colorpicker[.]f11[.]u2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

colorpicker.f11.u2.exe
Size

85.8MB
MD5

dc356df97c09bfd2dae94b90e824c485
SHA1

631d91ec670d24e8f25a9ad044940ed9a4afd8e7
SHA256

64b421ce7a0f060a90285ce5c5c8fce1697d6f1a7b6fc3b7f447c5958208f428
SHA512

4a3ed0fa81b9d816e46b1063789422988f4afe7b790692a48d564e4adf4a86761c37d6760732bc4a7e7e58f92f9ce4f0521948b4ee53841e5952d0e349e83c12
SSDEEP

1572864:Wpo4VzMgGEG0gkiYOxiPNBhdOxFCz5gc42T7DY64+0fPrXCtjVLqITsYb:Mo4VzMgGEG0PLsSHhdOLi5g4f74+0fWs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
colorpicker.f11.u2.exe

Files

colorpicker.f11.u2.exe
.exe windows:6 windows x64 arch:x64

e82ee9af09fa374e8673a8c333a97f1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LockResource
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA

comdlg32

GetOpenFileNameA

advapi32

CryptDestroyHash

shell32

ShellExecuteA

msvcp140

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

crypt32

CertGetCertificateChain

ws2_32

htons

rpcrt4

UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

fseek

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-string-l1-1-0

strpbrk

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

Sections

.text
Size: - Virtual size: 630KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.;f*
Size: - Virtual size: 84.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Em`
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RR.
Size: 85.3MB - Virtual size: 85.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e82ee9af09fa374e8673a8c333a97f1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

msvcp140

crypt32

ws2_32

rpcrt4

psapi

userenv

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Sections

.text Size: - Virtual size: 630KB

.rdata Size: - Virtual size: 353KB

.data Size: - Virtual size: 8KB

.pdata Size: - Virtual size: 27KB

.;f* Size: - Virtual size: 84.2MB

.Em` Size: 5KB - Virtual size: 4KB

.RR. Size: 85.3MB - Virtual size: 85.3MB

.rsrc Size: 453KB - Virtual size: 452KB

.text
Size: - Virtual size: 630KB

.rdata
Size: - Virtual size: 353KB

.data
Size: - Virtual size: 8KB

.pdata
Size: - Virtual size: 27KB

.;f*
Size: - Virtual size: 84.2MB

.Em`
Size: 5KB - Virtual size: 4KB

.RR.
Size: 85.3MB - Virtual size: 85.3MB

.rsrc
Size: 453KB - Virtual size: 452KB