File-The[.]Coffin[.]of[.]Andy[.]and[.]Leyley[.]v2[.]0[.]6_539243[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

File-The.Coffin.of.Andy.and.Leyley.v2.0.6_539243.exe
Size

20.0MB
MD5

5b2f379161b01bffc66a1611166d298d
SHA1

d3f36e3165dcefa3c63b98a9391ee10d2c278c24
SHA256

c97eefe7bd44401f62db853b13fdb4cedaa3c6fcb62e2b887ad4768ef83ec08b
SHA512

29346de9a5d6caafc4a92043c664fed7b84b1c48299bd8d3ae22053e9d1a00decb21bb2c816b9f97fe004378978dc202d48913b870734c8f1219dd899d1c3c2c
SSDEEP

393216:U4HP0bp+JK88qKOzM5qpoa+M9E3mKpigu0PKFdu9CwJsv6ttwE:+OK88qKQMGogE3mKpCuP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
File-The.Coffin.of.Andy.and.Leyley.v2.0.6_539243.exe

Files

File-The.Coffin.of.Andy.and.Leyley.v2.0.6_539243.exe
.exe windows:6 windows x86 arch:x86

d7a005f46b616b3c7d6f0a076735a779

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmGetVirtualKey
ImmGetDefaultIMEWnd

oleaut32

SysFreeString
SafeArrayPutElement
SafeArrayCreateVector
SysAllocString

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute

uxtheme

GetThemeBool
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeMargins
SetWindowTheme
GetCurrentThemeName
OpenThemeData
ord47
GetThemeInt
GetThemeEnumValue
GetThemePartSize
GetThemeColor
IsThemeActive
GetThemePropertyOrigin
IsAppThemed
GetThemeTransitionDuration
CloseThemeData

gdi32

CreateDIBSection
ChoosePixelFormat
CreateRectRgn
SelectObject
GetFontData
DeleteObject
RemoveFontResourceExW
CreateDCW
GetCharABCWidthsI
CreateFontIndirectW
GetCharABCWidthsW
SetBkMode
CombineRgn
RemoveFontMemResourceEx
GetStockObject
SelectClipRgn
GetCharABCWidthsFloatW
CreateCompatibleBitmap
EnumFontFamiliesExW
AddFontResourceExW
SetTextAlign
SetGraphicsMode
DeleteDC
GetGlyphOutlineW
GetTextMetricsW
SetPixelFormat
OffsetRgn
GetDIBits
GetRegionData
SetWorldTransform
GetOutlineTextMetricsW
DescribePixelFormat
GetObjectW
SwapBuffers
SetTextColor
CreateBitmap
CreateCompatibleDC
GetDeviceCaps
GetBitmapBits
BitBlt
GetTextExtentPoint32W
GetPixelFormat
GetTextFaceW
GdiFlush
AddFontMemResourceEx
SetLayout
ExtTextOutW

dnsapi

DnsFree
DnsQuery_W

iphlpapi

GetAdaptersAddresses
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToGuid
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid

ws2_32

WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
WSASetLastError
send
recv
getaddrinfo
WSANtohs
WSASendTo
WSANtohl
WSAAccept
WSARecv
WSARecvFrom
freeaddrinfo
WSAHtonl
getnameinfo
WSAGetLastError
setsockopt
select
listen
htons
getsockname
getpeername
closesocket
bind
__WSAFDIsSet
getsockopt
WSASocketW
WSAConnect
WSASend
ntohl
htonl
WSAIoctl

crypt32

CertGetCertificateChain
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertOpenStore
CertFreeCertificateChain
CertCloseStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertCreateCertificateContext
CertFreeCertificateContext

userenv

GetUserProfileDirectoryW

advapi32

SystemFunction036
CryptAcquireContextW
RegOpenKeyExW
RegDeleteValueW
OpenProcessToken
RegCreateKeyExW
RegDeleteKeyW
CryptExportKey
CryptDestroyHash
RegQueryValueExW
BuildTrusteeWithSidW
RegNotifyChangeKeyValue
RegSetValueExW
MapGenericMask
RegEnumValueW
CryptSignHashW
AllocateAndInitializeSid
RegEnumKeyExW
RegCloseKey
LookupAccountSidW
RegisterEventSourceW
CryptDecrypt
ReportEventW
CryptDestroyKey
CopySid
FreeSid
DeregisterEventSource
CryptCreateHash
GetLengthSid
CryptSetHashParam
RegQueryInfoKeyW
CryptReleaseContext
AccessCheck
CryptEnumProvidersW
GetNamedSecurityInfoW
CryptGetProvParam
GetSidSubAuthorityCount
GetTokenInformation
GetEffectiveRightsFromAclW
GetSidSubAuthority
RegFlushKey
CryptGetUserKey
DuplicateToken

kernel32

CreateThreadpoolWork
GetFullPathNameW
GetDateFormatW
GetOEMCP
FindClose
PeekNamedPipe
VirtualFree
QueryPerformanceFrequency
InitOnceComplete
ReleaseSRWLockExclusive
GetCurrentProcessId
InitializeConditionVariable
WaitForMultipleObjects
CreateEventW
GetFileInformationByHandle
FreeLibraryAndExitThread
InitializeSRWLock
FindFirstChangeNotificationW
TlsGetValue
GetFileAttributesW
CreateMutexA
GetUserPreferredUILanguages
FreeEnvironmentStringsW
SetStdHandle
WTSGetActiveConsoleSessionId
GetModuleHandleExW
CreateThread
SubmitThreadpoolWork
ResetEvent
SetHandleInformation
ExitThread
ReadConsoleA
ConvertFiberToThread
SystemTimeToTzSpecificLocalTime
SetErrorMode
GetThreadPriority
InitOnceBeginInitialize
GlobalFree
CopyFileW
GetFileSize
SetConsoleCtrlHandler
GetDriveTypeW
GetProcessId
IsProcessorFeaturePresent
GetCommandLineA
GetVolumeInformationW
GetLocaleInfoW
SetEnvironmentVariableW
CheckRemoteDebuggerPresent
WaitForSingleObjectEx
WakeAllConditionVariable
GetFileInformationByHandleEx
GetStdHandle
SetLastError
GetExitCodeProcess
GetTimeFormatW
SetFilePointer
OpenProcess
WriteFile
IsValidLocale
TerminateThread
AcquireSRWLockExclusive
CloseThreadpoolWork
CreateFiber
GetTickCount
SleepConditionVariableCS
WriteFileEx
GetProcAddress
InitializeCriticalSectionEx
LoadLibraryA
OpenFileMappingW
UnmapViewOfFile
FindFirstFileExW
CreateFileMappingW
IsValidCodePage
UnregisterWaitEx
GetLogicalDrives
TlsFree
SetFilePointerEx
GetSystemTime
FindNextFileW
CreateNamedPipeW
FindCloseChangeNotification
GetUserGeoID
ConvertThreadToFiber
GetStartupInfoW
GetCurrentThreadId
LCMapStringEx
GetEnvironmentStringsW
DecodePointer
FormatMessageW
LocalAlloc
ExpandEnvironmentStringsW
ReadFile
DeleteFiber
GetTimeZoneInformation
GetUserDefaultLangID
FreeLibraryWhenCallbackReturns
MoveFileW
GlobalUnlock
WaitForSingleObject
GetSystemTimeAsFileTime
InitializeCriticalSection
GetCurrentDirectoryW
GetEnvironmentVariableW
SetEndOfFile
OutputDebugStringW
MapViewOfFile
GetFileType
GetSystemDirectoryW
FlushFileBuffers
SetEvent
LoadLibraryW
DuplicateHandle
GetFileAttributesExW
CompareStringW
SetFileTime
CompareStringEx
ReadConsoleW
VirtualAlloc
GetCurrentThread
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
HeapFree
QueryPerformanceCounter
EncodePointer
EnumSystemLocalesW
RaiseException
RemoveDirectoryW
GetLocalTime
ReleaseMutex
DeleteCriticalSection
GetFileSizeEx
FindFirstFileW
HeapAlloc
GetUserDefaultLCID
ReleaseSemaphore
GetConsoleOutputCP
DeleteFileW
GlobalLock
CreateSemaphoreW
FileTimeToSystemTime
ExitProcess
SetFileAttributesW
TzSpecificLocalTimeToSystemTime
GetGeoInfoW
SystemTimeToFileTime
GetCurrentProcess
GetModuleHandleW
MultiByteToWideChar
HeapSize
GetLongPathNameW
CloseHandle
GetLastError
ConnectNamedPipe
CancelIoEx
UnhandledExceptionFilter
lstrcmpW
SetConsoleMode
GetCPInfo
TerminateProcess
GetVolumePathNamesForVolumeNameW
CreateDirectoryW
TryEnterCriticalSection
SleepEx
SetThreadPriority
CreateProcessW
IsDebuggerPresent
RegisterWaitForSingleObject
ResumeThread
LoadLibraryExW
SetUnhandledExceptionFilter
GetModuleFileNameW
TlsSetValue
InitializeSListHead
GetUserDefaultLocaleName
WakeConditionVariable
ReadFileEx
WideCharToMultiByte
lstrlenA
RtlUnwind
GetTempPathW
GetCommandLineW
GetStringTypeW
VirtualQuery
GetConsoleMode
SwitchToFiber
Sleep
LocalFree
TlsAlloc
CreateFileW
FindNextChangeNotification
SleepConditionVariableSRW
DeviceIoControl
LCMapStringW
GlobalSize
GetACP
FreeLibrary
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetTickCount64
GlobalAlloc
GetCurrencyFormatW
GetProcessHeap
WriteConsoleW
MoveFileExW
GetConsoleWindow

netapi32

NetShareEnum
NetApiBufferFree

ole32

RegisterDragDrop
CoTaskMemFree
OleIsCurrentClipboard
OleInitialize
CoUninitialize
OleGetClipboard
OleSetClipboard
ReleaseStgMedium
RevokeDragDrop
OleUninitialize
CoCreateGuid
CoGetMalloc
OleFlushClipboard
DoDragDrop
CoInitialize
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoLockObjectExternal

shell32

SHGetStockIconInfo
ShellExecuteW
SHCreateItemFromParsingName
Shell_NotifyIconGetRect
SHCreateItemFromIDList
Shell_NotifyIconW
SHGetMalloc
SHGetKnownFolderPath
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
SHGetKnownFolderIDList
ord727
SHGetFileInfoW

user32

DrawIconEx
GetCaretBlinkTime
DestroyCursor
DefWindowProcW
IsZoomed
GetQueueStatus
SendMessageW
AppendMenuW
CreateMenu
DrawMenuBar
SetWindowRgn
UnregisterPowerSettingNotification
TrackPopupMenu
InvalidateRect
MessageBoxW
UnregisterTouchWindow
GetCapture
DestroyCaret
ReleaseDC
CreateCursor
BeginPaint
GetAsyncKeyState
ReleaseCapture
GetWindowThreadProcessId
KillTimer
SetMenu
IsWindowEnabled
EnumDisplayMonitors
PeekMessageW
ChangeWindowMessageFilterEx
GetKeyboardLayout
DispatchMessageW
GetKeyboardState
RemoveMenu
EndPaint
RegisterTouchWindow
InsertMenuW
LoadCursorW
GetUserObjectInformationW
SetTimer
GetSystemMenu
MsgWaitForMultipleObjectsEx
CreatePopupMenu
IsIconic
GetKeyState
CreateCaret
MessageBeep
TranslateMessage
GetMonitorInfoW
GetDoubleClickTime
GetIconInfo
DestroyIcon
LoadImageW
SetWindowPos
AttachThreadInput
SetLayeredWindowAttributes
GetWindowTextW
GetProcessWindowStation
GetDisplayConfigBufferSizes
GetSysColorBrush
UnregisterClassW
GetWindowRect
GetWindowLongW
MoveWindow
HideCaret
GetDC
EnumWindows
GetClassInfoW
IsChild
GetParent
UpdateLayeredWindowIndirect
ToUnicode
FlashWindowEx
GetMenuItemInfoW
AdjustWindowRectEx
ToAscii
MapVirtualKeyW
GetAncestor
GetUpdateRect
GetClipboardFormatNameW
GetWindowPlacement
LoadIconW
SetCapture
DestroyWindow
FindWindowA
DestroyMenu
CloseTouchInputHandle
GetMenu
GetSysColor
GetFocus
SetCursor
CreateIconIndirect
DisplayConfigGetDeviceInfo
SetWindowPlacement
SetWindowTextW
PostThreadMessageW
GetTouchInputInfo
GetClientRect
SetFocus
TrackMouseEvent
RegisterClassW
RegisterDeviceNotificationW
UpdateLayeredWindow
MonitorFromWindow
TrackPopupMenuEx
GetKeyboardLayoutList
ShowWindow
GetMessageExtraInfo
QueryDisplayConfig
RegisterWindowMessageW
GetSystemMetrics
GetForegroundWindow
SetForegroundWindow
GetWindow
WindowFromPoint
IsTouchWindow
GetCursorInfo
ModifyMenuW
RegisterPowerSettingNotification
SetClipboardViewer
SetWindowLongW
GetDesktopWindow
MonitorFromPoint
IsWindowVisible
SystemParametersInfoW
RegisterClipboardFormatW
PostMessageW
IsHungAppWindow
GetCursorPos
CreateWindowExW
ScreenToClient
GetCursor
ChangeClipboardChain
RegisterClassExW
SetMenuItemInfoW
RealGetWindowClassW
ChildWindowFromPointEx
EnumDisplayDevicesW
SetCursorPos
IsWindow
CharNextExA
UnregisterDeviceNotification
ShowCaret
SetParent
ClientToScreen
SetCaretPos
EnableMenuItem

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeSetEvent
timeKillEvent
PlaySoundW

bcrypt

BCryptGenRandom

Exports

Exports

??$nativeInterface@UQWGLContext@QNativeInterface@@@QOpenGLContext@@QBEPAUQWGLContext@QNativeInterface@@XZ

Sections

.text
Size: 16.0MB - Virtual size: 16.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7a005f46b616b3c7d6f0a076735a779

Headers

DLL Characteristics

File Characteristics

Imports

imm32

oleaut32

wtsapi32

dwmapi

uxtheme

gdi32

dnsapi

iphlpapi

ws2_32

crypt32

userenv

advapi32

kernel32

netapi32

ole32

shell32

user32

version

winmm

bcrypt

Exports

Exports

Sections

.text Size: 16.0MB - Virtual size: 16.0MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 89KB - Virtual size: 151KB

.qtmetad Size: 2KB - Virtual size: 1KB

.qtmimed Size: 326KB - Virtual size: 325KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 387KB - Virtual size: 387KB

.text
Size: 16.0MB - Virtual size: 16.0MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 89KB - Virtual size: 151KB

.qtmetad
Size: 2KB - Virtual size: 1KB

.qtmimed
Size: 326KB - Virtual size: 325KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 387KB - Virtual size: 387KB