBG@Z
?SetDataEntry@PText@DirectUI@@QEAAXPEAUIDataEntry@2@@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?DUICreatePropertySheetPage@TaskPage@DirectUI@@QEAAJPEAUHINSTANCE__@@@Z
??1TaskPage@DirectUI@@UEAA@XZ
??0TaskPage@DirectUI@@QEAA@XZ
??1IDataEntry@DirectUI@@UEAA@XZ
??0IDataEntry@DirectUI@@QEAA@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnNotify@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
InitProcessPriv
InitThread
UnInitThread
UnInitProcessPriv
?PropSheet_SendMessage@TaskPage@DirectUI@@IEAA_JI_K_J@Z
??0HWNDHost@DirectUI@@QEAA@XZ
??1HWNDHost@DirectUI@@UEAA@XZ
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?Register@HWNDHost@DirectUI@@SAJXZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??1CritSecLock@DirectUI@@QEAA@XZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Initialize@HWNDHost@DirectUI@@QEAAJIIPEAVElement@2@PEAK@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?GetClassInfoPtr@HWNDHost@DirectUI@@SAPEAUIClassInfo@2@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@HWNDHost@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@HWNDHost@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z

ntdll

EtwUnregisterTraceGuids
EtwLogTraceEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel

kernel32

WaitForMultipleObjects
WriteFile
CreateFileW
GetTempFileNameW
GetFileAttributesW
GetTempPathW
GlobalUnlock
GlobalLock
GlobalAlloc
FoldStringW
HeapAlloc
HeapFree
GetProcessHeap
MulDiv
CreateProcessW
GetUserDefaultUILanguage
FreeResource
ResetEvent
SetLastError
FindResourceExW
CreateEventW
LockResource
GlobalFree
CloseHandle
WaitForSingleObject
CreateThread
SetLocaleInfoW
GetLocaleInfoW
RegisterApplicationRestart
HeapSetInformation
LocalFree
GetCommandLineW
ExpandEnvironmentStringsW
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
LoadLibraryW
FreeLibrary
OutputDebugStringA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
lstrcmpiW
lstrlenW
GetLastError
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
SetEvent
DeleteCriticalSection
GetCurrentThreadId
RaiseException
GetProcAddress
GetVersionExW
GetModuleHandleW

msvcp60

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??_D?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBGAEBV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??1_Winit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??0Init@ios_base@std@@QEAA@XZ
??0logic_error@std@@QEAA@AEBV01@@Z
??0out_of_range@std@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1out_of_range@std@@UEAA@XZ
??0out_of_range@std@@QEAA@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBDAEBV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@XZ

api-ms-win-core-localregistry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegGetValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegNotifyChangeKeyValue

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfb853192db5238419286c8be8d976f1

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

cryptsp

ole32

comctl32

oleaut32

shell32

wer

rpcrt4

gdi32

dui70

ntdll

kernel32

msvcp60

api-ms-win-core-localregistry-l1-1-0

Sections

.text Size: 284KB - Virtual size: 284KB

.data Size: 5KB - Virtual size: 7KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 371KB - Virtual size: 370KB

.reloc Size: 30KB - Virtual size: 31KB

.text
Size: 284KB - Virtual size: 284KB

.data
Size: 5KB - Virtual size: 7KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 371KB - Virtual size: 370KB

.reloc
Size: 30KB - Virtual size: 31KB