c19fab3de0dc66545870efd0e42790c2b265d6c5454351db1155904cdaa72f4f

Sharing

Copy URL Twitter E-mail

General

Target

c19fab3de0dc66545870efd0e42790c2b265d6c5454351db1155904cdaa72f4f
Size

4.6MB
MD5

62c2f25e10272c62f3d71125145da067
SHA1

2c679b5767c914e0ae304a8342537db62163653a
SHA256

c19fab3de0dc66545870efd0e42790c2b265d6c5454351db1155904cdaa72f4f
SHA512

6d34c2614e97a2658a8cbd56c4a5f95e290477f7fbd4c5316c256bb14ec7142e85edf7ca826079dbecdb92a7f718dd473e8c49191bb8686603fab640989eba0e
SSDEEP

49152:4Jx0taiQTFJlbMvlst7FcepZA51gyTJxzqZAPABnuglmolVmBZK9G+umJXD9:4JZhClQggWqHOBZDoT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c19fab3de0dc66545870efd0e42790c2b265d6c5454351db1155904cdaa72f4f

Files

c19fab3de0dc66545870efd0e42790c2b265d6c5454351db1155904cdaa72f4f
.exe windows:6 windows x64 arch:x64

021a5a31e609f7e240e185c2374812dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\CheckPoints\TPDrv\builderSuperMan1\SynUWPEnh\x64\Release\SynUWPEnh.pdb

Imports

netapi32

NetApiBufferFree
NetWkstaUserGetInfo
NetUserGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameW
SetupDiGetDevicePropertyW
SetupDiOpenClassRegKey
SetupDiCallClassInstaller
SetupDiGetINFClassW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupUninstallOEMInfW
SetupGetLineTextW
SetupCloseInfFile
SetupOpenInfFileW
CM_Get_DevNode_Status

psapi

EnumProcessModules
GetModuleFileNameExW

rpcrt4

RpcStringFreeW
UuidToStringW

comctl32

InitCommonControlsEx

newdev

DiUninstallDevice

kernel32

ExpandEnvironmentStringsW
MultiByteToWideChar
TerminateThread
GetCurrentProcessId
ProcessIdToSessionId
GetTickCount
WaitForMultipleObjects
GetSystemPowerStatus
WTSGetActiveConsoleSessionId
lstrcmpW
GetSystemDefaultLangID
WideCharToMultiByte
LoadLibraryExW
Beep
OpenProcess
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
TryEnterCriticalSection
OpenEventW
GetCurrentThreadId
SetPriorityClass
GetPriorityClass
GetSystemDirectoryW
CopyFileW
MoveFileExW
GetEnvironmentVariableW
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
LeaveCriticalSection
GetSystemTime
lstrcmpiW
SystemTimeToFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFileAttributesW
OutputDebugStringW
DeviceIoControl
GetLocalTime
GetSystemInfo
lstrlenW
FileTimeToSystemTime
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
LocalAlloc
LocalFree
TerminateProcess
GetModuleHandleExW
CreateProcessW
IsWow64Process
QueryPerformanceCounter
lstrlenA
RtlVirtualUnwind
RtlCaptureContext
GetFileAttributesExW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCPInfo
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
EncodePointer
GetStringTypeW
IsDebuggerPresent
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
FreeLibrary
FindResourceExW
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
GetFileAttributesW
LoadLibraryW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
CreateMutexW
ReleaseMutex
GetOverlappedResult
CreateThread
WaitForMultipleObjectsEx
WaitForSingleObject
ResetEvent
SetEvent
Sleep
CreateEventW
WaitNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
GetLastError
CloseHandle
WriteFileEx
WriteFile
ReadFileEx
ReadFile
FlushFileBuffers
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
IsValidCodePage
SetEnvironmentVariableA
GetACP
GetOEMCP
GetStdHandle
GetFileType
SetFilePointerEx
GetConsoleCP
GetConsoleMode
SetStdHandle
ReadConsoleW
WriteConsoleW
SetEnvironmentVariableW
SetEndOfFile
GetExitCodeProcess

