cb707f61c061e401272c6656fb2ffa2b57074692cc0ca0a87326aa1d1112ddb4

Sharing

Copy URL Twitter E-mail

General

Target

cb707f61c061e401272c6656fb2ffa2b57074692cc0ca0a87326aa1d1112ddb4
Size

4.2MB
MD5

59515e280fed00e03ba446a003539f3a
SHA1

96bc7d3413777549ab0536aa302c49bbcad920f9
SHA256

cb707f61c061e401272c6656fb2ffa2b57074692cc0ca0a87326aa1d1112ddb4
SHA512

cf9a169f9440a04d78f7cd5d3f9ccb31865ce8369a74c5fd7a7082076dcc419ba390eef0a37c4900c35f4a56ca319b2588c21ef12d037a0632fff0e592933546
SSDEEP

98304:FgLC9iDDxPc9bMeCX0uGrJzWmXW3N+YZ8M/vvN31bxTjYvH:v9iXxPc9YeCXYrJzS+48M/Dtv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb707f61c061e401272c6656fb2ffa2b57074692cc0ca0a87326aa1d1112ddb4

Files

cb707f61c061e401272c6656fb2ffa2b57074692cc0ca0a87326aa1d1112ddb4
.exe windows:6 windows x86 arch:x86

51e484d1a169f99dedab24ccbec46082

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bld_area\fsd_5_31_0_4\VS141\Bin\Win32\Release\FSDUI.pdb

Imports

gdiplus

GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateFromHDC
GdipCreateImageAttributes
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipDeleteGraphics
GdipDrawImageRectI
GdipDrawImagePointsI
GdipDrawImageRectRect
GdipDrawImagePointRectI
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageRotateFlip
GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup

kernel32

GetFileAttributesExW
SetFileTime
VirtualFree
VirtualAlloc
GetProcessAffinityMask
GetSystemInfo
GlobalMemoryStatus
WaitForMultipleObjects
GetFileSize
SetFilePointer
MoveFileW
GetTempPathW
GetModuleHandleA
SystemTimeToFileTime
GetSystemTime
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileAttributesA
ExpandEnvironmentStringsW
GetSystemDefaultLCID
ResumeThread
GetThreadContext
GetUserDefaultLCID
LoadLibraryW
TerminateProcess
GetCurrentThread
VirtualQuery
GlobalMemoryStatusEx
QueryDosDeviceW
ReleaseSemaphore
SetEvent
ResetEvent
CreateSemaphoreW
CreateEventW
InitializeCriticalSection
LCMapStringW
MoveFileExW
GetFileInformationByHandle
FlushFileBuffers
SetEndOfFile
GetFileSizeEx
SetFilePointerEx
WriteFile
ReadFile
InitializeCriticalSectionAndSpinCount
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
AreFileApisANSI
FormatMessageA
CreateWaitableTimerA
OpenEventA
GetStartupInfoW
UnhandledExceptionFilter
lstrcmpW
lstrcmpA
ReadProcessMemory
ReleaseMutex
CreateMutexW
WaitForMultipleObjectsEx
UnregisterWaitEx
SetWaitableTimer
CancelWaitableTimer
GetProcessTimes
lstrlenA
GetLongPathNameW
GetCommandLineW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
lstrcpyW
OpenEventW
DuplicateHandle
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
IsWow64Process
GetTempFileNameW
EncodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemDefaultLangID
WaitForSingleObjectEx
LoadLibraryExA
VirtualProtect
GlobalLock
GlobalAlloc
GetLocaleInfoW
GetSystemDirectoryW
OpenProcess
CopyFileW
GlobalFree
FindNextFileW
FindFirstFileW
SetFileAttributesW
GetExitCodeProcess
CreateProcessW
DeviceIoControl
FileTimeToSystemTime
FindClose
GetLocalTime
GlobalUnlock
MulDiv
DecodePointer
SetDllDirectoryW
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
IsProcessorFeaturePresent
MultiByteToWideChar
DeleteFileW
CompareStringW
SetLastError
WaitForSingleObject
RemoveDirectoryW
CreateDirectoryW
GetCurrentProcessId
RaiseException
lstrlenW
LocalAlloc
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventA
GetCurrentThreadId
InitializeCriticalSectionEx
VerSetConditionMask
VerifyVersionInfoW
Sleep
GetTickCount
LocalFree
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetLastError
CreateFileW
GetFileAttributesW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetCurrentProcess
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WideCharToMultiByte

user32

SetWindowLongW
DefWindowProcW
IsCharAlphaNumericW
GetParent
GetWindowLongW
CharUpperW
GetClassNameW
ScreenToClient
SetRectEmpty
GetFocus
CopyRect
GetSysColor
EqualRect
FindWindowW
DestroyMenu
MonitorFromPoint
TrackPopupMenuEx
SetMenuInfo
AppendMenuW
CreateDialogParamW
GetCursorPos
CreateMenu
LoadIconW
SetMenuDefaultItem
PeekMessageW
CharNextW
EndDialog
GetDesktopWindow
DialogBoxParamW
DispatchMessageW
TranslateMessage
GetMessageW
ExitWindowsEx
DrawFocusRect
DrawEdge
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
OffsetRect
ReleaseDC
SetCapture
ReleaseCapture
PtInRect
ClientToScreen
GetCapture
SetTimer
GetDlgCtrlID
KillTimer
CreateWindowExW
IsWindow
GetWindowDC
DestroyWindow
IsWindowVisible
IsDialogMessageW
AttachThreadInput
GetWindowThreadProcessId
SetForegroundWindow
GetForegroundWindow
MessageBoxW
SetRect
GetDC
DrawTextW
FrameRect
FillRect
EnableMenuItem
GetSystemMenu
MoveWindow
CallWindowProcW
AdjustWindowRectEx
EndPaint
BeginPaint
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
MapWindowPoints
SetWindowPos
SystemParametersInfoW
SetScrollPos
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
GetClientRect
ShowWindow
PostQuitMessage
GetKeyState
InvalidateRect
PostMessageW
GetWindow
RegisterWindowMessageW
SetWindowTextW
EnableWindow
CharPrevW
MsgWaitForMultipleObjectsEx
IsWindowUnicode
GetMessageA
DispatchMessageA
wsprintfW
GetDlgItem
GetMenu
SendMessageW
RegisterClassExW
GetSystemMetrics
GetClassInfoExW
LoadImageW
SetCursor
LoadCursorW
UnregisterClassW
SetFocus

gdi32

CreateFontIndirectW
GetDeviceCaps
CreateFontW
BitBlt
GetTextColor
SetBkMode
GetObjectW
SetLayout
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
DeleteDC
GetStockObject
DeleteObject
SetTextColor
CreateSolidBrush

advapi32

CryptDecrypt
MapGenericMask
SetSecurityInfo
GetSecurityInfo
OpenProcessToken
DuplicateToken
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
OpenThreadToken
ConvertSidToStringSidW
CreateProcessAsUserW
SetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
EnumerateTraceGuids
QueryTraceW
FlushTraceW
StopTraceW
RegNotifyChangeKeyValue
LookupPrivilegeNameW
QueryServiceStatusEx
InitializeSecurityDescriptor
CheckTokenMembership
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
EqualSid
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ControlTraceW
ConvertStringSidToSidW
GetNamedSecurityInfoW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetAce
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
TraceMessage
AllocateAndInitializeSid
FreeSid
StartTraceW
RegFlushKey
ControlService
StartServiceW
CryptImportKey
CryptSetKeyParam
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegEnumValueW
SetSecurityDescriptorDacl
MakeAbsoluteSD
EnableTrace

ole32

CLSIDFromString
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateGuid
StringFromIID
StringFromGUID2
PropVariantClear
IIDFromString

oleaut32

SysAllocStringLen
SysFreeString
SafeArrayUnaccessData
SysAllocStringByteLen
SysStringByteLen
VariantCopyInd
SafeArrayCreate
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayCreateVector
VarUI4FromStr
SafeArrayAccessData
SysAllocString
VariantInit
SysStringLen
VariantCopy
VariantClear

shlwapi

PathIsDirectoryW
PathFindFileNameW
PathIsUNCW
PathSkipRootW
PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW
UrlCanonicalizeW
PathMatchSpecW
PathAppendW
SHDeleteKeyW
SHDeleteEmptyKeyW
PathIsUNCServerW

comctl32

InitCommonControlsEx
_TrackMouseEvent

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

psapi

GetProcessImageFileNameW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 545KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 792KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 720KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

51e484d1a169f99dedab24ccbec46082

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

comctl32

rpcrt4

psapi

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 545KB - Virtual size: 545KB

.data Size: 13KB - Virtual size: 34KB

.rsrc Size: 792KB - Virtual size: 792KB

.reloc Size: 720KB - Virtual size: 724KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 545KB - Virtual size: 545KB

.data
Size: 13KB - Virtual size: 34KB

.rsrc
Size: 792KB - Virtual size: 792KB

.reloc
Size: 720KB - Virtual size: 724KB