7128ba5d61b482cbed100c9d98987410

Sharing

Copy URL Twitter E-mail

General

Target

7128ba5d61b482cbed100c9d98987410
Size

637KB
MD5

7128ba5d61b482cbed100c9d98987410
SHA1

49aa1833a5a606d0a656f4e736978e2558083b5c
SHA256

da08762dca458353f2b9fb988f22870eb08cd2f9264e1c02e93a8dd3ca0e32e6
SHA512

b57c4f906b9d979813be8821c9d599d5ead412b0035bb03b988186aa3d8ae49832193de780c344b40ee3379ccffd7333b38848cebe96219a857ecc43fc050234
SSDEEP

12288:pPsiJAMgdVuxJLSkTNzAQqTVBZw4qvbVlQrDdWWYgeWYg955/155/AHtntZu7fJK:NsiJArdkxwiNsQiVBZuvbVlQrDKtnUJU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7128ba5d61b482cbed100c9d98987410

Files

7128ba5d61b482cbed100c9d98987410
.exe windows:6 windows x64 arch:x64

d2f5e64018770b0a6e0fdd4e68fe460e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

kernel32

GlobalUnlock
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
SetPriorityClass
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetConsoleWindow
GlobalLock
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetStdHandle
SetConsoleTextAttribute
IsProcessorFeaturePresent
GetConsoleScreenBufferInfo
SetUnhandledExceptionFilter
GlobalFree
Beep
GlobalAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CloseHandle
GetLastError
GetCurrentProcess
Sleep
CreateThread
GetCurrentThreadId
DeleteCriticalSection
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent

user32

CloseClipboard
GetClipboardData
GetCursorPos
SetCursorPos
SetClipboardData
OpenClipboard
EmptyClipboard
ReleaseCapture
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetKeyState
SendInput
UpdateWindow
RegisterClassExA
PostQuitMessage
UnregisterClassA
DestroyWindow
PeekMessageA
SetCursor
TranslateMessage
GetClientRect
CreateWindowExA
DispatchMessageA
DefWindowProcA
ShowWindow
GetAsyncKeyState

advapi32

IsValidSid
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidA

shell32

ShellExecuteA

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?uncaught_exceptions@std@@YAHXZ
?_Random_device@std@@YAIXZ
_Query_perf_frequency
?_Xinvalid_argument@std@@YAXPEBD@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

xinput1_4

ord4
ord2

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception_context
memcmp
__RTDynamicCast
memset
memchr
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
strstr
strchr
__std_type_info_name
_purecall
__std_type_info_compare
__std_terminate
__std_exception_copy
__std_exception_destroy
__current_exception

api-ms-win-crt-runtime-l1-1-0

_errno
exit
_invalid_parameter_noinfo_noreturn
_wassert
_configure_narrow_argv
_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
_aligned_free
_aligned_malloc
_callnewh

api-ms-win-crt-convert-l1-1-0

atof
strtof

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf
fread
__acrt_iob_func
__stdio_common_vfprintf
ftell
__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
fflush
fseek
__p__commode
__stdio_common_vsscanf
_wfopen
fwrite
fopen
fclose

api-ms-win-crt-string-l1-1-0

strcmp
isspace
strncpy

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-math-l1-1-0

__setusermatherr
cosf
powf
sqrtf
logf
ceil
acosf
log2
sinf
ceilf
fmodf
pow
log
floorf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2f5e64018770b0a6e0fdd4e68fe460e

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dcompiler_47

kernel32

user32

advapi32

shell32

msvcp140

winhttp

imm32

xinput1_4

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 461KB - Virtual size: 461KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 12KB - Virtual size: 22KB

.pdata Size: 20KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 461KB - Virtual size: 461KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 12KB - Virtual size: 22KB

.pdata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB