3b8de7bb14b09c31d93c087b5f35ddf89093b618792242a2200470ba2c2a4d7a

Sharing

Copy URL Twitter E-mail

General

Target

3b8de7bb14b09c31d93c087b5f35ddf89093b618792242a2200470ba2c2a4d7a
Size

11.6MB
MD5

202edd6a626140fa3dcedb0808333ffa
SHA1

6d88124c013a0d309c7370134d6514664c290043
SHA256

3b8de7bb14b09c31d93c087b5f35ddf89093b618792242a2200470ba2c2a4d7a
SHA512

b00895ad04248e0c80975f2b12d1d5ea28686aad006602f667717e1045e1ca4ef3f5dd70972512a377465022c6cb001cd3473ed33c443920c709dae588ddca0b
SSDEEP

49152:09+MV+k8aO4UcTIBMSHKiqX+0o+zC+wI5KkxwVwHVwBCet6IuKgI0Vw9o8g8P6dL:i5miw8uBCet6DvmZJX7sN+CHt2sEE5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b8de7bb14b09c31d93c087b5f35ddf89093b618792242a2200470ba2c2a4d7a

Files

3b8de7bb14b09c31d93c087b5f35ddf89093b618792242a2200470ba2c2a4d7a
.exe windows:6 windows x64 arch:x64

f94a73c0d7090df8f352329300dda298

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Dropbox.pdb

Imports

dropbox_core

bootstrap_abort
dbxlog_log
bootstrap_application
apex_context_get_current

advapi32

AccessCheck
EventWrite
EventRegister
RegOpenKeyExW
RegGetValueW
RevertToSelf
RegDisablePredefinedCache
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
OpenProcessToken
GetKernelObjectSecurity
GetAce
SetKernelObjectSecurity
DuplicateTokenEx
ConvertSidToStringSidW
FreeSid
ImpersonateLoggedOnUser
MapGenericMask
GetNamedSecurityInfoW
IsValidSid
EqualSid
EventUnregister
CreateProcessAsUserW
GetTokenInformation
SetThreadToken
RegCreateKeyExW
RegQueryValueExW
CreateRestrictedToken
DuplicateToken
LookupPrivilegeValueW
CopySid
CreateWellKnownSid
InitializeSid
GetSidSubAuthority
GetSecurityInfo
SetEntriesInAclW
SystemFunction036

kernel32

WriteConsoleW
GetStdHandle
SetEnvironmentVariableW
GetFileType
OpenMutexW
FreeLibrary
GetProcAddress
LoadLibraryW
SetDllDirectoryW
GetLastError
GetModuleFileNameW
VerSetConditionMask
GetFileAttributesW
GetProcessTimes
GetCurrentProcess
GetModuleHandleW
VerifyVersionInfoW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
HeapSetInformation
GetCurrentThread
CreateIoCompletionPort
SetLastError
CreateEventW
CreateThread
ResetEvent
GetQueuedCompletionStatus
UnregisterWait
SetEvent
RegisterWaitForSingleObject
TerminateJobObject
PostQueuedCompletionStatus
WaitForSingleObject
DuplicateHandle
SetInformationJobObject
GetCurrentThreadId
TerminateProcess
GetUserDefaultLangID
GetUserDefaultLCID
GetUserDefaultLocaleName
EnumSystemLocalesEx
HeapDestroy
GetTickCount
GetVersionExW
GetProductInfo
GetNativeSystemInfo
IsWow64Process
LocalFree
GetCurrentProcessId
ProcessIdToSessionId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnregisterWaitEx
DeleteCriticalSection
Sleep
IsDebuggerPresent
RaiseException
CloseHandle
GetThreadId
SetThreadPriority
GetThreadPriority
SetHandleInformation
AssignProcessToJobObject
WriteProcessMemory
CreateFileMappingW
MapViewOfFile
GetCurrentProcessorNumber
SetThreadAffinityMask
VirtualFree
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
ExpandEnvironmentStringsW
QueryDosDeviceW
GetLongPathNameW
CreateFileW
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
GetCurrentDirectoryW
GetLocalTime
OutputDebugStringA
WriteFile
FormatMessageA
LoadLibraryExW
GetModuleHandleExW
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryThreadCycleTime
CreateNamedPipeW
CreateProcessW
HeapSize
QueryInformationJobObject
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateMutexW
UnmapViewOfFile
GetCommandLineW
CreateDirectoryW
ReadFile
SetCurrentDirectoryW
TlsGetValue
AcquireSRWLockExclusive
SearchPathW
lstrlenW
DebugBreak
RtlUnwind
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
FlushFileBuffers
FindClose
FindNextFileW
FindFirstFileExW
SetUnhandledExceptionFilter
RtlCaptureStackBackTrace
TlsAlloc
TlsFree
TlsSetValue
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateRemoteThread
FreeEnvironmentStringsW
HeapFree
HeapAlloc
GetProcessHeap
SetStdHandle
ExitProcess
GetConsoleMode
GetConsoleOutputCP
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
CreateJobObjectW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree

shell32

SHGetKnownFolderPath
ShellExecuteW

user32

SendMessageW
AllowSetForegroundWindow
FindWindowW
GetWindowThreadProcessId
CloseDesktop
CloseWindowStation
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
CreateWindowStationW
SetProcessWindowStation
CreateDesktopW

winmm

timeGetTime

comctl32

ord344

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f94a73c0d7090df8f352329300dda298

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dropbox_core

advapi32

kernel32

ole32

shell32

user32

winmm

comctl32

Exports

Exports

Sections

.text Size: 600KB - Virtual size: 600KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 11KB - Virtual size: 26KB

.pdata Size: 24KB - Virtual size: 24KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 10.2MB - Virtual size: 10.2MB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 600KB - Virtual size: 600KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 11KB - Virtual size: 26KB

.pdata
Size: 24KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 10.2MB - Virtual size: 10.2MB

.reloc
Size: 572KB - Virtual size: 576KB