user32

RedrawWindow
BringWindowToTop
SetLayeredWindowAttributes
EnumDesktopWindows
SetWindowRgn
EndPaint
BeginPaint
DestroyWindow
SetMenuDefaultItem
TrackPopupMenu
SetMenuItemBitmaps
AppendMenuW
EnableMenuItem
CheckMenuItem
DestroyMenu
CreatePopupMenu
LoadStringW
LockWorkStation
GetScrollInfo
GetWindow
GetWindowLongW
ScreenToClient
InvalidateRect
MapVirtualKeyW
SendDlgItemMessageW
GetDlgItemTextW
MoveWindow
ShowWindowAsync
ShowWindow
RegisterWindowMessageW
SetWindowTextW
EnableWindow
GetKeyNameTextW
GetKeyState
SetFocus
SetDlgItemTextW
DialogBoxParamW
CallWindowProcW
GetWindowInfo
GetGUIThreadInfo
EnumWindows
WindowFromPoint
GetWindowTextW
GetKeyboardLayout
GetClassLongPtrW
GetWindowThreadProcessId
GetParent
GetDesktopWindow
SetClassLongPtrW
KillTimer
SetTimer
SendMessageTimeoutW
DrawEdge
MessageBeep
GetClassNameW
GetForegroundWindow
IsZoomed
IsIconic
IsWindowVisible
EnumChildWindows
GetDlgItem
EndDialog
SystemParametersInfoW
CopyIcon
CopyImage
LoadImageW
DestroyCursor
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
SendNotifyMessageW
PostThreadMessageW
PostQuitMessage
RegisterClassW
IsWindow
SetForegroundWindow
GetWindowPlacement
GetClassInfoExW
WaitForInputIdle
AttachThreadInput
WinHelpW
DrawTextW
GetDlgCtrlID
GetAncestor
EqualRect
IsWindowEnabled
ReleaseCapture
SetCapture
OffsetRect
IntersectRect
ScrollDC
UpdateWindow
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetSystemCursor
SetWindowLongW
MessageBoxW
FindWindowExW
CreateIconIndirect
IsRectEmpty
SetRectEmpty
GetClientRect
CreateDialogParamW
CheckDlgButton
IsDlgButtonChecked
CharUpperW
CharNextW
FillRect
EnumDisplayDevicesW
LoadBitmapW
SetWindowLongPtrW
GetWindowLongPtrW
PtInRect
ClipCursor
SetCursor
GetWindowRect
ReleaseDC
GetDC
SetWindowPos
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetDoubleClickTime
GetCursorPos
GetSystemMetrics
GetAsyncKeyState
PostMessageW
GetSysColor
SendMessageW
wsprintfW
DestroyIcon
MonitorFromWindow
EnumDisplaySettingsW
IsDialogMessageW
LoadIconW
CallNextHookEx
SetWindowsHookExW
EnumThreadWindows
ClientToScreen
SetCursorPos
MsgWaitForMultipleObjects
FindWindowW
SendInput
SetRect

gdi32

MoveToEx
LineTo
GetMapMode
CreatePatternBrush
CreatePen
SetROP2
Rectangle
GetClipBox
CreateBrushIndirect
GdiFlush
SelectClipRgn
Ellipse
CreateRectRgn
CreateEllipticRgn
CreateBitmap
TextOutW
SetTextColor
SetBkMode
SetBkColor
CreateSolidBrush
CreateRoundRectRgn
CreateDCW
GetPixel
ExtCreateRegion
GetTextExtentPoint32W
StretchBlt
SelectObject
GetStockObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW
DeleteObject
AbortDoc
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
CreateDIBitmap
GetDeviceCaps

comdlg32

GetOpenFileNameW
PrintDlgW

advapi32

FreeSid
RegNotifyChangeKeyValue
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegCreateKeyW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegQueryInfoKeyW
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
GetUserNameW

shell32

DragFinish
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteExW
DragQueryFileW

ole32

CoRevokeClassObject
CoUninitialize
CoCreateGuid
CoAddRefServerProcess
PropVariantClear
CoInitialize
CLSIDFromProgID
CoCreateInstance
CoReleaseServerProcess
CoInitializeEx
CoSetProxyBlanket
StringFromGUID2

oleaut32

SysStringLen
SysAllocString
VariantInit
VariantClear
VariantCopy
VarCmp
GetActiveObject
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VariantChangeType
SysFreeString

shlwapi

PathFindFileNameW
SHDeleteKeyW
SHCopyKeyW
StrStrIW
SHDeleteEmptyKeyW
PathFileExistsW
SHDeleteValueW

crypt32

CertCloseStore
CryptMsgGetParam
CryptMsgClose
CertGetNameStringW
CryptQueryObject
CertFreeCertificateContext
CertFindCertificateInStore

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 984KB - Virtual size: 1009KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

021a5a31e609f7e240e185c2374812dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

version

setupapi

psapi

rpcrt4

comctl32

newdev

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 414KB - Virtual size: 414KB

.data Size: 984KB - Virtual size: 1009KB

.pdata Size: 58KB - Virtual size: 58KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 414KB - Virtual size: 414KB

.data
Size: 984KB - Virtual size: 1009KB

.pdata
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB