3b90e947f9b5e1f81525b70b96d55f002561f30f96334c58be8a4cd6e2155397

Sharing

Copy URL Twitter E-mail

General

Target

3b90e947f9b5e1f81525b70b96d55f002561f30f96334c58be8a4cd6e2155397
Size

1.9MB
MD5

0170824c9cfaecf16d97f632f13e0a0f
SHA1

896b4bafa7792d6ee30ffdbf621a7781dd96c692
SHA256

3b90e947f9b5e1f81525b70b96d55f002561f30f96334c58be8a4cd6e2155397
SHA512

f36bdf9876d720f0273d933b977d15eedbd24a11f2811a99e050dcf13625a2815bfd03e6b0db667908fa3aca02fff145198e847bd4ae053a8cd837feaeb3d024
SSDEEP

24576:iMGzO8gVmzl3P86dCxxBPRd9tdHZH+S010DFCQ:8zO9yl3rCxzPn9NHzk0DF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b90e947f9b5e1f81525b70b96d55f002561f30f96334c58be8a4cd6e2155397

Files

3b90e947f9b5e1f81525b70b96d55f002561f30f96334c58be8a4cd6e2155397
.exe windows:5 windows x64 arch:x64

733bdd7d5f1c4d0b79ac8136b0a249c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

SHDeleteValueW
SHSetValueW
SHDeleteKeyW

kernel32

DecodePointer
GetSystemDefaultLangID
Sleep
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
FormatMessageW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
OpenThread
TerminateThread
SetThreadExecutionState
CloseHandle
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentVariableW
OutputDebugStringA
OutputDebugStringW
GetDriveTypeW
GetTempPathW
VerSetConditionMask
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
GetLastError
WaitForSingleObject
GetLogicalDrives
CreateProcessW
GetDiskFreeSpaceExW
VerifyVersionInfoW
GetFileSizeEx
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
FindClose
GetFileTime
SetFileTime
GetSystemTime
SystemTimeToFileTime
CreateDirectoryW
RemoveDirectoryW
CreateFileW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
ExitThread
MoveFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
HeapAlloc
HeapFree
GetFileAttributesExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetProcessHeap
GetStringTypeW
GetTimeZoneInformation
CompareStringW
LCMapStringW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
CopyFileW
SwitchToThread

user32

MessageBoxW
ExitWindowsEx
OpenClipboard
EmptyClipboard
SetClipboardData
FindWindowExW
PostMessageW
CloseClipboard

ole32

CoTaskMemFree
StringFromCLSID
CoCreateInstance

ftcore

?gMultiLanguage@@3VCMultiLanguage@@A
?TranslateString@CMultiLanguage@@QEAAPEB_WPEB_W@Z
?theCfg@@3VCCfg@@A

lum_sdk64

?brd_sdk_get_consent_choice@@YAHXZ
?brd_sdk_set_logo_link@@YAXPEAD@Z
?brd_sdk_set_choice_change_cb@@YAXP6AXH@Z@Z
?brd_sdk_init@@YAXXZ
?brd_sdk_close@@YAXXZ
?brd_sdk_set_app_name@@YAXPEAD@Z
?brd_sdk_show_consent@@YAXXZ
?brd_sdk_set_appid@@YAXPEAD@Z

wininet

InternetOpenUrlW
InternetCloseHandle
InternetOpenW

advapi32

OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueW
CheckTokenMembership
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA

shell32

ShellExecuteExW
SHFileOperationW

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

733bdd7d5f1c4d0b79ac8136b0a249c2

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

ole32

ftcore

lum_sdk64

wininet

advapi32

shell32

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 10KB - Virtual size: 17KB

.pdata Size: 21KB - Virtual size: 21KB

.gfids Size: 2KB - Virtual size: 2KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 10KB - Virtual size: 17KB

.pdata
Size: 21KB - Virtual size: 21KB

.gfids
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB