487c3e6ed38cd4c8a392f6deeb0f0632

Sharing

Copy URL Twitter E-mail

General

Target

487c3e6ed38cd4c8a392f6deeb0f0632
Size

476KB
MD5

487c3e6ed38cd4c8a392f6deeb0f0632
SHA1

897e269900582a5148d75292088c97a5fc1d423b
SHA256

c0cf0f89f6449fb20436a7768961b809f4226542cb76af93f3f27111ef78a6bc
SHA512

8923a5e961043b5821223905046255c451e3aa00dd5a5847cfe175a30f9e1062b2e20ea609cc1597899851fbf8ef04c001b635c1a5cd1a9faa4c0f5d6f53b732
SSDEEP

12288:POYTHnv3qN/T74vCHqwWh9jvYGqLhn1q2zbn5TBso6ZG4GB:a+vYGq9n1Lzb5TBsowZGB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
487c3e6ed38cd4c8a392f6deeb0f0632

Files

487c3e6ed38cd4c8a392f6deeb0f0632
.exe windows:6 windows x86 arch:x86

2f2b1b264e9fe6d0751c6fb86c62a12c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workarea\13.20\drivers\2d\dal\eeu\build\client\wNxt\B_rel\atieclxx.pdb

Imports

user32

PostQuitMessage
DefWindowProcA
PostMessageA
BroadcastSystemMessageA
DispatchMessageA
GetMessageA
RegisterWindowMessageA
RegisterClassA
DestroyWindow
ShowWindow
SetTimer
KillTimer
UpdateWindow
ChangeWindowMessageFilter
ChangeDisplaySettingsExA
EnumDisplaySettingsA
MessageBoxW
MessageBoxA
GetForegroundWindow
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop
PostThreadMessageA
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationA
EnumDisplaySettingsExA
EnumWindows
FindWindowA
GetPropA
SendMessageA
SystemParametersInfoA
EnumDisplayDevicesA
SetSysColors
GetSysColor
RedrawWindow
SendInput
wsprintfW
CreateWindowExA

gdi32

D3DKMTPollDisplayChildren
D3DKMTEscape
D3DKMTCloseAdapter
D3DKMTOpenAdapterFromHdc
D3DKMTQueryAdapterInfo
SetDeviceGammaRamp
DeleteDC
CreateDCA
D3DKMTInvalidateActiveVidPn

advapi32

RegOpenCurrentUser
ImpersonateLoggedOnUser
RegisterEventSourceA
ReportEventA
RegQueryValueExA
RegGetValueW
RegGetValueA
RegSetValueExW
RegDeleteValueA
RegDeleteKeyA
GetCurrentHwProfileA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteTreeA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RevertToSelf

userenv

UnloadUserProfile
LoadUserProfileA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSQueryUserToken
WTSRegisterSessionNotification

powrprof

PowerSetActiveScheme
PowerReadACValueIndex
PowerReadDCValueIndex
PowerReadSettingAttributes
PowerWriteFriendlyName
PowerWritePossibleValue
PowerWritePossibleFriendlyName
PowerWriteACDefaultIndex
PowerWriteDCDefaultIndex
PowerWriteSettingAttributes
PowerRemovePowerSetting
PowerCreateSetting
PowerCreatePossibleSetting
PowerEnumerate
PowerWriteACValueIndex
PowerWriteDCValueIndex
PowerSettingAccessCheck
PowerGetActiveScheme

setupapi

CM_Get_DevNode_Status
CM_Get_Device_ID_ExA
CM_Get_Child_Ex
CM_Request_Eject_PC
SetupDiOpenDeviceInfoA
CM_Locate_DevNodeA
CM_Get_Parent
CM_Get_Device_IDA
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiCallClassInstaller
SetupDiGetHwProfileList
SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiSetDeviceRegistryPropertyA
CM_Reenumerate_DevNode

dwmapi

DwmIsCompositionEnabled
ord102

ole32

CoCreateInstance
PropVariantClear
CoInitialize
CoUninitialize

difxapi

DriverPackageInstallA

kernel32

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
TerminateProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FatalAppExitA
SetUnhandledExceptionFilter
SetFilePointerEx
GetStringTypeW
GetLocaleInfoEx
GetTimeFormatEx
GetDateFormatEx
CompareStringEx
GetUserDefaultLocaleName
LCMapStringEx
IsValidLocaleName
EnumSystemLocalesEx
InterlockedExchange
LoadLibraryExW
SetConsoleCtrlHandler
OutputDebugStringW
LoadLibraryW
SetStdHandle
WriteConsoleW
HeapReAlloc
GetModuleFileNameA
GetStartupInfoW
InitOnceExecuteOnce
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetFileType
GetProcessHeap
GetModuleFileNameW
WriteFile
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
SetLastError
RaiseException
HeapAlloc
DecodePointer
EncodePointer
IsDebuggerPresent
HeapFree
IsProcessorFeaturePresent
GetCommandLineA
WideCharToMultiByte
RtlUnwind
HeapSize
CreateFileW
SetEndOfFile
K32GetProcessImageFileNameA
K32EnumProcesses
GetSystemDefaultLangID
FindResourceExA
LockResource
LoadResource
FreeResource
WinExec
OpenMutexA
CreateMutexA
ReleaseMutex
SetThreadPriority
CreateThread
GetCurrentThreadId
VerifyVersionInfoW
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
ReadFile
Sleep
ReadConsoleW
MapViewOfFile
OpenFileMappingA
GetFileAttributesA
SetFileAttributesA
OutputDebugStringA
GetSystemDirectoryA
CopyFileA
WTSGetActiveConsoleSessionId
LocalFree
CloseHandle
GetLastError
CreateProcessA
OpenProcess
lstrlenW
QueryFullProcessImageNameW
GetLocalTime
GetExitCodeThread
GetTickCount
GetSystemPowerStatus
FreeLibrary
GetProcAddress
LoadLibraryA
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
OpenEventA
WaitForMultipleObjects

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f2b1b264e9fe6d0751c6fb86c62a12c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

advapi32

userenv

wtsapi32

powrprof

setupapi

dwmapi

ole32

difxapi

kernel32

Sections

.text Size: 337KB - Virtual size: 336KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 337KB - Virtual size: 336KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 19KB