verifiergui[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

verifiergui.exe
Size

198KB
MD5

03a76a765abe56c8999a548331f191d9
SHA1

37d5323cc065638d06c29e8a4239dc0fae072a5d
SHA256

19a383a3028816c56ab123962707adda9d3f68091c44f9d9e2f69e6ca935f151
SHA512

c741d5b4293f33f3dc1235f381bfe5f6635ba95d73bd719c800ede6afee160e6095b1136779ea1dcc85a2abc24dce872b80f897662b33eb9a5c7a299337d86d4
SSDEEP

3072:chElFUjJ4TITY3ZbKLc/Ul7Fgqhjc5VoJe3+Vcv2JxQQBBEB3Befnj0t+TrjqNnf:0jJ4bZbvnbvhL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
verifiergui.exe

Files

verifiergui.exe
.exe windows:10 windows x64 arch:x64

466780d17bdf0c0dd4493f0e167e7b41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

verifiergui.pdb

Imports

msvcrt

_wcsnicmp
memcpy_s
wcstok_s
__iob_func
__RTDynamicCast
memcmp
memcpy
memset
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
wprintf
fputws
free
malloc
wcstoul
_putws
_purecall
printf
puts
fclose
_wfopen
_wtoi
_wcsicmp
exit
_vsnwprintf
_wsetlocale
__argc
__wargv
fflush
_wcsdup
__CxxFrameHandler3
wcsncat_s
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlGetPersistedStateLocation
RtlInitializeBitMap
RtlCreateUnicodeString
RtlSetBit
RtlFreeUnicodeString
RtlSetAllBits
RtlTestBit
RtlCheckRegistryKey
RtlVirtualUnwind
RtlQueryRegistryValuesEx
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlAllocateHeap
RtlFreeHeap
RtlEqualUnicodeString
RtlCopyUnicodeString
NtSetSystemInformation
NtQuerySystemInformation
RtlInitUnicodeString
RtlCreateRegistryKey

user32

GetClientRect
SendMessageW
GetSysColor
SetTimer
RedrawWindow
PostMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
LoadStringW
LoadIconW
GetWindowRect
EnableWindow
MsgWaitForMultipleObjects
OffsetRect
DrawIcon
GetSystemMetrics
IsIconic
AppendMenuW
GetSystemMenu
GetSysColorBrush

shell32

ShellAboutW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comdlg32

CommDlgExtendedError

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash

crypt32

CertFreeCertificateContext

imagehlp

ImageDirectoryEntryToDataEx
ImageUnload
ImageLoad

advapi32

OpenProcessToken
EventWriteTransfer
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
EventUnregister
EventRegister
EventSetInformation

kernel32

GetLocalTime
WideCharToMultiByte
CreateFileW
GlobalMemoryStatusEx
GetCurrentDirectoryW
GetWindowsDirectoryW
GetModuleHandleW
SetEvent
CreateThread
GetLastError
CloseHandle
CreateEventW
ExpandEnvironmentStringsW
Sleep
FreeConsole
SetThreadPreferredUILanguages
GetDateFormatW
HeapSetInformation
GetCurrentProcess
TerminateProcess
lstrcmpiA
MultiByteToWideChar
SetCurrentDirectoryW
WaitForSingleObject
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetConsoleOutputCP
GetTimeFormatW
ResetEvent
DeviceIoControl

mfc42u

ord999
ord549
ord1906
ord1005
ord567
ord4721
ord5245
ord5702
ord3761
ord1771
ord4557
ord337
ord4599
ord996
ord4582
ord1498
ord6263
ord3001
ord6632
ord5934
ord6223
ord1471
ord2094
ord6050
ord6021
ord3598
ord2518
ord286
ord1574
ord372
ord852
ord2393
ord2923
ord1499
ord6351
ord1124
ord4436
ord1287
ord6222
ord624
ord4521
ord2784
ord938
ord6542
ord443
ord5980
ord1123
ord3829
ord6171
ord867
ord2422
ord2023
ord4542
ord2589
ord4743
ord3751
ord832
ord3437
ord559
ord1003
ord1365
ord1441
ord1463
ord4583
ord3177
ord6102
ord4623
ord5082
ord2903
ord5470
ord525
ord984
ord3870
ord4779
ord2059
ord4787
ord5710
ord2532
ord1698
ord3774
ord2379
ord2324
ord2384
ord1584
ord3867
ord4694
ord4598
ord5039
ord659
ord1063
ord626
ord1040
ord1430
ord3916
ord4770
ord4983
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord6053
ord5711
ord5730
ord5065
ord4368
ord2752
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord6440
ord4365
ord1778
ord4752
ord5663
ord2399
ord5586
ord6812
ord3396
ord5712
ord4017
ord5229
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord3535
ord4988
ord3894
ord1067
ord665
ord1035
ord2586
ord4741
ord3743
ord822
ord2593
ord4747
ord3501
ord3806
ord912
ord2329
ord4473
ord2975
ord5887
ord1122
ord6614
ord6393
ord5382
ord5077
ord5584
ord4771
ord5227
ord5709
ord1777
ord6437
ord2517
ord5406
ord5246
ord4722
ord5687
ord4699
ord5352
ord5114
ord5585
ord627
ord1041
ord1286
ord6880
ord2781
ord1261
ord1263
ord1284
ord620
ord6544
ord2629
ord6224
ord621
ord6225
ord1126
ord6705
ord6708
ord622
ord2328
ord2371
ord2661
ord6767
ord3830

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

466780d17bdf0c0dd4493f0e167e7b41

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

user32

shell32

version

comdlg32

wintrust

crypt32

imagehlp

advapi32

kernel32

mfc42u

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 2KB - Virtual size: 10KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 2KB - Virtual size: 10KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB