9ac7201ef7735419269b34f035ae6f96

Sharing

Copy URL Twitter E-mail

General

Target

9ac7201ef7735419269b34f035ae6f96
Size

1.3MB
MD5

9ac7201ef7735419269b34f035ae6f96
SHA1

a0ba4030c5ee309665d99aee6a57bb730c65661f
SHA256

5c84bebb7990b85c59e5490851542f98e23f0038943692a4da6556e4971829be
SHA512

b3fad41b1590f31a4e2a93e6d89b14cd20b53a436567025a70de34736f26c67d0ba5abc3be8fdf5220920474ecab1fcb28e494da939bcc93cfc4eef5b79f0008
SSDEEP

24576:DJiSBjGZko7MSBrU0ewm7MjJR+ibbZ4+iCAZH5s3Zr1wLp:Dvi7U0SQNRRbuiKs31aLp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ac7201ef7735419269b34f035ae6f96

Files

9ac7201ef7735419269b34f035ae6f96
.exe windows:6 windows x86 arch:x86

bdf84fe2732f6dcf381d5cc4d2078bff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\kanan-new\Release\Launcher.pdb

Imports

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

bcrypt

BCryptDestroyKey
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptSetProperty
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGenRandom
BCryptEncrypt

crypt32

CryptBinaryToStringW

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCrackUrl

d3d9

Direct3DCreate9

kernel32

GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetCommandLineW
GetEnvironmentStringsW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleOutputCP
FlushFileBuffers
GetFileSizeEx
HeapAlloc
OutputDebugStringW
HeapReAlloc
GetModuleHandleW
FormatMessageW
GetLastError
LocalFree
CloseHandle
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
DecodePointer
FreeEnvironmentStringsW
ReadConsoleW
GetConsoleMode
WriteFile
ExitProcess
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
ReadFile
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwind
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
LCMapStringEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
GetCPInfo
EncodePointer
InitializeCriticalSectionAndSpinCount
GetStringTypeW
HeapFree
GetFileInformationByHandleEx
RaiseException
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetCurrentThreadId
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
FormatMessageA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
GetSystemTimeAsFileTime
GetProcAddress
WaitForSingleObjectEx

user32

UpdateWindow
PeekMessageW
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetKeyState
ScreenToClient
GetActiveWindow
GetCapture
ClientToScreen
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
GetDesktopWindow
MessageBoxW
PostQuitMessage
DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
TranslateMessage

comdlg32

GetOpenFileNameW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

Sections

.text
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdf84fe2732f6dcf381d5cc4d2078bff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

bcrypt

crypt32

winhttp

d3d9

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

imm32

Sections

.text Size: 932KB - Virtual size: 931KB

.rdata Size: 355KB - Virtual size: 354KB

.data Size: 23KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 932KB - Virtual size: 931KB

.rdata
Size: 355KB - Virtual size: 354KB

.data
Size: 23KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 29KB - Virtual size: 29KB