7b4c65fc81684903fdd26aac77c1459c

Sharing

Copy URL Twitter E-mail

General

Target

7b4c65fc81684903fdd26aac77c1459c
Size

760KB
MD5

7b4c65fc81684903fdd26aac77c1459c
SHA1

beacad5ca7406f1112e61b3aa14ce054818da3d0
SHA256

1421465d47501f0aa21698bfc37da71bf17b970b43fa1682baf3b3f33da62666
SHA512

51faa165aa22190d14e05845cd756767c9afc2b0651761be1b516e357cf608e5a78386924c99ff6996dc5ab0b291707fad69919b45b2811501ec9524491f78f2
SSDEEP

12288:9CR7c0QbMZlewDjuGbWEMP7xQFa99DKKOWqrU1gcbnccNkN+jTxTlZDaINqLwk:9CR7cBML6WM1QF89GKOK+cINcXDrNqUk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b4c65fc81684903fdd26aac77c1459c

Files

7b4c65fc81684903fdd26aac77c1459c
.exe windows:10 windows x64 arch:x64

caf9280eb697edad03dc40fe476dce28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

InputPersonalization.pdb

Imports

kernel32

CreateSemaphoreExW
HeapFree
SetLastError
SetPriorityClass
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
GetVersionExW
ReleaseMutex
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
OutputDebugStringW
SetEvent
GetCurrentThread
InitOnceComplete
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
RaiseException
LoadLibraryW
CreateThread
HeapSetInformation
FindResourceExW
LoadResource
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
lstrcmpiW
LoadLibraryExW
IsDebuggerPresent
SizeofResource
DecodePointer
EncodePointer
DelayLoadFailureHook
ResolveDelayLoadedAPI
FlushFileBuffers
LCMapStringW
CreateDirectoryW
GetSystemTime
SystemTimeToFileTime
OpenFileMappingW
GetStringTypeW
GetFileAttributesExW
GetOverlappedResult
CancelIo
WaitNamedPipeW
ReadFile
LocaleNameToLCID
MapViewOfFile
CreateFileMappingW
LocalFree
UnmapViewOfFile
GetFileInformationByHandle
GetFileAttributesW
LCIDToLocaleName
RegDeleteTreeW
RegCopyTreeW
CompareFileTime
FindClose
FindNextFileW
FindFirstFileW
RegDeleteKeyExW
DeleteFileW
SetFileAttributesW
CreateFileW
SetThreadPriority
WriteFile
RegEnumValueW
ExpandEnvironmentStringsW
WaitForMultipleObjects
RegQueryValueExW
RegGetValueW
RegNotifyChangeKeyValue
InitializeCriticalSectionAndSpinCount
InitOnceBeginInitialize
GetModuleFileNameA

user32

GetMessageW
CharUpperW
GetSystemMetrics
DispatchMessageW
CharNextW
UnregisterClassA
PostThreadMessageW
TranslateMessage
CreateWindowExW
DestroyWindow
SetWindowLongPtrW
SendMessageW
PostMessageW
DefWindowProcW
GetClassInfoExW
GetWindowLongPtrW
MsgWaitForMultipleObjects
PeekMessageW
OffsetRect
IsRectEmpty
GetKeyboardLayoutList
CallWindowProcW
LoadCursorW
RegisterClassExW
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
PostQuitMessage

msvcrt

_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcsncpy_s
malloc
memmove_s
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
__wgetmainargs
wcscpy_s
memcpy_s
calloc
_vsnwprintf
_resetstkoflw
__C_specific_handler
__CxxFrameHandler3
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
_errno
realloc
?terminate@@YAXXZ
_lock
_unlock
_amsg_exit
__set_app_type
exit
_exit
wcscat_s
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_cexit
memcmp
swprintf_s
wcstol
_wtoi
wcstoul
_itow
_wcstoi64
_itow_s
wcschr
_ui64tow_s
_i64tow_s
_wcsicmp
_wtoi64
wcspbrk
_wcsnicmp
_wstat64
fclose
_wfopen
fread
wcsrchr
memset
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapDestroy

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

GetStringTypeExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

imm32

ImmDisableIME
ImmDisableTextFrameService

ole32

CoMarshalInterThreadInterfaceInStream
CoRevokeClassObject
CoInitializeEx
CoTaskMemRealloc
CoSuspendClassObjects
CoInitializeSecurity
CoGetInterfaceAndReleaseStream
StringFromCLSID
CoGetClassObject
CoInitialize
CoCreateGuid
CoCreateInstance
CLSIDFromString
CoResumeClassObjects
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoUninitialize

oleaut32

RegisterTypeLi
SysFreeString
VarUI4FromStr
SysAllocString
SysStringLen
LoadTypeLi
UnRegisterTypeLi
SysAllocStringLen
VariantClear
SafeArrayDestroy
SafeArrayCreateVector
VarBstrCat
VarBstrFromI8
VarBstrCmp
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
SysStringByteLen
SysAllocStringByteLen

shell32

SHCreateDirectoryExW

shlwapi

StrRStrIW
SHCreateStreamOnFileW
PathAddBackslashW
PathStripPathW
StrChrW
PathAppendW

rpcrt4

UuidCreateSequential
UuidHash

xmllite

CreateXmlReader

elscore

MappingFreeServices
MappingRecognizeText
MappingFreePropertyBag
MappingGetServices

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

Sections

.text
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caf9280eb697edad03dc40fe476dce28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

ntdll

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

imm32

ole32

oleaut32

shell32

shlwapi

rpcrt4

xmllite

elscore

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-1

Sections

.text Size: 226KB - Virtual size: 225KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 5KB - Virtual size: 10KB

.pdata Size: 11KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 344B

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 400KB - Virtual size: 740KB

.text
Size: 226KB - Virtual size: 225KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 5KB - Virtual size: 10KB

.pdata
Size: 11KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 344B

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 400KB - Virtual size: 740KB