08cf08322be472f8560faf3830cee4857085ced2c565bd972e2480d704ba94e1

Sharing

Copy URL Twitter E-mail

General

Target

08cf08322be472f8560faf3830cee4857085ced2c565bd972e2480d704ba94e1
Size

4.0MB
MD5

9bcd12ed0df597d1ad4c4ead0ba3e3e7
SHA1

aeb8ac9f5e26559cd49b440291efd7d76fae6604
SHA256

08cf08322be472f8560faf3830cee4857085ced2c565bd972e2480d704ba94e1
SHA512

79e0aa2ea58df4aa9cfca32670600f270185fd545607e6d73146d64829c9bb7fa6452d2cfaefca4a7df55203966541af10cae7d1e660ee10a6fd39c7d1da0688
SSDEEP

49152:mTSy1KQyJqsJrcwc3a83uvLE5v5RWDmg27RnWGj:QSyYfBcw2at4R+D527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08cf08322be472f8560faf3830cee4857085ced2c565bd972e2480d704ba94e1

Files

08cf08322be472f8560faf3830cee4857085ced2c565bd972e2480d704ba94e1
.exe windows:6 windows x64 arch:x64

61e09e666cb518b7e9dc55cdeb759adc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\u\workspace\nViewBranchBuilder\sw\nview\v200\_out\x64-Release\nViewMain64.pdb

Imports

magnification

MagSetWindowSource
MagUninitialize
MagSetWindowTransform
MagInitialize

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiW
OpenProcess
FreeLibrary
lstrcpynW
SetFileAttributesW
GetLastError
GetFileAttributesW
FindFirstFileW
FindClose
CreateMutexW
ReleaseMutex
SetEndOfFile
HeapSize
ReadConsoleW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
HeapFree
HeapAlloc
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
GetCommandLineA
GetLocalTime
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleW
IsWow64Process
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
OpenEventW
ResetEvent
lstrcatW
CreateProcessW
ExitThread
CreateThread
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
lstrlenW
FindNextFileW
QueryPerformanceFrequency
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
lstrcpyW
lstrcmpW
GlobalFree
GlobalAlloc
RtlUnwind
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
QueryFullProcessImageNameW
MapViewOfFileEx
CreateFileMappingW
GetSystemInfo
UnmapViewOfFile
GetModuleHandleA
GetVersionExW
K32GetModuleFileNameExW
K32EnumProcessModules
OpenThread
GetCommandLineW
GetUserDefaultUILanguage
QueryPerformanceCounter
MulDiv
LoadLibraryW
FormatMessageW
GetCurrentThreadId
GetCurrentProcessId
VerifyVersionInfoW
LoadLibraryExW
GetModuleFileNameW
SetLastError
OutputDebugStringW
GetFullPathNameW
ExpandEnvironmentStringsW
VerSetConditionMask
LocalFree
LocalAlloc
GlobalLock
GlobalUnlock
FreeResource
CopyFileW
GetTickCount
GetSystemWindowsDirectoryW
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
GetSystemDirectoryW

user32

GetWindowPlacement
SetWindowPlacement
IsIconic
IntersectRect
UnionRect
DefWindowProcW
RegisterClassW
CreateWindowExW
GetWindowRect
SetLayeredWindowAttributes
UnhookWinEvent
EndPaint
InvalidateRect
InflateRect
SetWindowLongPtrW
LoadCursorW
SystemParametersInfoW
GetParent
FindWindowW
GetAsyncKeyState
GetMessageW
SetWindowPos
SetWinEventHook
EnumWindows
IsWindowVisible
SendMessageTimeoutW
PtInRect
ClientToScreen
BeginPaint
GetClientRect
PostMessageW
GetWindow
GetClassLongPtrW
GetWindowLongPtrW
IsDlgButtonChecked
CheckDlgButton
GetPhysicalCursorPos
GetDlgItem
GetLayeredWindowAttributes
DestroyWindow
SendMessageW
wsprintfW
ShowWindow
TranslateMessage
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
CheckMenuRadioItem
GetSysColorBrush
InsertMenuItemW
TrackPopupMenu
CreatePopupMenu
OffsetRect
IsRectEmpty
SetRectEmpty
GetMonitorInfoW
MonitorFromRect
DestroyIcon
ReleaseDC
GetDC
IsWindow
GetWindowThreadProcessId
FindWindowExW
EqualRect
WaitForInputIdle
MsgWaitForMultipleObjects
RegisterDeviceNotificationW
PeekMessageW
LoadIconW
SetWindowLongW
GetWindowLongW
UpdateWindow
GetMenuItemInfoW
AppendMenuW
CheckMenuItem
CreateMenu
SetMenu
GetSystemMetrics
RegisterClassExW
IsWindowEnabled
OpenInputDesktop
GetActiveWindow
UnregisterHotKey
RegisterHotKey
GetDesktopWindow
SetCursorPos
DialogBoxParamW
CreateDialogParamW
IsZoomed
MoveWindow
ShowWindowAsync
GetCursorPos
GetWindowTextW
SetForegroundWindow
GetForegroundWindow
KillTimer
SetTimer
UnregisterClassW
PostQuitMessage
DispatchMessageW
MessageBoxW
CharLowerW
GetSysColor
LoadImageW
ValidateRect
GetClassNameW
DrawIconEx
GetAncestor
MonitorFromPoint
SetProcessDPIAware
LoadStringW
DisplayConfigGetDeviceInfo
EnumDisplayDevicesW
EnumDisplaySettingsW
EnumDisplaySettingsExW
WindowFromPoint
CharUpperW
EnumDisplayMonitors
CopyRect
RegisterWindowMessageW
CloseDesktop

gdi32

SetBrushOrgEx
StrokeAndFillPath
EndPath
BeginPath
GetDIBits
CreatePen
BitBlt
GetDeviceCaps
CreateCompatibleBitmap
CreateFontIndirectW
DeleteObject
GetStockObject
GetTextExtentPoint32W
LineTo
RoundRect
SelectObject
SetDCBrushColor
SetDCPenColor
SetBkMode
SetTextColor
MoveToEx
TextOutW
CreateCompatibleDC
DeleteDC
StretchBlt
GetObjectW
CreateSolidBrush
SetStretchBltMode

advapi32

RegEnumValueW
GetUserNameW
LookupAccountSidW
GetTokenInformation
SetEntriesInAclW
RegQueryInfoKeyW
OpenProcessToken
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegCloseKey
RegOpenCurrentUser
RegCreateKeyExW
RegOpenKeyW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCopyTreeW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
RegSetValueExW
SetSecurityDescriptorDacl

shell32

Shell_NotifyIconW
ExtractIconW
ExtractIconExW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHCreateShellItemArrayFromShellItem
SHCreateItemFromParsingName
ShellExecuteW
CommandLineToArgvW

ole32

CoCreateInstance
CLSIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoInitialize
CoUninitialize

oleaut32

OleLoadPicture
SysAllocString
SysFreeString

shlwapi

StrRStrIW
ord487
SHCopyKeyW
StrStrIW
SHDeleteKeyW

gdiplus

GdipCreatePen1
GdipDeletePen
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawPath
GdipFillPath
GdiplusStartup
GdiplusShutdown
GdipCreatePen2
GdipSetPenWidth
GdipLoadImageFromFile
GdipCloneImage
GdipDeleteBrush
GdipSetSmoothingMode
GdipDrawArcI
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImageRect
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipCloneBrush
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipCreateSolidFill
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromHICON

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 581KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

61e09e666cb518b7e9dc55cdeb759adc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

magnification

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

dwmapi

version

Sections

.text Size: 581KB - Virtual size: 581KB

.rdata Size: 182KB - Virtual size: 181KB

.data Size: 12KB - Virtual size: 37KB

.pdata Size: 29KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 581KB - Virtual size: 581KB

.rdata
Size: 182KB - Virtual size: 181KB

.data
Size: 12KB - Virtual size: 37KB

.pdata
Size: 29KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 572KB - Virtual size: 576KB