7d86a93742bd05048f7aa2738ed80e80

Sharing

Copy URL Twitter E-mail

General

Target

7d86a93742bd05048f7aa2738ed80e80
Size

389KB
MD5

7d86a93742bd05048f7aa2738ed80e80
SHA1

3bbdaeca1c2db333fb318e14809bcaa33ad88ac7
SHA256

fa3e06f909da506f2d33623a3e80136c2fb558ef6f127d0c96df08ebbd70df1b
SHA512

37fe59293a7805db6cfc3c51ce57443c4b9070de2a65c67f6748b3fba7fda76544cd35ebffc7317a88b858e88ddc97213dea4c7cfddf1ac39f47fb0efce8ec5e
SSDEEP

12288:/CR7c0QbMZlewDjuGbWEMP7xQFh99DKKOWqf:/CR7cBML6WM1QFT9GKON

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d86a93742bd05048f7aa2738ed80e80

Files

7d86a93742bd05048f7aa2738ed80e80
.exe windows:10 windows x64 arch:x64

caf9280eb697edad03dc40fe476dce28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

InputPersonalization.pdb

Imports

kernel32

CreateSemaphoreExW
HeapFree
SetLastError
SetPriorityClass
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
GetVersionExW
ReleaseMutex
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
OutputDebugStringW
SetEvent
GetCurrentThread
InitOnceComplete
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
RaiseException
LoadLibraryW
CreateThread
HeapSetInformation
FindResourceExW
LoadResource
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
lstrcmpiW
LoadLibraryExW
IsDebuggerPresent
SizeofResource
DecodePointer
EncodePointer
DelayLoadFailureHook
ResolveDelayLoadedAPI
FlushFileBuffers
LCMapStringW
CreateDirectoryW
GetSystemTime
SystemTimeToFileTime
OpenFileMappingW
GetStringTypeW
GetFileAttributesExW
GetOverlappedResult
CancelIo
WaitNamedPipeW
ReadFile
LocaleNameToLCID
MapViewOfFile
CreateFileMappingW
LocalFree
UnmapViewOfFile
GetFileInformationByHandle
GetFileAttributesW
LCIDToLocaleName
RegDeleteTreeW
RegCopyTreeW
CompareFileTime
FindClose
FindNextFileW
FindFirstFileW
RegDeleteKeyExW
DeleteFileW
SetFileAttributesW
CreateFileW
SetThreadPriority
WriteFile
RegEnumValueW
ExpandEnvironmentStringsW
WaitForMultipleObjects
RegQueryValueExW
RegGetValueW
RegNotifyChangeKeyValue
InitializeCriticalSectionAndSpinCount
InitOnceBeginInitialize
GetModuleFileNameA

user32

GetMessageW
CharUpperW
GetSystemMetrics
DispatchMessageW
CharNextW
UnregisterClassA
PostThreadMessageW
TranslateMessage
CreateWindowExW
DestroyWindow
SetWindowLongPtrW
SendMessageW
PostMessageW
DefWindowProcW
GetClassInfoExW
GetWindowLongPtrW
MsgWaitForMultipleObjects
PeekMessageW
OffsetRect
IsRectEmpty
GetKeyboardLayoutList
CallWindowProcW
LoadCursorW
RegisterClassExW
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
PostQuitMessage

msvcrt

_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcsncpy_s
malloc
memmove_s
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
__wgetmainargs
wcscpy_s
memcpy_s
calloc
_vsnwprintf
_resetstkoflw
__C_specific_handler
__CxxFrameHandler3
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
_errno
realloc
?terminate@@YAXXZ
_lock
_unlock
_amsg_exit
__set_app_type
exit
_exit
wcscat_s
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_cexit
memcmp
swprintf_s
wcstol
_wtoi
wcstoul
_itow
_wcstoi64
_itow_s
wcschr
_ui64tow_s
_i64tow_s
_wcsicmp
_wtoi64
wcspbrk
_wcsnicmp
_wstat64
fclose
_wfopen
fread
wcsrchr
memset
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapDestroy

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

GetStringTypeExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

imm32

ImmDisableIME
ImmDisableTextFrameService

ole32

CoMarshalInterThreadInterfaceInStream
CoRevokeClassObject
CoInitializeEx
CoTaskMemRealloc
CoSuspendClassObjects
CoInitializeSecurity
CoGetInterfaceAndReleaseStream
StringFromCLSID
CoGetClassObject
CoInitialize
CoCreateGuid
CoCreateInstance
CLSIDFromString
CoResumeClassObjects
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoUninitialize

oleaut32

RegisterTypeLi
SysFreeString
VarUI4FromStr
SysAllocString
SysStringLen
LoadTypeLi
UnRegisterTypeLi
SysAllocStringLen
VariantClear
SafeArrayDestroy
SafeArrayCreateVector
VarBstrCat
VarBstrFromI8
VarBstrCmp
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
SysStringByteLen
SysAllocStringByteLen

shell32

SHCreateDirectoryExW

shlwapi

StrRStrIW
SHCreateStreamOnFileW
PathAddBackslashW
PathStripPathW
StrChrW
PathAppendW

rpcrt4

UuidCreateSequential
UuidHash

xmllite

CreateXmlReader

elscore

MappingFreeServices
MappingRecognizeText
MappingFreePropertyBag
MappingGetServices

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

Sections

.text
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

caf9280eb697edad03dc40fe476dce28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

ntdll

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

imm32

ole32

oleaut32

shell32

shlwapi

rpcrt4

xmllite

elscore

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-1

Sections

.text Size: 226KB - Virtual size: 226KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 5KB - Virtual size: 10KB

.pdata Size: 11KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 344B

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 29KB - Virtual size: 30KB

.text
Size: 226KB - Virtual size: 226KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 5KB - Virtual size: 10KB

.pdata
Size: 11KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 344B

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 29KB - Virtual size: 30KB