69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704

Sharing

Copy URL

Twitter E-mail

General

Target

69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704
Size

1.6MB
MD5

ea4d996b472fabecc83c821342a6f2da
SHA1

3d6f8b3ea30f2da6392843b09c6a4039bda72040
SHA256

69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704
SHA512

fd44c2ad95e661fb4de273cc21a3102a8f1361f7377bd1bf6228476f3e41a3c52159d991cdedd517b139c35c102d2f8539db51b30b45c37230876824d854f40e
SSDEEP

12288:PZak9NyN+gGo3gnqYI2xsuz+dIoMfySCbne++ZgmCWJ3Mi1EesvxuAySjZF:99NyN+F0YfxzccaSL++aGJFayKZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704

Files

69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704
.exe windows:6 windows x64 arch:x64

663e30c97b0d87c28adf4f676693147f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

K32EnumProcesses
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW
ReadFile
CloseHandle
WriteFile
CreateFileW
ReadConsoleW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetSystemPowerStatus
FindFirstFileExW
FindClose
GetProcessHeap
SetFilePointerEx
FlushFileBuffers
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
GetModuleFileNameW
WideCharToMultiByte
InitializeCriticalSection
GetEnvironmentVariableW
GetLastError
CreateMutexW
Sleep
CreateThread
CreateEventW
ResetEvent
DeleteCriticalSection
WaitForSingleObject
SetEvent
EnterCriticalSection
FindNextFileW
HeapAlloc
GetTimeZoneInformation
LeaveCriticalSection
LoadLibraryExW
FreeLibrary
SetEndOfFile
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
HeapSize
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
GetStringTypeW
MultiByteToWideChar
lstrcmpiW

user32

SetTimer
PostQuitMessage
KillTimer
EnumDisplayDevicesW
EnumDisplaySettingsW
GetDisplayConfigBufferSizes
QueryDisplayConfig
CreateDialogParamW
LoadStringW
GetDesktopWindow
GetShellWindow
SetWindowPos
ShowWindow
GetClientRect
GetDC
GetWindowLongW
SetWindowLongW
UpdateLayeredWindow
ReleaseDC
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
SwitchToThisWindow
EnumDisplayMonitors
GetSystemMetrics
DefWindowProcW
GetWindowRect
keybd_event
PostMessageW
FindWindowW
MonitorFromWindow
GetForegroundWindow
RegisterWindowMessageW

gdi32

DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC

advapi32

RegQueryValueExW
GetUserNameW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetKeyValueW
RegGetValueW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitialize

imagehlp

MakeSureDirectoryPathExists

gdiplus

GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCreateStringFormat
GdipCloneStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipDrawString
GdipDrawImagePointsI
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipLoadImageFromFile
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdiplusShutdown
GdipCreateFontFamilyFromName

powrprof

PowerReadDCValueIndex
PowerGetActiveScheme
PowerReadACValueIndex

shlwapi

PathFileExistsW
StrCSpnW
PathRemoveFileSpecW

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

663e30c97b0d87c28adf4f676693147f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

imagehlp

gdiplus

powrprof

shlwapi

wtsapi32

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 4KB - Virtual size: 11KB

.pdata Size: 10KB - Virtual size: 9KB

.gfids Size: 512B - Virtual size: 476B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 166KB - Virtual size: 165KB

.reloc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 4KB - Virtual size: 11KB

.pdata
Size: 10KB - Virtual size: 9KB

.gfids
Size: 512B - Virtual size: 476B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 166KB - Virtual size: 165KB

.reloc
Size: 1.1MB - Virtual size: 1.1MB