ff31d021dec4a4c21ae766c8b54ea11aa3682e2b8b602e4869e0a27dc8db51e3

Sharing

Copy URL Twitter E-mail

General

Target

ff31d021dec4a4c21ae766c8b54ea11aa3682e2b8b602e4869e0a27dc8db51e3
Size

4.5MB
MD5

1f99e06ff6086660aad270e44200383b
SHA1

0dfc123da571e37a8ae6eac581d3d844d0601fac
SHA256

ff31d021dec4a4c21ae766c8b54ea11aa3682e2b8b602e4869e0a27dc8db51e3
SHA512

a7baf0e41ae6c80d37d0ccef00a23773f2f9bb7350bb508b4e485ecd7b761e04bd44fd5055bb8dd827c64dc0869e20e13311ecc49e4e28d16b146ca75674229e
SSDEEP

49152:E3t+S7R5mydE5RfjzW5fTPOBnuglmolVKLNiXicJFFRGNzj3:E3DwxHC7wRGpj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff31d021dec4a4c21ae766c8b54ea11aa3682e2b8b602e4869e0a27dc8db51e3

Files

ff31d021dec4a4c21ae766c8b54ea11aa3682e2b8b602e4869e0a27dc8db51e3
.exe windows:5 windows x64 arch:x64

41d5bfd74bbcd2298c3ea94a37bebe4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\CheckPoints\TPDrv\builderSuperMan1\SynTPEnh\x64\Release\SynTPEnh.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

mixerGetLineInfoW
mixerGetLineControlsW
mixerGetControlDetailsW
PlaySoundW
mixerGetNumDevs
mixerGetDevCapsW
mixerOpen
mixerClose

psapi

EnumProcessModules
GetModuleFileNameExW

netapi32

NetApiBufferFree
NetUserGetInfo
NetWkstaUserGetInfo

rpcrt4

RpcStringFreeW
UuidToStringW

imm32

ImmIsIME

comctl32

InitCommonControlsEx

kernel32

Process32FirstW
Process32NextW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DecodePointer
RaiseException
TryEnterCriticalSection
GetCurrentThreadId
SetPriorityClass
GetPriorityClass
GetSystemDirectoryW
CopyFileW
MoveFileExW
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
GetExitCodeProcess
GetSystemTime
lstrcmpiW
SystemTimeToFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
DeviceIoControl
GetLocalTime
GetSystemInfo
FileTimeToSystemTime
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
OpenProcess
LocalFree
TerminateProcess
lstrlenW
GetModuleHandleExW
CreateProcessW
IsWow64Process
QueryPerformanceCounter
lstrlenA
GetTimeZoneInformation
GetCPInfo
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
EncodePointer
GetStringTypeW
IsDebuggerPresent
GetStartupInfoW
CompareStringW
LCMapStringW
OpenEventW
GetEnvironmentVariableW
Beep
LoadLibraryExW
WideCharToMultiByte
GetModuleHandleW
GetSystemDefaultLangID
lstrcmpW
GetLocaleInfoW
CreateToolhelp32Snapshot
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
IsValidCodePage
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
GetStdHandle
WTSGetActiveConsoleSessionId
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetSystemPowerStatus
WaitForMultipleObjects
GetModuleFileNameW
GetTickCount
ProcessIdToSessionId
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId
GetCurrentProcess
GetFileAttributesW
TerminateThread
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CreateMutexW
ReleaseMutex
GetOverlappedResult
CreateThread
WaitForMultipleObjectsEx
WaitForSingleObject
ResetEvent
SetEvent
Sleep
CreateEventW
WaitNamedPipeW
CreateNamedPipeW
TlsFree
DisconnectNamedPipe
ConnectNamedPipe
GetLastError
CloseHandle
WriteFileEx
WriteFile
ReadFileEx
ReadFile
FlushFileBuffers
CreateFileW
IsValidLocale
GetWindowsDirectoryW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetFileAttributesExW
SetFileAttributesW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetFileType
SetFilePointerEx
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableW
SetEndOfFile
SetEnvironmentVariableA

user32

CheckDlgButton
CreateDialogParamW
IsWindow
PostQuitMessage
PostThreadMessageW
SendNotifyMessageW
SwapMouseButton
DispatchMessageW
TranslateMessage
GetMessageW
SetClassLongPtrW
RedrawWindow
BringWindowToTop
SetLayeredWindowAttributes
EnumDesktopWindows
CreateIconIndirect
DestroyIcon
LoadIconW
IsRectEmpty
SetRectEmpty
GetClientRect
RegisterClassW
SetRect
EndPaint
BeginPaint
DestroyWindow
SetMenuDefaultItem
TrackPopupMenu
SetMenuItemBitmaps
AppendMenuW
EnableMenuItem
CheckMenuItem
DestroyMenu
CreatePopupMenu
LoadStringW
LockWorkStation
GetScrollInfo
GetWindow
GetWindowLongW
ScreenToClient
InvalidateRect
MapVirtualKeyW
SendDlgItemMessageW
GetDlgItemTextW
MoveWindow
ShowWindowAsync
RegisterWindowMessageW
LoadKeyboardLayoutW
SetWindowTextW
EnableWindow
IsDlgButtonChecked
GetKeyState
SetFocus
DrawTextW
DialogBoxParamW
CallWindowProcW
GetWindowInfo
GetGUIThreadInfo
EnumWindows
WindowFromPoint
GetWindowTextW
AttachThreadInput
FindWindowW
GetWindowThreadProcessId
GetParent
GetDesktopWindow
FillRect
KillTimer
SetTimer
SendMessageTimeoutW
DrawEdge
MessageBeep
GetClassNameW
CharUpperW
CharNextW
SendInput
MsgWaitForMultipleObjects
SetCursorPos
ClientToScreen
EnumThreadWindows
SetWindowsHookExW
GetForegroundWindow
IsZoomed
IsIconic
IsWindowVisible
EnumChildWindows
GetDlgItem
EndDialog
SystemParametersInfoW
CopyIcon
CopyImage
LoadImageW
SetSystemCursor
DestroyCursor
GetDlgCtrlID
GetAncestor
EqualRect
IsWindowEnabled
ReleaseCapture
SetCapture
wsprintfW
OffsetRect
IntersectRect
ScrollDC
UpdateWindow
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MonitorFromWindow
EnumDisplayDevicesW
GetClassLongPtrW
SetForegroundWindow
GetWindowPlacement
GetClassInfoExW
GetKeyNameTextW
WaitForInputIdle
LoadCursorFromFileW
LoadCursorW
LoadBitmapW
SetWindowLongPtrW
GetWindowLongPtrW
PtInRect
ClipCursor
SetCursor
GetWindowRect
ReleaseDC
GetDC
SetWindowPos
ShowWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
SendMessageW
GetDoubleClickTime
GetCursorPos
GetSystemMetrics
GetAsyncKeyState
PostMessageW
WinHelpW
GetKeyboardLayout
GetSysColor
SetWindowLongW
MessageBoxW
FindWindowExW
EnumDisplaySettingsW
IsDialogMessageW
SetDlgItemTextW
CallNextHookEx
SetWindowRgn

gdi32

AbortDoc
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
MoveToEx
LineTo
GetMapMode
CreatePatternBrush
CreatePen
SetROP2
Rectangle
GetClipBox
CreateBrushIndirect
TextOutW
SetTextColor
SetBkMode
SetBkColor
CreateRoundRectRgn
CreateDCW
GdiFlush
SelectClipRgn
Ellipse
CreateSolidBrush
CreateRectRgn
CreateEllipticRgn
CreateBitmap
GetPixel
ExtCreateRegion
GetTextExtentPoint32W
StretchBlt
SelectObject
GetStockObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW
GetDeviceCaps
CreateDIBitmap
DeleteObject

comdlg32

PrintDlgW
GetOpenFileNameW

advapi32

CloseServiceHandle
RegNotifyChangeKeyValue
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegCreateKeyW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
QueryServiceStatus
OpenServiceW
RegQueryValueExW
RegSetValueExW
OpenSCManagerW
RegQueryInfoKeyW
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
RegOpenKeyW
GetUserNameW

shell32

DragFinish
ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteExW
DragQueryFileW

ole32

CoInitialize
PropVariantClear
CoCreateInstance
CoUninitialize
CLSIDFromProgID
CoAddRefServerProcess
CoReleaseServerProcess
CoInitializeEx
CoSetProxyBlanket
CoRevokeClassObject
CoCreateGuid
StringFromGUID2

oleaut32

SysStringLen
UnRegisterTypeLi
VariantChangeType
SysFreeString
RegisterTypeLi
LoadTypeLi
GetActiveObject
VarCmp
VariantCopy
VariantClear
VariantInit
SysAllocString

shlwapi

PathFindFileNameW
SHDeleteKeyW
SHCopyKeyW
StrStrIW
PathGetArgsW
PathRemoveArgsW
PathFileExistsW
PathUnquoteSpacesW

wintrust

WinVerifyTrust

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 984KB - Virtual size: 1009KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

41d5bfd74bbcd2298c3ea94a37bebe4b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

winmm

psapi

netapi32

rpcrt4

imm32

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

wintrust

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 387KB - Virtual size: 387KB

.data Size: 984KB - Virtual size: 1009KB

.pdata Size: 57KB - Virtual size: 56KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 387KB - Virtual size: 387KB

.data
Size: 984KB - Virtual size: 1009KB

.pdata
Size: 57KB - Virtual size: 56KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB