491f3b757799f97fc1b23473e752a6bb

Sharing

Copy URL

Twitter E-mail

General

Target

491f3b757799f97fc1b23473e752a6bb
Size

798KB
MD5

491f3b757799f97fc1b23473e752a6bb
SHA1

b625997871c53717f709a19ac09e4198ff1fd7c3
SHA256

0cedeb5d8ccd749c1770860b66718db3a97519822e50cd31ee96b7c3b7be082d
SHA512

4b07d74e91ff1726ba9a767f6f20ce156b620fe82ddc502a0cab691900dba48b0f7c6dd3ddcb1c459c51ce0a56c31d6352f1845cb041fbf2ae861ba95129c498
SSDEEP

12288:aO8UBPnK7bjC5Ujr58G48PZJgnaR2pAKKV6zqRaLxGX3RcLbWP+pUKD3/qd5:aiBPK7bjh8VQJgaszKV62eLK23DvqD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
491f3b757799f97fc1b23473e752a6bb

Files

491f3b757799f97fc1b23473e752a6bb
.exe windows:10 windows x64 arch:x64

a85e93460c5e8e748a45a6e13a31105e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

MessageBoxW
CharNextW
GetForegroundWindow
GetAncestor
RealGetWindowClassW
GetUserObjectInformationW
OpenInputDesktop
CloseDesktop
SetProcessDPIAware
GetSystemMetrics
FindWindowW
KillTimer
SetWinEventHook
UnhookWinEvent
GetClassNameW
SendInput
GetWindowThreadProcessId
GetKeyboardLayout
MapVirtualKeyExW
MapVirtualKeyW
WaitForInputIdle
GetDlgCtrlID
GetWindow
SetTimer
PostMessageW
PostThreadMessageW
DispatchMessageW
GetMessageW
TranslateMessage
SetThreadDesktop
CharUpperW
UnregisterClassA
GetThreadDesktop

msvcrt

memcpy
memcmp
_CxxThrowException
__CxxFrameHandler3
__C_specific_handler
malloc
free
??1exception@@UEAA@XZ
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
memset
_XcptFilter
_callnewh
wcsncmp
vswprintf_s
_vscwprintf
_wtoi
iswspace
wcsrchr
towupper
_purecall
calloc
wcstol
_wcsnicmp
qsort
wcschr
_itow
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf
memcpy_s
_beginthreadex
wcsstr
_wcsicmp
memmove_s
??0exception@@QEAA@XZ
_vsnprintf_s
_amsg_exit
wcscmp

ntdll

NtQuerySystemInformation
EtwEventUnregister
EtwEventRegister
EtwEventSetInformation
EtwEventWriteTransfer
EtwEventActivityIdControl
WinSqmAddToStream
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPublishWnfStateData

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
OpenMutexW
CreateMutexW
ReleaseMutex
CreateEventW
DeleteCriticalSection
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateSemaphoreExW
OpenEventW
OpenSemaphoreW
SetEvent
WaitForSingleObjectEx
ReleaseSRWLockShared
InitializeCriticalSectionEx
WaitForMultipleObjectsEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
GetCurrentThreadId
CreateProcessAsUserW
GetCurrentThread
OpenProcessToken
TerminateProcess
OpenThreadToken
SetProcessShutdownParameters
GetStartupInfoW
GetCurrentProcess
GetExitCodeProcess
GetCurrentProcessId
CreateThread

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapDestroy
HeapAlloc
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

EqualSid
InitializeAcl
AddAce
GetAclInformation
GetSecurityDescriptorOwner
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetTokenInformation
IsValidSid
InitializeSecurityDescriptor
GetSidLengthRequired
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
DuplicateTokenEx
GetSecurityDescriptorGroup

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-psapi-l1-1-0

K32EnumProcessModules
K32EnumProcesses
K32GetModuleFileNameExW
K32GetProcessImageFileNameW
K32GetModuleBaseNameW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateFileW
GetFileTime

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

kernel32

UnregisterApplicationRestart
RegisterApplicationRestart

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a85e93460c5e8e748a45a6e13a31105e

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

ntdll

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

kernel32

api-ms-win-core-heap-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 272KB - Virtual size: 271KB

.imrsiv Size: - Virtual size: 4B

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 12KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 368B

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 400KB - Virtual size: 1.1MB

.text
Size: 272KB - Virtual size: 271KB

.imrsiv
Size: - Virtual size: 4B

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 12KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 368B

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 400KB - Virtual size: 1.1MB