16fcaceb4f76f1802ee9dce2cfc101ca532844951ed7419e68e9c447b9c86556

Sharing

Copy URL Twitter E-mail

General

Target

16fcaceb4f76f1802ee9dce2cfc101ca532844951ed7419e68e9c447b9c86556
Size

2.1MB
MD5

8ab37b5657fd7c9ef21e79c97013ef2c
SHA1

dad44021e31b662e8e43e33262eac91e3beeea9d
SHA256

16fcaceb4f76f1802ee9dce2cfc101ca532844951ed7419e68e9c447b9c86556
SHA512

7a033e0f4e02e8b8c7b2927676144b3ac90ac9fa7f96204f3142b96bdbe82e4e3b928a348d36105453500297d12aaf90b568d5ed23789834d190ac6639d317aa
SSDEEP

24576:+U8EqexVDmS0d1ARkxDRlzmYj0tYC/5JReKq1QMcXEkb9fzTXJ:+HEqexVDmSOxxDI5JRhMIFT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16fcaceb4f76f1802ee9dce2cfc101ca532844951ed7419e68e9c447b9c86556

Files

16fcaceb4f76f1802ee9dce2cfc101ca532844951ed7419e68e9c447b9c86556
.exe windows:6 windows x64 arch:x64

4b05847b4dcacb7d4c02d8fdd78d6b50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\x64\Release\Autoruns64.pdb

Imports

kernel32

ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetConsoleCP
ExitProcess
VirtualProtect
GetSystemInfo
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwindEx
RtlPcToFileHeader
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetSystemTimeAsFileTime
FlushFileBuffers
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
QueryPerformanceCounter
LCMapStringEx
InitOnceBeginInitialize
InitOnceComplete
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetFullPathNameW
GetNativeSystemInfo
IsWow64Process
GetFileTime
QueryDosDeviceW
GetLogicalDrives
SearchPathW
K32GetMappedFileNameW
WaitForMultipleObjects
CreateSemaphoreW
CreateEventW
SetEnvironmentVariableW
FindClose
FindNextFileW
FindFirstFileW
ReleaseSemaphore
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
FileTimeToLocalFileTime
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
ReadFile
WriteConsoleW
LocalAlloc
GetFileType
GetStdHandle
GetVersionExW
GetTickCount64
GetSystemDirectoryW
TerminateThread
CreateThread
WaitForSingleObject
WideCharToMultiByte
OpenProcess
Sleep
ExpandEnvironmentStringsW
GetStartupInfoW
CreateProcessW
GetCommandLineW
VerifyVersionInfoW
GetComputerNameW
lstrcmpW
LocalFree
VirtualQuery
GetCurrentProcessId
VerSetConditionMask
MoveFileW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetNumberFormatEx
GetLocaleInfoW
GlobalAlloc
GetTimeFormatW
GetDateFormatW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
ReadConsoleW
MultiByteToWideChar
lstrcmpiW
LoadLibraryExW
SetThreadPriority
GetCurrentThread
DecodePointer
SetCurrentDirectoryW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
lstrlenW
MulDiv
LoadLibraryW
FreeLibrary
GetThreadId
CloseHandle
GetTempPathW
WriteFile
GetTempFileNameW
DeleteFileW
CreateFileW
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalLock
GlobalUnlock

user32

SetClipboardData
CloseClipboard
OpenClipboard
DialogBoxIndirectParamW
IsRectEmpty
EnumDisplaySettingsW
FindWindowExW
FindWindowW
SetForegroundWindow
WaitForInputIdle
IsDlgButtonChecked
DestroyMenu
SetMenuItemInfoW
GetSysColor
LoadImageW
EmptyClipboard
SendMessageW
DrawIconEx
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
CheckDlgButton
EnableWindow
GetDlgItemTextW
MonitorFromPoint
IsDialogMessageW
CheckMenuRadioItem
GetWindowThreadProcessId
GetDesktopWindow
SetRectEmpty
SetRect
WindowFromPoint
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
MessageBeep
AdjustWindowRectEx
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenuEx
DeleteMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
CreatePopupMenu
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetActiveWindow
CharLowerW
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
IsMenu
PostQuitMessage
GetMessagePos
DrawFrameControl
DrawEdge
TrackMouseEvent
RegisterWindowMessageW
LoadStringA
EnumChildWindows
MessageBoxW
LoadMenuW
LoadAcceleratorsW
CharNextW
DestroyWindow
IsWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
LoadIconW
GetDlgItem
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
EndDialog
GetAncestor
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
GetSystemMetrics
IsWindowEnabled
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetSysColorBrush
LoadCursorW
GetParent
SetWindowLongPtrW
GetWindowLongPtrW

gdi32

CreateFontIndirectW
SetViewportOrgEx
ExtTextOutW
SetBkColor
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBkMode
SetTextColor
GetObjectW
CreateSolidBrush
CreatePen
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
LineTo
Rectangle
SetTextAlign
MoveToEx
TextOutW
Polyline
CreateBitmap
CreatePatternBrush
ExcludeClipRect
GetCurrentObject
PatBlt
Polygon
SetBrushOrgEx
SetMapMode
EndDoc
StartPage
EndPage
StartDocW
CreateDIBSection

comdlg32

FindTextW
PrintDlgW
ChooseFontW
ReplaceTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegSetValueExW
CryptDestroyHash
GetServiceDisplayNameW
QueryServiceConfig2W
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadMUIStringW
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegGetValueW
RegOpenKeyW
RegCreateKeyW
RegRenameKey
RegEnumValueW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
ConvertStringSidToSidW
LookupAccountSidW
RegCopyTreeW
RegDeleteTreeW
RegQueryValueExW
ConvertSidToStringSidW
RegLoadKeyW
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetKnownFolderPath
SHEvaluateSystemCommandTemplate
CommandLineToArgvW
ShellExecuteExW
SHGetStockIconInfo
ExtractIconExW
ShellExecuteW
ExtractAssociatedIconW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
StgCreateStorageEx
StgOpenStorageEx
CLSIDFromString

oleaut32

VarUI4FromStr
VariantInit
VariantClear
SysStringLen
SysAllocString
SysFreeString

shlwapi

SHAutoComplete
SHCreateStreamOnFileW

comctl32

ImageList_DrawIndirect
ImageList_DrawEx
ImageList_GetIconSize
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Read
ImageList_WriteEx
ImageList_Create
ImageList_GetImageCount
ImageList_Draw
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_Duplicate
CreateStatusWindowW
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy

uxtheme

IsThemeActive
SetWindowTheme
IsAppThemed

msimg32

GradientFill

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpConnect

crypt32

CertGetNameStringW

Sections

.text
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.nsa
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b05847b4dcacb7d4c02d8fdd78d6b50

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

uxtheme

msimg32

version

dwmapi

winhttp

crypt32

Sections

.text Size: 845KB - Virtual size: 844KB

.rdata Size: 271KB - Virtual size: 270KB

.data Size: 43KB - Virtual size: 115KB

.pdata Size: 31KB - Virtual size: 31KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 727KB - Virtual size: 726KB

.reloc Size: 5KB - Virtual size: 4KB

.nsa Size: 128KB - Virtual size: 132KB

.text
Size: 845KB - Virtual size: 844KB

.rdata
Size: 271KB - Virtual size: 270KB

.data
Size: 43KB - Virtual size: 115KB

.pdata
Size: 31KB - Virtual size: 31KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 727KB - Virtual size: 726KB

.reloc
Size: 5KB - Virtual size: 4KB

.nsa
Size: 128KB - Virtual size: 132KB