f6711995b79043d9cf7378a2cf7ad4caf2d57246b836c7035438ac157d3473d4

Sharing

Copy URL Twitter E-mail

General

Target

f6711995b79043d9cf7378a2cf7ad4caf2d57246b836c7035438ac157d3473d4
Size

426KB
MD5

524909cb66848b1ee2987fdc0b69b451
SHA1

cdb49eb6e4067c91ba1a40ca2561f6345ba24ce7
SHA256

f6711995b79043d9cf7378a2cf7ad4caf2d57246b836c7035438ac157d3473d4
SHA512

6e184945814ebc7d16a93c13f7c1c435dbd8c8017139f6f01ed554d62f802bd3078a35880649d42ef79500a7dd2147e102c245f40bb442bc25a82ded0b99094e
SSDEEP

12288:1QfZa2+j9O3UNfSaXkoPu5vpNzOOF87WVe3MbT:1QN+j90UtSObuxrzOOF87WVecb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6711995b79043d9cf7378a2cf7ad4caf2d57246b836c7035438ac157d3473d4

Files

f6711995b79043d9cf7378a2cf7ad4caf2d57246b836c7035438ac157d3473d4
.exe windows:5 windows x86 arch:x86

467bbc3ac7db0c4d253597056bfb5153

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\bld\nview\v146\nview\bin\Win32\Release\nvTaskBar.pdb

Imports

psapi

EnumProcessModules
GetModuleBaseNameW

kernel32

GetTickCount
lstrcmpiW
CreateSemaphoreW
lstrlenW
lstrcmpW
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
MultiByteToWideChar
CloseHandle
WaitForSingleObject
CreateEventW
GetProcAddress
GetModuleHandleW
VerifyVersionInfoW
GetFullPathNameW
ExpandEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
CreateFileA
ReadFile
GetProcessHeap
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileW
SetStdHandle
SetFilePointer
GetLocaleInfoA
GetLocaleInfoW
HeapReAlloc
VirtualAlloc
LCMapStringW
LCMapStringA
LoadLibraryExW
lstrcmpA
ExpandEnvironmentStringsA
GetSystemDirectoryW
VirtualFreeEx
Sleep
WinExec
VerSetConditionMask
CreateProcessW
GetCurrentProcess
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
FreeLibrary
InterlockedExchange
GetLastError
LoadLibraryA
RaiseException
lstrcpyW
FormatMessageW
GetModuleFileNameW
GetTempPathW
GetCurrentProcessId
OutputDebugStringW
CreateMutexW
GetCurrentThreadId
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
FindClose
FindFirstFileW
GetWindowsDirectoryW
GetUserDefaultUILanguage
LockResource
SizeofResource
LoadResource
FindResourceW
GetFileAttributesW
GetVersionExW
ReleaseMutex
IsWow64Process
CreateProcessA
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
GetCommandLineA
GetStartupInfoA
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
DeleteCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter

user32

InvalidateRect
GetClientRect
RedrawWindow
InflateRect
FillRect
EnumWindows
GetWindowPlacement
IntersectRect
GetMonitorInfoW
CopyIcon
GetClassLongW
IsIconic
GetWindow
PostQuitMessage
UnregisterClassW
MonitorFromPoint
EnumDisplayDevicesW
EnumDisplaySettingsW
EqualRect
DeregisterShellHookWindow
RegisterWindowMessageW
RegisterShellHookWindow
DispatchMessageW
GetMessageW
TranslateMessage
PostMessageW
IsWindowVisible
UpdateWindow
SystemParametersInfoW
LoadBitmapW
DialogBoxParamW
LoadMenuIndirectW
LoadStringW
EndDialog
GetDlgCtrlID
SetDlgItemTextW
SetFocus
GetDlgItem
SetWindowTextW
GetSystemMetrics
EndPaint
DrawTextW
BeginPaint
MoveWindow
IsHungAppWindow
IsRectEmpty
wsprintfW
GetClassNameW
GetSysColor
ScreenToClient
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
GetDC
ReleaseDC
CreatePopupMenu
GetParent
GetWindowThreadProcessId
FindWindowExW
SetForegroundWindow
GetForegroundWindow
ClientToScreen
PtInRect
GetWindowTextW
DestroyIcon
KillTimer
GetClassInfoExW
LoadIconW
LoadCursorW
GetSysColorBrush
LoadImageW
RegisterClassExW
RegisterClassW
DefWindowProcW
GetWindowLongW
CreateWindowExW
GetCursorPos
LoadMenuW
TrackPopupMenu
DestroyMenu
SetWindowLongW
DestroyWindow
GetSubMenu
CheckMenuItem
CascadeWindows
TileWindows
FindWindowW
ShowWindow
SendMessageW
GetWindowRect
SetTimer
SetWindowPos

gdi32

DeleteObject
GetDeviceCaps
CreateSolidBrush
GetStockObject
BitBlt
CreateFontIndirectW
SetBkMode
DeleteDC
StretchBlt
GetObjectW
SelectObject
CreateCompatibleDC

advapi32

GetSecurityDescriptorSacl
RegNotifyChangeKeyValue
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegCreateKeyExW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegOpenCurrentUser
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AddAccessAllowedAce
InitializeAcl
GetLengthSid
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
CreateWellKnownSid
CheckTokenMembership
GetTokenInformation
RegSetKeySecurity
RegEnumKeyExW
ImpersonateSelf
OpenThreadToken

shell32

SHAppBarMessage
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

SHDeleteKeyW

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

467bbc3ac7db0c4d253597056bfb5153

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 13KB - Virtual size: 13KB