KevinPCOptimizer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

KevinPCOptimizer.exe
Size

5.0MB
MD5

e565fc5da445e8a1467d9d34d285142d
SHA1

9c92355687109dd2390702166badca01e37bbd72
SHA256

28d97af23e317ed94051a0fb2aec6eed93d95c31e92404e74ea49e6b5d12c826
SHA512

57a6401442311653b57017c9579edd0c2b3b8906853cc8b82912ce253be50071e81d299fe09ff395218768de608be8f927d5c735ba637e89ec796fd96ab5dee8
SSDEEP

98304:LTfzIEs3R97BEuMYjnKVosPesNP3yezy7p02:L/g97BELYjnK2Bkqk72

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KevinPCOptimizer.exe

Files

KevinPCOptimizer.exe
.exe windows:5 windows x86 arch:x86

97581bbafd21811e248bd5bdaf2ef9c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\JobAI\win\Release\stubs\x86u\ExternalUi.pdb

Imports

kernel32

GetLastError
GetDriveTypeW
CompareStringW
lstrcmpiW
lstrlenW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
ExitProcess
GetModuleFileNameA
LoadLibraryW
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LoadLibraryA
LocalAlloc
PeekNamedPipe
GetStdHandle
TerminateProcess
OpenProcess
SearchPathW
ConnectNamedPipe
CreateNamedPipeW
GetVersion
GetExitCodeProcess
CreateProcessW
GetDiskFreeSpaceExW
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
CreateFileW
WriteFile
CreateMutexW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
FindNextFileW
InterlockedExchange
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
GlobalFree
FindClose
ReadFile
CreateFileA
GetFileSize
GetLogicalDriveStringsW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateDirectoryW
GetCurrentProcessId
CloseHandle
GetExitCodeThread
ResetEvent
MoveFileW
TerminateThread
GetSystemTime
GetEnvironmentVariableW
GetWindowsDirectoryW
GetSystemDirectoryW
OutputDebugStringW
GlobalMemoryStatus
GetUserDefaultLangID
GetSystemDefaultLangID
GetLocaleInfoW
EnumResourceLanguagesW
SetFilePointer
CopyFileW
SetEvent
FlushFileBuffers
LocalFree
WaitForSingleObject
CreateEventW
SetLastError
FlushInstructionCache
GetCurrentProcess
Sleep
RaiseException
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
TlsFree
GetVersionExW
GetTempPathW
GetTempFileNameW
GetFileAttributesW
FormatMessageW
WideCharToMultiByte
GetCurrentThread
CreateThread
SetFileAttributesW
MulDiv

user32

SendMessageW
GetSysColorBrush
GetWindowRect
IntersectRect
EqualRect
MapWindowPoints
DefWindowProcW
EnableWindow
DestroyWindow
SetWindowTextW
GetDlgItem
SetWindowLongW
GetWindowLongW
CallWindowProcW
GetParent
LoadCursorW
ShowWindow
DispatchMessageW
ReleaseDC
GetDC
IsWindowVisible
GetComboBoxInfo
DrawFrameControl
RegisterWindowMessageW
CreateAcceleratorTableW
InvalidateRgn
GetDesktopWindow
DestroyAcceleratorTable
GetKeyState
SetRectEmpty
DrawTextExW
DrawStateW
ValidateRect
DestroyMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenu
TrackMouseEvent
InflateRect
GetWindowDC
LoadBitmapW
CharNextW
DrawFocusRect
GetClassNameW
OffsetRect
ReleaseCapture
GetCapture
SetCapture
UpdateWindow
PtInRect
GetDlgCtrlID
GetWindowTextLengthW
GetWindowTextW
SetScrollInfo
GetScrollPos
GetClassInfoExW
RegisterClassExW
DrawTextW
SetFocus
IsRectEmpty
CopyRect
SetScrollPos
EndPaint
FillRect
SetRect
BeginPaint
MoveWindow
GetScrollInfo
ScreenToClient
GetMessagePos
GetSysColor
RedrawWindow
DestroyIcon
SystemParametersInfoW
GetActiveWindow
KillTimer
CreateWindowExW
DestroyCursor
CreateDialogParamW
EndDialog
DialogBoxParamW
GetNextDlgTabItem
IsWindowEnabled
SetCursor
GetWindow
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
ClientToScreen
GetClientRect
GetSystemMetrics
LoadImageW
InvalidateRect
IsDialogMessageW
IsChild
GetFocus
PostQuitMessage
IsWindow
LoadStringW
GetPropW
GetForegroundWindow
MsgWaitForMultipleObjects
GetSystemMenu
ModifyMenuW
FindWindowW
ExitWindowsEx
SetPropW
RemovePropW
EnableMenuItem
LoadMenuW
GetSubMenu
SetTimer
LoadIconW
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
UnregisterClassA
MessageBoxW
PostMessageW
SetForegroundWindow
SetCursorPos
GetCursorPos
PeekMessageW
GetMessageW
TranslateMessage

gdi32

GetTextMetricsW
ExtTextOutW
SetBkColor
GetWindowExtEx
GetViewportExtEx
SetMapMode
GetMapMode
ExcludeClipRect
CreateFontIndirectW
GetObjectW
CreateSolidBrush
GetStockObject
GetBitmapBits
SetBkMode
CreateFontW
GetDeviceCaps
SetBrushOrgEx
CreatePatternBrush
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
CreateBitmapIndirect
SetTextColor

advapi32

LookupPrivilegeValueW
OpenProcessToken
StartServiceW
QueryServiceStatus
OpenServiceW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
GetUserNameW
RegOpenKeyW

shell32

ShellExecuteW
ShellExecuteExW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHGetFileInfoW

ole32

CoTaskMemRealloc
CoInitializeEx
CoUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoInitialize
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree

oleaut32

VarUI4FromStr
OleLoadPicture
VarDateFromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VariantChangeType
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString

dbghelp

SymCleanup
SymGetLineFromAddr
SymGetSymFromAddr
SymFunctionTableAccess
SymGetModuleBase
StackWalk
SymInitialize
SymSetOptions

shlwapi

PathIsUNCW
PathFileExistsW

comctl32

InitCommonControlsEx
ImageList_LoadImageW
ImageList_SetBkColor
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
_TrackMouseEvent
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 617KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97581bbafd21811e248bd5bdaf2ef9c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

shlwapi

comctl32

version

psapi

comdlg32

Sections

.text Size: 617KB - Virtual size: 617KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 97KB - Virtual size: 96KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 617KB - Virtual size: 617KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 97KB - Virtual size: 96KB

.reloc
Size: 61KB - Virtual size: 60KB