60ba660e236a305c4c53afe64d3f03bbb7e2ecc8fdf6f2232d5be6b11232f3b8

Sharing

Copy URL Twitter E-mail

General

Target

60ba660e236a305c4c53afe64d3f03bbb7e2ecc8fdf6f2232d5be6b11232f3b8
Size

6.2MB
MD5

98a44dfbd6564644a940362b17b2b679
SHA1

5d0f5befaf5e24fdb7b38bc667568b20635fc9c1
SHA256

60ba660e236a305c4c53afe64d3f03bbb7e2ecc8fdf6f2232d5be6b11232f3b8
SHA512

4495fb978ddc15d10762202d3260f2b761cfb2a81f3b4a4d2815b934f4cbf847474b8cc45b9a0398bb6c1f8f7d67ea0470b7105a854ba1bc472bebaba46ff532
SSDEEP

49152:YwkRuu6SQkGWA/P6tR7s+18ALZL/NZmXjk2XtgKRz9dmra8EStriSmnYt0ECm948:YDuVWIPoYdw2XtgKBbmLHtYnYtA+mm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60ba660e236a305c4c53afe64d3f03bbb7e2ecc8fdf6f2232d5be6b11232f3b8

Files

60ba660e236a305c4c53afe64d3f03bbb7e2ecc8fdf6f2232d5be6b11232f3b8
.exe windows:6 windows x86 arch:x86

f534d3198ed1d949bb0a5cf28edb34e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\JobRelease\win\Release\bin\x86\Repackager.pdb

Imports

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
FreeSid
AllocateAndInitializeSid
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
GetTokenInformation
OpenProcessToken
LookupAccountSidW
LookupAccountNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
GetSecurityDescriptorDacl
GetUserNameW
QueryServiceStatusEx
OpenServiceW
ControlService
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerW
IsTextUnicode
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetServiceDisplayNameW
OpenTraceW
ProcessTrace
CloseTrace
StartTraceW
ControlTraceW
CloseServiceHandle
QueryServiceStatus

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msi

ord150
ord78
ord158
ord159
ord166
ord115
ord118
ord116
ord49
ord92
ord8
ord52
ord160
ord120
ord32

iphlpapi

GetAdaptersAddresses

kernel32

LeaveCriticalSection
DeleteCriticalSection
RaiseException
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileAttributesExW
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetFileType
ExitProcess
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
GetVersionExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
GetStartupInfoW
UnhandledExceptionFilter
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetModuleHandleExW
QueueUserWorkItem
InitOnceBeginInitialize
InitOnceComplete
QueryPerformanceFrequency
QueryPerformanceCounter
SwitchToThread
TryEnterCriticalSection
HeapReAlloc
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
Sleep
IsDebuggerPresent
GetLogicalDrives
CompareStringW
EnumResourceNamesW
ResetEvent
CreateEventW
TerminateProcess
GetComputerNameExW
GetTickCount
DeviceIoControl
lstrcpynW
ReadProcessMemory
GetProcessTimes
GetFileSizeEx
SetFilePointerEx
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetModuleFileNameA
GetCurrentThread
LoadLibraryA
DeleteTimerQueue
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
OpenProcess
FlushFileBuffers
GetConsoleOutputCP
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
TerminateThread
GetExitCodeThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetSystemTime
GetExitCodeProcess
CreateProcessW
GetStdHandle
DuplicateHandle
QueryDosDeviceW
CompareFileTime
FileTimeToLocalFileTime
GetCurrentProcess
MoveFileW
GetTempFileNameW
GetStringTypeW
LocalAlloc
GetEnvironmentVariableW
GetProcessId
GetSystemTimes
CopyFileExW
HeapFree
HeapAlloc
GetProcessHeap
CopyFileW
CreateFileW
GetFileSize
ReadFile
DeleteFileW
WriteFile
GetProcAddress
GetSystemDirectoryW
CreateFileMappingW
LoadLibraryExA
ExpandEnvironmentStringsA
OutputDebugStringW
CreateMutexW
ReleaseMutex
InitializeCriticalSection
SetEvent
OpenEventW
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
lstrcmpW
VirtualQuery
GlobalFree
LocalFree
DecodePointer
GetFullPathNameW
WaitForSingleObjectEx
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
ExpandEnvironmentStringsW
GetLogicalDriveStringsW
CreateDirectoryW
RemoveDirectoryW
GetTempPathW
SetFileAttributesW
GetFileAttributesW
GetLongPathNameW
GetShortPathNameW
SetUnhandledExceptionFilter
FormatMessageW
VirtualProtect
GetSystemInfo
FindFirstFileW
WideCharToMultiByte
MultiByteToWideChar
FindNextFileW
SetErrorMode
GetLastError
InitializeCriticalSectionEx
EnterCriticalSection
CreateThread
GlobalSize
SetFilePointer
GetEnvironmentStringsW
FileTimeToSystemTime
GetLocalTime
VerSetConditionMask
GlobalUnlock
GlobalLock
GlobalAlloc
FindClose
GetModuleHandleW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
UnmapViewOfFile
MapViewOfFile
VerifyVersionInfoW
lstrlenW
MulDiv
SetLastError
GetCurrentThreadId
lstrcmpiW
FreeLibrary
GetPrivateProfileSectionW
LoadLibraryW
EncodePointer
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LoadLibraryExW
LockResource
SizeofResource
CloseHandle
WaitForSingleObject
SetThreadAffinityMask
VirtualFree

user32

SendInput
GetTopWindow
SetForegroundWindow
UnregisterClassW
GetClassInfoExW
LoadCursorW
RegisterClassExW
SendMessageW
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
GetClientRect
GetDlgItem
DestroyMenu
GetDesktopWindow
GetActiveWindow
IsWindowEnabled
EnableMenuItem
TrackPopupMenu
EnableWindow
DialogBoxParamW
GetParent
IsWindowVisible
RedrawWindow
DrawTextW
CharUpperW
GetTitleBarInfo
GetAncestor
DrawTextExW
GetIconInfo
GetNextDlgTabItem
GetAsyncKeyState
DialogBoxIndirectParamW
IsRectEmpty
EnumWindows
BringWindowToTop
GetForegroundWindow
MsgWaitForMultipleObjectsEx
GetMenuStringW
SetWindowRgn
GetWindowThreadProcessId
RegisterWindowMessageW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
FrameRect
GetSysColorBrush
AppendMenuW
TranslateAcceleratorW
IsMenu
PostQuitMessage
LoadStringA
SetMenuDefaultItem
SetMenuItemInfoW
CheckMenuRadioItem
SetMenu
LoadIconW
IsChild
IsDialogMessageW
LoadAcceleratorsW
LoadStringW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CreateDialogParamW
MonitorFromPoint
ScrollWindowEx
SetScrollPos
SetScrollInfo
MessageBoxW
GetScrollInfo
GetCursor
MonitorFromRect
GetWindowPlacement
SetWindowPlacement
RemoveMenu
WindowFromPoint
LoadImageW
GetMenuItemID
MoveWindow
CopyRect
GetComboBoxInfo
AdjustWindowRectEx
GetMenu
TrackMouseEvent
GetClassNameW
GetFocus
GetKeyState
ModifyMenuW
SetRect
GetLastActivePopup
CreatePopupMenu
GetDlgCtrlID
SetParent
DrawEdge
SetCapture
UpdateWindow
SetCursorPos
GetCursorPos
ReleaseCapture
GetCapture
GetMessagePos
SetRectEmpty
SetCursor
GetWindowDC
EndPaint
BeginPaint
UnionRect
IntersectRect
FillRect
GetSystemMenu
InsertMenuItemW
SetWindowPos
InsertMenuW
DeleteMenu
LoadBitmapW
CharLowerW
ScreenToClient
wsprintfW
KillTimer
SetTimer
PtInRect
SetWindowTextW
GetWindow
MonitorFromWindow
GetMonitorInfoW
DrawFocusRect
DrawStateW
DrawFrameControl
CharNextW
OffsetRect
GetSysColor
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemCount
ReleaseDC
GetDC
ClientToScreen
GetSystemMetrics
MessageBeep
InvalidateRect
SetFocus
ShowWindow
LoadMenuW
GetSubMenu
PostMessageW
TrackPopupMenuEx
InflateRect
EndDialog
SetDlgItemTextW
GetWindowTextW
GetWindowTextLengthW
MapWindowPoints
GetWindowRect
CreateWindowExW
DestroyWindow
IsWindow

gdi32

SetBrushOrgEx
GetCurrentObject
CreateDIBSection
CreatePen
LineTo
MoveToEx
PatBlt
CreateBitmap
CreatePatternBrush
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
GetDeviceCaps
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
CreateFontIndirectW
GetStockObject
GetObjectW
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHFileOperationW
SHGetFolderLocation
ShellExecuteExW
ShellExecuteW
DragAcceptFiles
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW

ole32

CoAllowSetForegroundWindow
GetHGlobalFromStream
StringFromGUID2
CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc
CreateStreamOnHGlobal
CoInitialize
CoSetProxyBlanket
CoUninitialize
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CoInitializeSecurity

oleaut32

SafeArrayCreateVector
SysFreeString
SysAllocString
VarUI4FromStr
VarDateFromStr
GetErrorInfo
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantInit
SafeArrayCopy
SafeArrayDestroy
SafeArrayPutElement
VariantClear
VariantCopy
VariantChangeType
SafeArrayGetElement
SafeArrayCreate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringByteLen
VarUdateFromDate

dbghelp

SymSetSearchPath
SymCleanup
ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa
StackWalk
SymGetModuleBase
SymFunctionTableAccess
SymInitialize
SymSetOptions
SymGetLineFromAddr

zlibai

unzClose
unzLocateFile
unzOpenW
unzGetCurrentFileInfo
unzOpenCurrentFile
unzCloseCurrentFile
unzReadCurrentFile

shlwapi

PathIsDirectoryW
StrCmpLogicalW
PathIsUNCW
ord176
StrStrW
PathFileExistsW

comctl32

ImageList_SetOverlayImage
ImageList_LoadImageW
ImageList_Create
ImageList_AddMasked
ImageList_Draw
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetImageCount
CreateStatusWindowW
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_Destroy

msimg32

GradientFill
AlphaBlend

dwmapi

DwmExtendFrameIntoClientArea
DwmIsCompositionEnabled

propsys

PropVariantToUInt32
PropVariantToBoolean

wininet

InternetCreateUrlW
InternetCrackUrlW
InternetQueryOptionW
InternetReadFile
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetOptionW
InternetOpenW
InternetCloseHandle
InternetSetCookieW
InternetConnectW

ws2_32

WSACleanup
WSAStartup
ntohl
getsockname
shutdown
recv
send
inet_ntoa
getpeername
getsockopt
connect
accept
select
listen
bind
htons
ioctlsocket
closesocket
WSAGetLastError
socket
gethostbyname
htonl

psapi

GetModuleFileNameExW
GetMappedFileNameW

netapi32

NetLocalGroupAdd
NetLocalGroupDel
NetLocalGroupGetInfo
NetLocalGroupAddMembers
NetShareAdd
NetUserEnum
NetUserDel
NetUserAdd
NetShareGetInfo
NetApiBufferFree
NetShareDel

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CertGetCertificateChain
CertFreeCertificateChain
CertNameToStrW
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertOpenStore

urlmon

FindMimeFromData

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.movehcs
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f534d3198ed1d949bb0a5cf28edb34e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

version

msi

iphlpapi

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

dbghelp

zlibai

shlwapi

comctl32

msimg32

dwmapi

propsys

wininet

ws2_32

psapi

netapi32

crypt32

urlmon

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 77KB - Virtual size: 91KB

.rsrc Size: 112KB - Virtual size: 112KB

.reloc Size: 455KB - Virtual size: 455KB

.movehcs Size: 512B - Virtual size: 4KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 77KB - Virtual size: 91KB

.rsrc
Size: 112KB - Virtual size: 112KB

.reloc
Size: 455KB - Virtual size: 455KB

.movehcs
Size: 512B - Virtual size: 4KB