DARKVISION[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

DARKVISION.exe
Size

4.4MB
MD5

d7411abd0a54122366700fd5394019d1
SHA1

4880fc29230a0909f70d49051397aef5caa43d52
SHA256

648e1c9fd7aacb58c4285cf6a54d9e58f5c2c1f6cc1f166b9e13e7d6a3c4a7fb
SHA512

5b8068c8831f6fb838fa040ff8682b4e1b11f76af8dc476a707a8515a96c56edda19c85f60aa3818c98ae64e36b5d6a1ac04c72a0d3baab17b41d4c7bf625070
SSDEEP

49152:WQ1dTheoQe63xRt1pwDCjgdu58T9VOohDsWR8T9iLeus/HfK:WQvE93xnfmCjCVtGxiLy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DARKVISION.exe

Files

DARKVISION.exe
.exe windows:5 windows x86 arch:x86

64b234f88ec74366b22a798d0b02b24a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mmioOpenW
mmioCreateChunk
mmioAscend
waveOutOpen
mmioWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutReset
mmioClose

advapi32

CryptEncrypt
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptDestroyKey
CryptDuplicateHash
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptExportKey
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextA

shlwapi

StrStrIA
StrStrIW
ord212
StrRChrW
StrCmpNIW

shell32

ord680
CommandLineToArgvW
ShellExecuteA
SHGetFileInfoW
SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListW

kernel32

lstrlenW
LoadLibraryW
ReadFile
GetFileSize
CreateFileW
WideCharToMultiByte
CreateEventW
MultiByteToWideChar
WriteFile
lstrlenA
GetLocalTime
CreateMutexW
lstrcmpW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReleaseMutex
FormatMessageW
FileTimeToSystemTime
ResetEvent
GetFileSizeEx
CompareFileTime
SystemTimeToFileTime
CompareStringW
Sleep
DeleteCriticalSection
InitializeCriticalSection
DeleteFileW
WaitForMultipleObjects
lstrcpyA
CreateEventA
ResumeThread
GetGeoInfoW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
GetTickCount
lstrcmpiA
SetFilePointer
SetLastError
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
CopyFileW
FlushInstructionCache
TryEnterCriticalSection
VirtualQuery
GetProcAddress
GetSystemDirectoryW
GetCommandLineW
VirtualAlloc
GetExitCodeThread
TerminateThread
GetDriveTypeA
FileTimeToLocalFileTime
FindClose
GetProcessHeap
CreateFileA
FormatMessageA
PeekNamedPipe
ExpandEnvironmentStringsA
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
FlushFileBuffers
WriteConsoleW
LeaveCriticalSection
EnterCriticalSection
LocalFree
WaitForSingleObject
lstrcmpiW
SetEvent
CloseHandle
CreateThread
GetModuleHandleW
ExitProcess
LocalAlloc
GetModuleFileNameW
lstrcpyW
GetLastError
SetStdHandle
HeapReAlloc
LCMapStringW
FreeLibrary
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapSize
IsValidCodePage
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
RaiseException
HeapAlloc
HeapFree
RtlUnwind
FindFirstFileExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
HeapDestroy
GetStdHandle
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
ExitThread
GetFileInformationByHandle
GetFileAttributesA
GetFullPathNameA
GetCurrentDirectoryW
SetEndOfFile
GetDriveTypeW
GetTimeZoneInformation
GetCurrentProcess
SetEnvironmentVariableA

uxtheme

SetWindowTheme

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
OleSetContainedObject
StgCreateDocfileOnILockBytes
OleDuplicateData
ReleaseStgMedium
OleCreateStaticFromData
StringFromGUID2
CoCreateGuid
CreateILockBytesOnHGlobal

comctl32

ord413
ImageList_Remove
ImageList_Add
InitializeFlatSB
CreateStatusWindowW
InitCommonControlsEx
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord410
ImageList_Draw

comdlg32

GetOpenFileNameW

ws2_32

WSAWaitForMultipleEvents
gethostname
ioctlsocket
recvfrom
sendto
bind
listen
socket
inet_addr
gethostbyname
connect
WSACloseEvent
WSACreateEvent
send
recv
WSAGetLastError
htons
htonl
getaddrinfo
WSAEnumNetworkEvents
accept
WSAEventSelect
setsockopt
getpeername
inet_ntoa
shutdown
closesocket
WSAStartup
freeaddrinfo
getsockopt
ntohs
getsockname
WSAIoctl
select
__WSAFDIsSet
WSASetLastError
WSACleanup
ntohl

user32

OpenClipboard
KillTimer
wsprintfW
SetDlgItemInt
SetTimer
EndDialog
SendDlgItemMessageW
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostMessageA
GetWindowTextLengthW
GetDlgCtrlID
UpdateWindow
InvalidateRect
GetUpdateRect
GetWindowTextA
DrawIcon
GetDlgItemInt
GetComboBoxInfo
InsertMenuItemW
RegisterClassW
TrackMouseEvent
SetForegroundWindow
MessageBoxA
GetDlgItemTextW
wsprintfA
MapDialogRect
MoveWindow
CreateWindowExW
MessageBoxW
GetClientRect
GetWindowRect
EmptyClipboard
SetWindowPos
SetWindowTextW
DefWindowProcW
ScreenToClient
SetWindowLongW
LoadCursorW
SetCursor
SetCapture
ReleaseCapture
RedrawWindow
BeginPaint
GetDC
FillRect
GetSysColorBrush
EndPaint
ReleaseDC
FrameRect
DrawTextW
IsWindow
ShowWindow
BringWindowToTop
PostMessageW
GetWindowPlacement
EnableWindow
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
DialogBoxParamW
CreateDialogParamW
GetMessageW
GetActiveWindow
TranslateMessage
DispatchMessageW
IsDialogMessageW
SetClipboardData
CloseClipboard
CreateMenu
GetWindowTextLengthA
SendMessageA
SetFocus
IsDlgButtonChecked
CheckDlgButton
GetWindowTextW
GetParent
CallWindowProcW
GetWindowLongW
SendMessageW
DestroyWindow
LoadBitmapW
GetDesktopWindow
GetDlgItem

gdi32

CreateFontIndirectW
SetBkMode
SetTextColor
SetBkColor
CreateSolidBrush
DeleteObject
CreateCompatibleDC
SelectObject
DeleteDC
BitBlt

gdiplus

GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCreateFromHWND
GdipFree
GdipCreateFromHWNDICM
GdipDrawImageRect
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDeleteGraphics
GdipAlloc
GdiplusStartup
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdipCloneImage

crypt32

CertOpenStore
CertAddCertificateContextToStore
CryptQueryObject
CertGetNameStringA
CryptStringToBinaryA
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine
CertFreeCertificateChain
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext

wldap32

ord79
ord33
ord35
ord27
ord60
ord45
ord32
ord200
ord30
ord26
ord50
ord143
ord217
ord211
ord46
ord41
ord301
ord22

normaliz

IdnToAscii

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64b234f88ec74366b22a798d0b02b24a

Headers

DLL Characteristics

File Characteristics

Imports

winmm

advapi32

shlwapi

shell32

kernel32

uxtheme

ole32

comctl32

comdlg32

ws2_32

user32

gdi32

gdiplus

crypt32

wldap32

normaliz

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 153KB - Virtual size: 152KB

.data Size: 1.6MB - Virtual size: 1.9MB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 153KB - Virtual size: 152KB

.data
Size: 1.6MB - Virtual size: 1.9MB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB