8d3dc5efd085a1a68a3f7364f1dcbc18431209c6c0e05e49f4e88fd7e2b13c23[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8d3dc5efd085a1a68a3f7364f1dcbc18431209c6c0e05e49f4e88fd7e2b13c23.exe
Size

1.2MB
MD5

d86c705a97b321381344768d48ab52b7
SHA1

36f8e341572dfc2cd5ec55e9e2e4de4dfc84fc8a
SHA256

8d3dc5efd085a1a68a3f7364f1dcbc18431209c6c0e05e49f4e88fd7e2b13c23
SHA512

be20b24a7af36afda8b79bd25544b3804bb63add85a99f796d2a164d14229319630274a57269f7717352f3b07b518d0ff3b50bff769d2691b3e9d7fc376ae24d
SSDEEP

24576:MjirjGY+PuXZ6RDECTMR2kzBYh0lhSMXl/pTAnDdod:oirjGYwDFECg8kVNRcnx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d3dc5efd085a1a68a3f7364f1dcbc18431209c6c0e05e49f4e88fd7e2b13c23.exe

Files

8d3dc5efd085a1a68a3f7364f1dcbc18431209c6c0e05e49f4e88fd7e2b13c23.exe
.dll windows:6 windows x64 arch:x64

81115d00adbc1e69b74210eaf543a3c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
WideCharToMultiByte
ExitProcess
CreateEventW
K32GetModuleInformation
GetCurrentProcess
Sleep
AddVectoredExceptionHandler
GetModuleFileNameA
CreateThread
AllocConsole
FreeLibraryAndExitThread
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
WaitForSingleObject
LoadLibraryA
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
GetStdHandle
SetConsoleTextAttribute
GetCurrentThreadId
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
SetLastError
GetFileSize
InitializeSListHead
GetSystemTimeAsFileTime
CreateFileW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetSystemInfo
OpenThread
HeapAlloc
HeapReAlloc
Thread32First
Thread32Next
HeapFree
HeapCreate
GetLocaleInfoEx
FormatMessageA
LocalFree
GetFileInformationByHandleEx
AreFileApisANSI
QueryFullProcessImageNameW
OpenProcess
CloseHandle
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
GetLastError
MultiByteToWideChar
SetConsoleTitleA
CreateDirectoryW
GetFileAttributesExW
GetModuleHandleA
SuspendThread
GetCurrentThread
ReadFile
VirtualQuery
FindClose
FindFirstFileW
GetModuleHandleW

user32

LoadCursorW
SetCursor
SetClipboardData
SetCursorPos
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
GetCursorPos
GetAsyncKeyState
ScreenToClient
GetClientRect
GetKeyState
TrackMouseEvent
GetCapture
SetCapture
CallWindowProcW
ShowWindow
ReleaseCapture
MessageBoxA
DefWindowProcW
ClientToScreen
RegisterClassExW
CreateWindowExW
DestroyWindow
GetForegroundWindow
SetWindowLongPtrW
UnregisterClassW

advapi32

CryptDestroyHash
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptHashData

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Incref@facet@locale@std@@UEAAXXZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??Bios_base@std@@QEBA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Query_perf_counter
_Query_perf_frequency
?_Xbad_function_call@std@@YAXXZ
_Thrd_sleep
_Xtime_get_ticks
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Random_device@std@@YAIXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strxfrm
_Strcoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
_Cnd_do_broadcast_at_thread_exit
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
_Mtx_unlock
_Mbrtowc
?narrow@?$ctype@_W@std@@QEBAPEB_WPEB_W0DPEAD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

ws2_32

connect
closesocket
inet_addr
htons
WSAStartup
socket
WSACleanup

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmAssociateContextEx
ImmGetContext

d3dcompiler_47

D3DCompile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
memmove
strchr
strstr
memcmp
memchr
__std_type_info_destroy_list
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

abort
_invalid_parameter_noinfo_noreturn
_errno
terminate
system
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_beginthreadex
_invalid_parameter_noinfo

api-ms-win-crt-convert-l1-1-0

strtof
atof
strtoll
strtoull
wcstof
strtod
strtoul

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh
realloc

api-ms-win-crt-stdio-l1-1-0

fseek
fread
_wfopen
fgetc
ungetc
fsetpos
_fseeki64
freopen
freopen_s
__stdio_common_vfprintf
fputc
setvbuf
fflush
__stdio_common_vfwprintf
__acrt_iob_func
__stdio_common_vswprintf
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
__stdio_common_vsscanf
_get_stream_buffer_pointers
__stdio_common_vsprintf
fwrite
ftell
fclose
fgetpos

api-ms-win-crt-filesystem-l1-1-0

rename
_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
strcmp
towlower

api-ms-win-crt-math-l1-1-0

_fdsign
cosf
floor
ceilf
acosf
_dclass
log
sqrtf
_dsign
_ldsign
fmodf
round
logf
pow
powf
roundf
sinf
_fdclass
_ldclass

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-utility-l1-1-0

qsort
rand

Sections

.text
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81115d00adbc1e69b74210eaf543a3c3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

version

msvcp140

ws2_32

imm32

d3dcompiler_47

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 864KB - Virtual size: 864KB

.rdata Size: 302KB - Virtual size: 301KB

.data Size: 5KB - Virtual size: 12KB

.pdata Size: 31KB - Virtual size: 30KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 864KB - Virtual size: 864KB

.rdata
Size: 302KB - Virtual size: 301KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 31KB - Virtual size: 30KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 2KB - Virtual size: 1KB