Endermanch@Antivirus[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

[email protected]
Size

2.0MB
MD5

c7e9746b1b039b8bd1106bca3038c38f
SHA1

cb93ac887876bafe39c5f9aa64970d5e747fb191
SHA256

b1369bd254d96f7966047ad4be06103830136629590182d49e5cb8680529ebd4
SHA512

cf5d688f1aec8ec65c1cb91d367da9a96911640c695d5c2d023836ef11e374ff158c152b4b6207e8fcdb5ccf0eed79741e080f1cbc915fe0af3dacd624525724
SSDEEP

49152:FH/1Fdq0wneDrEoYxWFjmYMcKabLVp3diY7kp:FH/1Fdq0nIo2YAcl/NisA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
[email protected]

Files

[email protected]
.exe windows:4 windows x86 arch:x86

Password: mysubsarethbest

5a2c800e40f7e30fbf38d55c7090d219

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Working Copies\Bundles\Antivirus\Av\release\avt_main.pdb

Imports

kernel32

GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GetThreadLocale
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
GlobalFlags
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
ExitThread
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
TlsGetValue
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
LocalAlloc
InterlockedCompareExchange
WritePrivateProfileStringW
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
FormatMessageW
LocalFree
SuspendThread
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
CreateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MoveFileA
HeapFree
GetProcessHeap
HeapAlloc
FlushFileBuffers
GetVersion
SearchPathA
GetWindowsDirectoryA
lstrcpynA
ResetEvent
SetEvent
WaitForSingleObject
ResumeThread
CreateEventW
Module32NextW
Module32FirstW
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingW
CreateFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
MoveFileExW
GetFileAttributesW
lstrcmpW
FreeLibrary
GetWindowsDirectoryW
GetModuleFileNameA
SetThreadPriority
GetModuleFileNameW
CreateProcessA
GetSystemDirectoryA
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcpyA
GetFileAttributesA
ReadFile
GetFileSize
WriteFile
CreateFileA
MoveFileExA
GetCurrentThread
GetCurrentProcess
GetVersionExW
GlobalLock
GlobalAlloc
SizeofResource
GlobalFree
GlobalUnlock
MulDiv
lstrcpynW
LoadLibraryA
WinExec
lstrcatW
GetModuleHandleA
FreeResource
LockResource
LoadResource
FindResourceW
CreateMutexW
GetCommandLineW
Process32NextW
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiW
lstrcpyW
Process32FirstW
CreateToolhelp32Snapshot
InterlockedExchange
RemoveDirectoryA
GetTempPathA
DeleteFileA
ExpandEnvironmentStringsA
DeleteFileW
ExpandEnvironmentStringsW
lstrcmpiA
FindClose
lstrcmpA
GetVolumeInformationA
GetDriveTypeA
MultiByteToWideChar
lstrlenA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetLogicalDrives
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
WideCharToMultiByte
lstrlenW
ExitProcess
lstrcatA
VirtualProtect
Sleep

user32

GetMessageW
ValidateRect
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
CheckRadioButton
CheckDlgButton
BeginPaint
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
GetKeyState
GetScrollPos
GetMenu
GetMenuItemCount
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
CallWindowProcW
IntersectRect
GetWindowPlacement
DrawEdge
FrameRect
DrawStateW
GetWindowDC
CreateIconIndirect
GetIconInfo
GetWindowThreadProcessId
DrawFocusRect
SetRectEmpty
EnableMenuItem
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
DestroyIcon
DeleteMenu
GetSubMenu
LoadMenuW
RedrawWindow
SetWindowRgn
RegisterWindowMessageW
SendMessageW
UnregisterClassA
EnableWindow
InvalidateRect
GetClientRect
GetSysColorBrush
SetClipboardViewer
CloseClipboard
GetClipboardData
OpenClipboard
LoadBitmapW
IsCharAlphaNumericW
SetFocus
FillRect
SetRect
PostMessageW
GetCursorPos
UpdateWindow
ClientToScreen
GetCaretPos
GetClassNameW
GetFocus
UpdateLayeredWindow
GetWindow
LockSetForegroundWindow
UnregisterClassW
DestroyWindow
RegisterClassExW
DefWindowProcW
CopyIcon
InflateRect
GetSysColor
ScreenToClient
GetMessagePos
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
ReleaseCapture
SetCapture
CharUpperW
CharNextW
PeekMessageW
SetWindowPos
OffsetRect
DestroyMenu
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
GetWindowTextW
WindowFromPoint
SystemParametersInfoA
PostThreadMessageW
GetSystemMetrics
EqualRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadIconW
CreatePopupMenu
AppendMenuW
GetWindowRect
wsprintfW
wsprintfA
SendMessageTimeoutW
EnumWindows
SetForegroundWindow
IsIconic
ShowWindow
GetDesktopWindow
IsWindowEnabled
GetActiveWindow
SetActiveWindow
LoadIconA
DrawIcon
IsWindowVisible
FindWindowA
PtInRect
LoadImageW
GetParent
GetDC
ReleaseDC
GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
LoadCursorW
IsWindow
CopyRect
SystemParametersInfoW
MessageBoxW
GetDlgItem
CreateWindowExW
SetCursor
EndPaint

gdi32

CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
CreateFontW
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
SetDIBits
GetDIBits
CombineRgn
GetPixel
CreateRectRgn
SetBkColor
GetMapMode
SetMapMode
CreateBitmap
DPtoLP
StretchBlt
SetStretchBltMode
GetCurrentObject
CreateDIBSection
DeleteObject
GetTextExtentPoint32W
DeleteDC
GetDeviceCaps
CreateFontIndirectW
BitBlt
SelectObject
CreateCompatibleDC
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

AdjustTokenPrivileges
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyExW
RegEnumKeyExA
RegOpenKeyA
RegEnumKeyA
RegEnumValueA
RegQueryValueW
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
InitiateSystemShutdownW
RegCloseKey
LookupPrivilegeValueW
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegSetValueExA
RegCreateKeyA
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyW
RegEnumValueW
RegDeleteValueW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHEmptyRecycleBinW
SHAddToRecentDocs
ShellExecuteA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
StrStrA
SHDeleteValueW
StrStrIA
StrCmpIW
SHGetValueA
SHDeleteKeyW
StrStrW
StrStrIW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantInit
SysStringLen
OleCreateFontIndirect
SysFreeString
SafeArrayDestroy
VariantCopy
SysAllocString
GetErrorInfo

gdiplus

GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipCreateBitmapFromHBITMAP
GdipSetSmoothingMode
GdipDrawImageRectI
GdipReleaseDC
GdipCreatePen1
GdipDeletePen
GdipDrawLineI

psapi

GetModuleFileNameExW

wininet

InternetConnectW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
FindNextUrlCacheEntryA
InternetReadFile
HttpQueryInfoW
InternetOpenW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle

msvfw32

MCIWndCreateW

wintrust

WinVerifyTrust

Sections

.text
Size: 692KB - Virtual size: 691KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: mysubsarethbest

5a2c800e40f7e30fbf38d55c7090d219

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

psapi

wininet

msvfw32

wintrust

Sections

.text Size: 692KB - Virtual size: 691KB

.rdata Size: 186KB - Virtual size: 186KB

.data Size: 15KB - Virtual size: 34KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 692KB - Virtual size: 691KB

.rdata
Size: 186KB - Virtual size: 186KB

.data
Size: 15KB - Virtual size: 34KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB