2c3eb95354c838e834891432119c6b241de22345d4683769745ac6b72e51dda7

Sharing

Copy URL

Twitter E-mail

General

Target

2c3eb95354c838e834891432119c6b241de22345d4683769745ac6b72e51dda7
Size

307KB
MD5

26ed739157bb2c1ffb2562f028f6a6ef
SHA1

345173658a9b833ca891ef5584e083aa73350948
SHA256

2c3eb95354c838e834891432119c6b241de22345d4683769745ac6b72e51dda7
SHA512

db1bf1707149f2017e1fb72e437a512237672e4b3f93f28e59eccfb25c8c10840d1f0352d1bff58d29ad2fa4ad65dacf8e3b5ac5eeeb944099068a9f2a07584f
SSDEEP

6144:yW7h5RHYUX6uL5u28DBaKO1BT/MADrHfAjU+iO7B0xy4Ajhy10:H7TR4UX6uL5uJDBa11BT/MADTA3hBvHy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c3eb95354c838e834891432119c6b241de22345d4683769745ac6b72e51dda7

Files

2c3eb95354c838e834891432119c6b241de22345d4683769745ac6b72e51dda7
.exe windows:6 windows x86 arch:x86

67c65bdc980fd02b1e6c38aee3b6c3e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SndVol.pdb

Imports

gdi32

Rectangle
BeginPath
CreatePen
SetBkMode
EndPath
PathToRegion
Polygon
SetTextColor
SetBkColor
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateFontIndirectW
DeleteObject

user32

AdjustWindowRectEx
MonitorFromRect
GetMonitorInfoW
IsWindowEnabled
SetCursor
OffsetRect
DrawFocusRect
LoadImageW
SystemParametersInfoW
EqualRect
SendMessageW
BringWindowToTop
DefWindowProcW
DestroyWindow
DialogBoxParamW
CreateWindowExW
CallWindowProcW
SetWindowLongW
GetWindowLongW
DialogBoxIndirectParamW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
DestroyAcceleratorTable
GetSysColor
GetWindow
GetFocus
SetFocus
IsChild
EndPaint
FillRect
BeginPaint
GetClientRect
IsWindow
RedrawWindow
SetWindowPos
SetRectEmpty
GetParent
CharNextW
GetDesktopWindow
ReleaseDC
GetDC
CreateAcceleratorTableW
MoveWindow
ClientToScreen
ScreenToClient
DrawEdge
SetClassLongW
GetClassLongW
EnumWindows
FrameRect
ValidateRect
PrivateExtractIconsW
FindWindowW
SetForegroundWindow
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
GetDlgItem
MapWindowPoints
LoadStringW
GetSysColorBrush
DrawTextW
InflateRect
GetSystemMetrics
DestroyMenu
GetMenuItemInfoW
TrackPopupMenuEx
CheckMenuRadioItem
GetMenuItemCount
InsertMenuItemW
CreatePopupMenu
IntersectRect
MapDialogRect
GetWindowRect
ShowWindow
SendDlgItemMessageW
SetDlgItemTextW
SetWindowContextHelpId
SetWindowRgn
CreateDialogIndirectParamW
PostQuitMessage
GetDlgCtrlID
SubtractRect
PostMessageW
SetProcessDPIAware
SetProcessDefaultLayout
GetActiveWindow
GetClassNameW
GhostWindowFromHungWindow
UnregisterClassA
IsWindowVisible
InternalGetWindowText
GetIconInfoExW
SetScrollInfo
GetScrollPos
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsDlgButtonChecked
CheckDlgButton
CopyRect
SetRect
EnableWindow
EndDialog
EnumChildWindows
DestroyIcon
KillTimer
SetTimer
CalculatePopupWindowPosition
GetForegroundWindow
GetWindowThreadProcessId
GetDoubleClickTime
LoadIconW
NotifyWinEvent
PtInRect

