869974c4b69fb50d5e6c2eff482b25afa0e4ababadfba65958ab93a3bf791c9a

Sharing

Copy URL Twitter E-mail

General

Target

869974c4b69fb50d5e6c2eff482b25afa0e4ababadfba65958ab93a3bf791c9a
Size

396KB
MD5

4417711cf63014d7229d13b061490f44
SHA1

0d5acafc329e85d51be2627d5ec147822a9eab59
SHA256

869974c4b69fb50d5e6c2eff482b25afa0e4ababadfba65958ab93a3bf791c9a
SHA512

64b105b7bd31a11588f31c82504a6a1097e43fbb03eaf1200956ce7f2ff76f3c9a716711deca1f7217f6ee308ca5468b074714a505c588a7b3e711d7e97f002c
SSDEEP

6144:goDbnYj5FhOd0tYI13xmt08w/TbysiiJdJWD9c69s+urTlU4Oqw8VVbbUz:goXYFFhp13xS08w/3iiV+ur7Nw87K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
869974c4b69fb50d5e6c2eff482b25afa0e4ababadfba65958ab93a3bf791c9a

Files

869974c4b69fb50d5e6c2eff482b25afa0e4ababadfba65958ab93a3bf791c9a
.exe windows:10 windows x64 arch:x64

0cdfb4ec79ad45d1da00dcc99975778f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

imepadsv.pdb

Imports

kernel32

GlobalUnlock
GlobalAlloc
GlobalLock
SetErrorMode
CreateMutexW
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
OpenSemaphoreW
WaitForSingleObject
GlobalHandle
EnterCriticalSection
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CloseHandle
SetLastError
OutputDebugStringW
IsDebuggerPresent
GetLastError
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
FormatMessageW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
GlobalFree

user32

UnhookWindowsHookEx
ReleaseDC
CheckRadioButton
GetDlgCtrlID
EndDialog
GetAsyncKeyState
GetIconInfo
DrawFrameControl
GetKeyState
GetWindowPlacement
CreateDialogParamW
GetDlgItem
GetSysColorBrush
DestroyMenu
TrackPopupMenuEx
InsertMenuItemW
CreatePopupMenu
DrawTextW
DrawTextExW
GetDC
GetCapture
EndPaint
DrawIconEx
DrawEdge
GetSysColor
BeginPaint
InvalidateRect
GetFocus
SetCursor
ReleaseCapture
SetThreadDpiAwarenessContext
GetMessageW
TranslateMessage
AttachThreadInput
DestroyIcon
FillRect
MapWindowPoints
DispatchMessageW
DestroyWindow
IsWindow
SetTimer
GetActiveWindow
UpdateWindow
KillTimer
CreateWindowExW
GetDoubleClickTime
PostQuitMessage
GetWindowThreadProcessId
DialogBoxIndirectParamW
LoadMenuIndirectW
MessageBoxW
GetSubMenu
GetForegroundWindow
SetCapture
GetClassNameW
SetProcessDPIAware
AdjustWindowRectEx
WinHelpW
GetClassLongW
LoadCursorW
LoadImageW
GetThreadDesktop
GetUserObjectInformationW
FrameRect
MonitorFromPoint
GetMenuItemCount
DrawCaption
GetWindowTextLengthW

msvcrt

memcmp
__CxxFrameHandler4
??3@YAXPEAX@Z
_purecall
wcsncpy_s
wcstok_s
_wcsicmp
??0exception@@QEAA@XZ
_onexit
__dllonexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memset
_unlock
_lock
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memcpy_s
_vsnwprintf
_vsnwprintf_s
free
signal
wcstol
??_V@YAXPEAX@Z
memmove_s
wcsncat_s
wcsnlen
??1exception@@UEAA@XZ

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoUninitialize

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateEventExW
AcquireSRWLockShared
SetEvent
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeCriticalSectionEx

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLangID

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TlsFree
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
OpenThreadToken
GetCurrentThread
OpenProcessToken

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

coremessaging

MsgStringCreateShared
MsgBlobCreateShared
MsgRelease
CoreUICreate

coreuicomponents

CoreUIFactoryCreate
CoreUIClientCreate

api-ms-win-rtcore-ntuser-window-l1-1-0

IsWindowVisible
GetWindowLongW
ShowWindow
GetWindowTextW
GetClassInfoExW
GetParent
RegisterClassExW
PostMessageW
SendMessageW
SetFocus
ScreenToClient
SetForegroundWindow
EnableWindow
SetWindowLongW
SetWindowLongPtrW
EndDeferWindowPos
IsWindowEnabled
GetWindowLongPtrW
DeferWindowPos
BeginDeferWindowPos
GetClientRect
SetWindowTextW
GetWindowRect
DefWindowProcW
GetCursorPos
SetWindowPos
GetWindow
ChildWindowFromPointEx

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetSystemMetrics
GetMonitorInfoW

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-ntuser-rectangle-l1-1-0

OffsetRect
PtInRect
SetRectEmpty
SetRect

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadStringW
FindResourceExW
GetModuleFileNameW
FreeLibrary
LoadResource

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
GetTokenInformation

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
StringFromGUID2
CoWaitForMultipleHandles
IIDFromString

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-string-l2-1-0

CharPrevW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

ntdll

NtQueryInformationProcess
RtlIsMultiUsersInSessionSku

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

gdi32

ExtTextOutW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreatePen
MoveToEx
LineTo
DeleteObject
BitBlt
DeleteDC
GetCurrentObject
GetTextMetricsW
GetBkMode
GetTextColor
SetBkMode
SetTextColor
Polyline
GetDeviceCaps
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetTextExtentPoint32W
CreateDCW
SetROP2
GetStockObject
CreateSolidBrush
GetTextExtentPointW
Rectangle
GetLayout

sfc

SfcIsFileProtected

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

CoCreateInstance

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cdfb4ec79ad45d1da00dcc99975778f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

ole32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

coremessaging

coreuicomponents

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-ntuser-rectangle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

ntdll

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

gdi32

sfc

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 13KB

.pdata Size: 12KB - Virtual size: 8KB

.didat Size: 4KB - Virtual size: 24B

.rsrc Size: 148KB - Virtual size: 144KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 13KB

.pdata
Size: 12KB - Virtual size: 8KB

.didat
Size: 4KB - Virtual size: 24B

.rsrc
Size: 148KB - Virtual size: 144KB

.reloc
Size: 4KB - Virtual size: 1KB