2e3fc115b4c4ee8412cb8357a81d58eb9362b18f63e125e8ca031f19ef4b8e00

Sharing

Copy URL

Twitter E-mail

General

Target

2e3fc115b4c4ee8412cb8357a81d58eb9362b18f63e125e8ca031f19ef4b8e00
Size

4.9MB
MD5

0592621f5b830baa42ec90b9f7be7e46
SHA1

02298d310acdd13054cb4b5a32dde53ec3161634
SHA256

2e3fc115b4c4ee8412cb8357a81d58eb9362b18f63e125e8ca031f19ef4b8e00
SHA512

900c01ee4ebc75a1a8fb908e2805628ba5456df6712f13cd5073a51573a83f3f7b53aa9b65a7091189e458a114ca6fc1d2203696a9631cc1ba15e4779ad752db
SSDEEP

49152:87EaeeIuWIabblSZo94Cq7fpUv/0RAd0meCN337Q4ypg/rAToEovQRaizfPu0tYh:wa1TA7CH0md0TCN3L0PJQqELeeUC68

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e3fc115b4c4ee8412cb8357a81d58eb9362b18f63e125e8ca031f19ef4b8e00

Files

2e3fc115b4c4ee8412cb8357a81d58eb9362b18f63e125e8ca031f19ef4b8e00
.exe windows:6 windows x64 arch:x64

04f255eb639bb8374622701b2fac0668

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

D:\dbs\sh\ddvsm\0128_230433\cmd\21\out\binaries\amd64ret\bin\amd64\msvsmon.pdb

Imports

advapi32

ConvertSidToStringSidW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetSecurityDescriptorLength
GetSecurityDescriptorControl
MakeSelfRelativeSD
CopySid
GetLengthSid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
ConvertStringSidToSidW
LookupAccountNameW
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
MakeAbsoluteSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetUserNameW
AccessCheck
GetAce
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
EqualSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
SetThreadToken
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
DuplicateTokenEx
GetTokenInformation
LookupAccountSidW
LookupPrivilegeValueW
LookupPrivilegeNameW
GetSecurityInfo
SetSecurityInfo
PrivilegeCheck
RegEnumValueW
AddAccessAllowedAce
DuplicateToken
GetSidIdentifierAuthority
GetSidSubAuthorityCount
IsValidSecurityDescriptor
RegQueryValueExA

kernel32

GetFileSize
ReadFile
FindFirstFileExW
FindNextFileW
FindClose
HeapSetInformation
SetErrorMode
CreateNamedPipeW
WriteFile
FlushFileBuffers
ConnectNamedPipe
DisconnectNamedPipe
CancelSynchronousIo
GetProcessId
GetCommandLineW
OpenEventW
SetEnvironmentVariableW
WideCharToMultiByte
LocalAlloc
GetDateFormatW
GetTimeFormatW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocalTime
ExpandEnvironmentStringsW
GetTickCount
RaiseException
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
QueryFullProcessImageNameW
GetLongPathNameW
GetThreadContext
GetCurrentThread
SetLastError
SetUnhandledExceptionFilter
SetThreadPriority
SuspendThread
IsDebuggerPresent
DecodePointer
CompareStringOrdinal
GetFileInformationByHandle
VirtualQuery
LoadLibraryW
CreateFileW
SwitchToThread
GetModuleFileNameW
GetTempPathW
GetExitCodeThread
WaitForSingleObject
CreateThread
MultiByteToWideChar
OpenProcess
GetThreadLocale
MulDiv
GetSystemDirectoryW
FindFirstFileW
FormatMessageA
GetComputerNameW
IsWow64Process
GetVersion
OpenFileMappingW
WriteProcessMemory
VirtualAllocEx
DeleteFileW
WaitForMultipleObjects
SetThreadAffinityMask
GetProcessAffinityMask
GetThreadPriority
GetExitCodeProcess
RegisterWaitForSingleObject
UnregisterWaitEx
QueueUserWorkItem
OpenThread
ResetEvent
GetEnvironmentVariableW
InitializeCriticalSection
VirtualProtect
lstrcmpW
GetEnvironmentVariableA
FormatMessageW
VirtualFree
VirtualAlloc
GetVersionExA
LockResource
FindResourceExW
GetSystemInfo
IsDBCSLeadByte
FindResourceA
lstrcmpiA
LoadLibraryExA
GetModuleHandleA
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
OutputDebugStringW
GetStringTypeW
GetFileType
GetACP
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcAddress
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
ResumeThread
CreateProcessW
SetHandleInformation
GetCurrentProcess
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
CloseHandle
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
GetLastError
GetFileAttributesW
WaitForMultipleObjectsEx
TerminateProcess
SetEvent
GetCurrentProcessId
MapViewOfFile
CreateFileMappingW
CreateEventW
UnmapViewOfFile
Sleep
GetCurrentThreadId
LocalFree
LoadLibraryExW
GetVersionExW
SetFilePointer
GetComputerNameExW