msvcrt

_wtoi
wcstol
_CxxThrowException
__CxxFrameHandler3
??_V@YAXPAX@Z
??3@YAXPAX@Z
_isnan
??2@YAPAXI@Z
memset
memcpy_s
malloc
free
??_U@YAPAXI@Z
swprintf_s
_ftol2_sse
_vsnwprintf
memmove_s
calloc
_vscwprintf
vswprintf_s
_controlfp
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_errno
realloc
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
iswspace
memcpy
_XcptFilter
_exit
_cexit
__wgetmainargs
_resetstkoflw
_wcsicmp
_purecall

api-ms-win-core-localregistry-l1-1-0

RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

comctl32

ImageList_ReplaceIcon
ord17
ImageList_Destroy
ImageList_SetBkColor
ImageList_Create
ord381
ImageList_Draw
ImageList_Remove

ole32

StringFromGUID2
OleLockRunning
CLSIDFromString
PropVariantClear
CLSIDFromProgID
CoGetClassObject
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateGuid
CoUninitialize

oleaut32

SysAllocString
VariantInit
VariantClear
SysAllocStringLen
SysStringLen
SysStringByteLen
OleCreateFontIndirect
VarBstrCmp
LoadRegTypeLi
LoadTypeLi
SysFreeString

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFileInfoW
Shell_NotifyIconGetRect

gdiplus

GdipCreateSolidFill
GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipCreateLineBrush
GdipCreatePen1
GdipDeletePen
GdipCreatePath
GdipDeletePath
GdipCloneBrush
GdipFillPath
GdipFillRectangle
GdipDrawLine
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathLine
GdipDeleteBrush

ntdll

EtwEventWrite
EtwTraceMessage
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags

uxtheme

DrawThemeTextEx
BeginBufferedPaint
EndBufferedPaint
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
DrawThemeParentBackgroundEx
GetThemeTextExtent
SetWindowTheme
IsThemeActive
OpenThemeData
DrawThemeBackground
DrawThemeText
CloseThemeData
BufferedPaintUnInit
BufferedPaintInit
GetThemeColor
BufferedPaintSetAlpha

dwmapi

DwmRegisterThumbnail
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
DwmSetWindowAttribute
DwmQueryThumbnailSourceSize
DwmIsCompositionEnabled

shlwapi

PathParseIconLocationW
ord487
StrTrimW
PathFindExtensionW
PathFindFileNameW
ord348

imm32

ImmDisableIME

kernel32

GetStartupInfoW
VirtualAlloc
VirtualFree
LoadLibraryA
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
DelayLoadFailureHook
QueryFullProcessImageNameW
UnregisterWaitEx
GetTickCount
GetExitCodeProcess
RegisterWaitForSingleObject
QueueUserWorkItem
FormatMessageW
LocalFree
SetEvent
WaitForSingleObject
SetUnhandledExceptionFilter
CreateThread
SetThreadPriority
CreateEventW
GetCurrentProcessId
CreateProcessW
QueryPerformanceCounter
FindResourceExW
SizeofResource
lstrlenA
MultiByteToWideChar
Sleep
LeaveCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
GetModuleFileNameW
MulDiv
lstrcmpW
lstrlenW
GlobalLock
GlobalUnlock
FindResourceW
GlobalAlloc
LoadResource
LockResource
GlobalHandle
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
RaiseException
GetCurrentThreadId
SetLastError
CreateMutexW
GetLastError
CloseHandle
HeapSetInformation
GlobalFree
ResetEvent
GetModuleHandleA
ExpandEnvironmentStringsW
FreeResource
LoadLibraryExW
GetUserDefaultUILanguage
GetLocaleInfoW
EnumUILanguagesW
OutputDebugStringA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
OpenProcess

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67c65bdc980fd02b1e6c38aee3b6c3e3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

user32

msvcrt

api-ms-win-core-localregistry-l1-1-0

comctl32

ole32

oleaut32

shell32

gdiplus

ntdll

uxtheme

dwmapi

shlwapi

imm32

kernel32

Sections

.text Size: 229KB - Virtual size: 229KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 9KB - Virtual size: 29KB

.text
Size: 229KB - Virtual size: 229KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 9KB - Virtual size: 29KB