43c3aa545a14221d5f818882e5f691967407d03278dad714b4c65a4ca377f818[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

43c3aa545a14221d5f818882e5f691967407d03278dad714b4c65a4ca377f818.exe
Size

572KB
MD5

8dde41a60c3c082c5ff06d1fd40703a2
SHA1

6ea4f0db8aaa9d2bffb0a0815cca08ee456857ff
SHA256

43c3aa545a14221d5f818882e5f691967407d03278dad714b4c65a4ca377f818
SHA512

1b5a08d0b4a40ea949e83098cf0cc54bddc1b3a8f059e8b841eca0c058b3ff9e06f975119edebffb9c12efb1b12fd353b6fd29ee84f9272496104dd4c7a06ac1
SSDEEP

6144:Sh7kUzYRpY1xsTp2BSVG4n3ShC1/u91qQYniABcqbsh7YKxIZ/GycVBhisnoOLLS:NyY0DRAOCIfqQYnBcaeTVBwsno1Wo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43c3aa545a14221d5f818882e5f691967407d03278dad714b4c65a4ca377f818.exe

Files

43c3aa545a14221d5f818882e5f691967407d03278dad714b4c65a4ca377f818.exe
.exe windows:6 windows x64 arch:x64

0d4a5ca29da6f036c66ca5c00b372106

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
WriteProcessMemory
VirtualFree
SetConsoleTitleA
VirtualAlloc
Module32Next
Module32First
OpenProcess
CreateToolhelp32Snapshot
Sleep
CreateFileA
CloseHandle
VirtualAllocEx
ReadProcessMemory
GetCurrentProcessId
CreateRemoteThread
FlushFileBuffers
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
WideCharToMultiByte
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
InitializeSListHead
GlobalAlloc
GlobalFree
GlobalLock

user32

GetWindowThreadProcessId
GetWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
GetSystemMetrics
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetWindowLongA
MoveWindow
RegisterClassA
DefWindowProcA
CreateWindowExA
TranslateMessage
mouse_event
PeekMessageA
UnregisterClassA
PostQuitMessage
FindWindowA
UpdateWindow
GetKeyState
GetMessageExtraInfo
LoadCursorA
ScreenToClient
OpenClipboard
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
SetCapture
SetCursor
CloseClipboard
GetClientRect
GetCursorPos
SetCursorPos
ReleaseCapture
SetClipboardData
GetClipboardData
EmptyClipboard
IsWindowUnicode

gdi32

GetStockObject

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
_Mtx_unlock
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock

d3d9

Direct3DCreate9Ex

ntdll

ZwSetValueKey
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
ZwClose

xinput1_4

ord2

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
_CxxThrowException
memchr
memmove
memset
__std_terminate
strstr
__std_exception_destroy
__std_exception_copy
__C_specific_handler
__current_exception
__current_exception_context
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
fseek
ftell
_set_fmode
fclose
__acrt_iob_func
__p__commode
__stdio_common_vsprintf_s
fwrite
_wfopen
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
fflush

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
wcscpy_s
_stricmp
strncmp

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
exit
_seh_filter_exe
_set_app_type
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_beginthreadex
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

cosf
powf
atan2
fmodf
sqrtf
ceilf
sinf
tanf
asin
__setusermatherr
acosf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 211KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d4a5ca29da6f036c66ca5c00b372106

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

gdi32

imm32

msvcp140

d3d9

ntdll

xinput1_4

d3dx9_43

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 291KB - Virtual size: 290KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 211KB - Virtual size: 252KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 708B

.text
Size: 291KB - Virtual size: 290KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 211KB - Virtual size: 252KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 708B