file | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file
Size

715KB
MD5

bfa0a2b457d28d8805a0658b7498c639
SHA1

5e3f58501f72d390a3faeea193c73a96a8aeda8a
SHA256

6c38c13d9baaa24d925488112a469611270f37b0508bb2dc0f7775072c7a77d9
SHA512

6b8f333dc441b17caca25bae1b2522dc12188ee502ec54e08ee77361d0f2090c57b8f90f0c6ee8a936497b684e4438bfc5e0274590c7497cdf42a2c8b267dfe9
SSDEEP

6144:nA01NdPuvxOWQSYYam57inOdRxQ7cUBmCUiJbc77ZvfuYuEdGxTC2SWf7xLUnw+V:nd25OWJYnOIShtdGxTC2+5JL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file

Files

file
.exe windows:6 windows x64 arch:x64

c4840180b074861f0ed2aebf5e99a8c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
UnregisterTraceGuids
OpenProcessToken
OpenThreadToken
GetSidLengthRequired
InitializeSid
GetTokenInformation
IsValidSid
GetSidSubAuthority
GetLengthSid
CopySid
EqualSid
RegOpenKeyW
RegCreateKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid

kernel32

LoadLibraryExW
CreateMutexW
HeapSetInformation
RegisterApplicationRestart
GetSystemDirectoryW
SetCurrentDirectoryW
ReleaseMutex
GetCurrentThread
CompareStringW
FormatMessageW
lstrcmpiW
CreateThread
ResumeThread
MulDiv
WaitForMultipleObjects
Sleep
LocalAlloc
OpenProcess
GetUserDefaultUILanguage
LoadLibraryExA
DelayLoadFailureHook
GetSystemInfo
TerminateThread
GetExitCodeThread
ResetEvent
GetQueuedCompletionStatus
SetEvent
WaitForSingleObject
PostQueuedCompletionStatus
CloseHandle
CreateIoCompletionPort
GetLastError
CreateEventW
LocalFree
ProcessIdToSessionId
GetBinaryTypeW
GetFileMUIPath
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetSystemWindowsDirectoryW
OpenEventW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
GetNativeSystemInfo
LoadLibraryA
RegSetValueExA
RegQueryValueExA
RegQueryValueExW
FindResourceA
OutputDebugStringA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
VirtualFree
lstrlenA
WideCharToMultiByte
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
ExpandEnvironmentStringsW
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetCurrentProcessId
lstrlenW
GetModuleFileNameW
LoadLibraryW
FlushInstructionCache
GetModuleHandleW
GetVersionExW
GetProcAddress
GetCurrentProcess
FreeLibrary

gdi32

CreateDIBSection
GetDeviceCaps
CreateFontIndirectW
DeleteDC
CreateCompatibleDC
GetStockObject
GetTextExtentPoint32W
SelectObject
GetObjectW
SetTextColor
SetBkMode
DeleteObject
GetTextMetricsW

user32

GetWindowLongW
GetMenu
AdjustWindowRectEx
MoveWindow
GetDC
ReleaseDC
SetFocus
IsWindowEnabled
IsWindowVisible
CreateWindowExW
GetClassInfoExW
RegisterClassExW
SetWindowLongPtrW
GetWindowLongPtrW
CallWindowProcW
GetSubMenu
LoadMenuW
GetParent
ClientToScreen
CheckMenuRadioItem
TrackPopupMenuEx
DestroyMenu
SetTimer
SetWindowPos
KillTimer
SetWindowTextW
EnableMenuItem
GetSysColorBrush
GetSysColor
SendMessageW
UnregisterClassA
GetKeyState
CharLowerBuffW
GetClassNameW
GetWindowThreadProcessId
DestroyWindow
SetActiveWindow
LoadStringW
InvalidateRect
PostMessageW
IsWindow
CharNextW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
BringWindowToTop
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetDlgItem
GetSystemMetrics
GetClientRect
EnumChildWindows
GetShellWindow
SetWindowLongW
DeleteMenu
GetProcessDefaultLayout
MonitorFromPoint
GetWindowRect
GetMonitorInfoW
MonitorFromRect
SetCursor
ShowWindow
GetFocus
GetWindowPlacement
IsIconic
IsZoomed
LockWindowUpdate
PostQuitMessage
LoadCursorW
SystemParametersInfoW
DestroyIcon
TrackMouseEvent
DefWindowProcW

msvcrt

malloc
wcscpy_s
wcscat_s
_purecall
memcpy_s
memmove_s
__RTDynamicCast
_wcsicmp
_wcsnicmp
_itow
_wtoi
iswspace
_wsplitpath_s
wcsncat_s
_beginthreadex
wcsncpy_s
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
wcsstr
memcpy
swprintf_s
exit
wcschr
_itoa
memset
__C_specific_handler
calloc
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
_callnewh
__CxxFrameHandler3
__wgetmainargs
_onexit
_lock
__dllonexit
_unlock
_errno
_resetstkoflw
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_ultow_s
wcsrchr
iswdigit
_vscwprintf
vswprintf_s
_strlwr_s
_itoa_s
_ultoa_s
_i64toa_s
_ui64toa_s
_gcvt_s
wcsnlen
_get_errno
_set_errno
_msize
strncmp
wcsncmp
_wcstoui64
_wcstoi64
wcstod
_HUGE
_fpclass
swscanf
memmove
_vsnwprintf
wcspbrk
_wcslwr
_initterm
_wcmdln
_cexit
free
realloc
_exit
_XcptFilter
_ltow
memcmp

comctl32

ImageList_LoadImageW
PropertySheetW
ImageList_Add
ImageList_Draw
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_GetIconSize
ord380
ord344
InitCommonControlsEx
ord345

ole32

CoGetClassObject
StringFromCLSID
CreateStreamOnHGlobal
PropVariantClear
OleGetClipboard
CoRevertToSelf
CoImpersonateClient
OleUninitialize
CoRevokeClassObject
CoResumeClassObjects
CoRegisterClassObject
CoInitializeSecurity
OleInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysFreeString
SysAllocStringLen
LoadRegTypeLi
LoadTypeLi
DispCallFunc
VarUI4FromStr
VariantInit
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayRedim
SafeArrayCreate
SafeArrayUnlock
SafeArrayLock
VarBstrCat
SysStringLen
VariantCopyInd
VariantCopy
GetErrorInfo
VarBstrCmp

shell32

SHGetPropertyStoreForWindow
ShellExecuteW

shlwapi

ord12
UrlEscapeW
UrlUnescapeW
SHStrDupW

rpcrt4

UuidCreateNil
RpcStringFreeA
UuidToStringA
UuidCreate
UuidIsNil
UuidFromStringA

Sections

.text
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4840180b074861f0ed2aebf5e99a8c8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

ole32

oleaut32

shell32

shlwapi

rpcrt4

Sections

.text Size: 390KB - Virtual size: 389KB

.rdata Size: 178KB - Virtual size: 177KB

.data Size: 17KB - Virtual size: 16KB

.pdata Size: 34KB - Virtual size: 33KB

.rsrc Size: 91KB - Virtual size: 92KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 390KB - Virtual size: 389KB

.rdata
Size: 178KB - Virtual size: 177KB

.data
Size: 17KB - Virtual size: 16KB

.pdata
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 91KB - Virtual size: 92KB

.reloc
Size: 4KB - Virtual size: 4KB