vsdebugeng

DkmDllEnsureInitialized
DkmDllSetRootProcessId
DkmDllUninitialize
ProcDkmString3

gdiplus

GdiplusShutdown

user32

GetDlgItem
SendMessageW
GetDlgItemInt
GetWindowLongPtrW
EnableWindow
SetWindowLongPtrW
EndDialog
SetDlgItemTextW
DialogBoxParamW
SetDlgItemInt
CheckDlgButton
SetCursor
LoadCursorW
ShowWindow
NotifyWinEvent
GetParent
SetWindowTextW
CheckRadioButton
DestroyMenu
CreateWindowExW
UpdateWindow
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
SetForegroundWindow
GetMenu
EnableMenuItem
LoadIconW
RegisterClassW
DestroyWindow
MoveWindow
DefWindowProcW
ReleaseDC
GetDC
CharUpperBuffW
PeekMessageW
PostThreadMessageW
LoadStringW
PeekMessageA
CharNextA
MessageBoxW
OpenClipboard
CharNextW
KillTimer
SetTimer
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
GetSubMenu
PostMessageW
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
SetFocus
GetSystemMetrics
SetMenu
LoadMenuW

ole32

StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoLockObjectExternal
CoGetClassObject
CoTaskMemAlloc
CoTaskMemRealloc
StringFromCLSID
CoTaskMemFree
CoLoadLibrary
CLSIDFromString
CoCreateInstance
CoWaitForMultipleHandles
CoInitialize
CoUninitialize
CoCreateGuid

oleaut32

VarDecAdd
VarDecDiv
VarDecMul
VarDecSu
VarDecCmp
VarBstrCmp
VariantCopy
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayRedim
VariantChangeType
CreateErrorInfo
SysAllocString
VarDecFromUI4
VarDecFromR8
VarDecFromR4
VarDecFromI4
VarUI4FromDec
VarUI2FromDec
VarI1FromDec
VarR8FromDec
VarR4FromDec
VarI2FromDec
VarUI1FromDec
VarI4FromDec
GetErrorInfo
VarBstrFromDec
VarDecFix
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VariantInit
VariantClear
VarUI4FromStr
SetErrorInfo
VarR8FromStr
SysAllocStringLen

comctl32

ord17

ws2_32

WSAGetLastError
socket
closesocket
getsockname
ntohs
WSAStartup
htons
setsockopt
htonl
inet_addr
bind

gdi32

GetDeviceCaps

Exports

Exports

CreateHostedInstance
IsFallbackLoadRemoteManagedPdbsEnabled
IsInServiceMode
OnAbnormalAbort

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 162KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 636KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

04f255eb639bb8374622701b2fac0668

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vsdebugeng

gdiplus

user32

ole32

oleaut32

comctl32

ws2_32

gdi32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 162KB - Virtual size: 179KB

.pdata Size: 113KB - Virtual size: 112KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 309KB - Virtual size: 309KB

.reloc Size: 636KB - Virtual size: 640KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 162KB - Virtual size: 179KB

.pdata
Size: 113KB - Virtual size: 112KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 309KB - Virtual size: 309KB

.reloc
Size: 636KB - Virtual size: 640KB