41385952de351d2d9f49aefe876e65fe32798ba1d0952d3072747b9c1364294c[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

41385952de351d2d9f49aefe876e65fe32798ba1d0952d3072747b9c1364294c.exe
Size

244KB
MD5

8e993c88ef560d99f5b9b19cd29b4140
SHA1

b97e0420995a32f61fc543a354fb3ccce28fe0ce
SHA256

41385952de351d2d9f49aefe876e65fe32798ba1d0952d3072747b9c1364294c
SHA512

15afd0da983109fdfcce47d3bc372c67cc5687f8495b08e291e1aa1a6e46ff0260b4e0a3b50b8e2ce2238be9db161212e67b3e377f489fdfa07c11f927b302ae
SSDEEP

6144:l8a2IqKOTO6pi1UzM3khdkfTPZPtj3L5:SSqKilpi1gfmtl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41385952de351d2d9f49aefe876e65fe32798ba1d0952d3072747b9c1364294c.exe

Files

41385952de351d2d9f49aefe876e65fe32798ba1d0952d3072747b9c1364294c.exe
.dll windows:6 windows x86 arch:x86

9a31ffa66bc5094ecbad381f8239980e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

UxTheme.pdb

Imports

msvcrt

free
_vsnwprintf
memset
_resetstkoflw
_purecall
_CIsqrt
_CIatan
__CxxFrameHandler3
fflush
fputws
fwprintf
wcstoul
strchr
wcschr
rand
_wsplitpath_s
_ftol2_sse
floor
memcpy
_CIcos
_except_handler4_common
_amsg_exit
_initterm
memmove
malloc
_XcptFilter

ntdll

NtQueryEvent
EtwEventWrite
EtwEventEnabled
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlInitializeSRWLock
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwEventUnregister
EtwEventRegister
RtlGetThreadLangIdByIndex
RtlNtStatusToDosError
NtOpenEvent
RtlInitializeCriticalSection
NtRequestWaitReplyPort
NtConnectPort
RtlInitUnicodeString

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcess
GetCurrentThread
OpenThreadToken
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
CreateThread

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation

kernel32

FreeLibraryAndExitThread
GetModuleHandleExW
VirtualFree
GetSystemInfo
lstrcmpW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
LockResource
LoadResource
GetFullPathNameW
GetSystemDirectoryW
UnmapViewOfFile
CreateSemaphoreW
DuplicateHandle
MapViewOfFile
GetACP
IsDebuggerPresent
InterlockedExchange
CreateFileMappingW
FindClose
FindNextFileW
FindFirstFileW
DelayLoadFailureHook
LoadLibraryExA
Sleep
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetFilePointer
GetSystemTime
SystemTimeToFileTime
FormatMessageW
ReadFile
FindResourceW
SizeofResource
GetStringTypeW
MultiByteToWideChar
DeleteAtom
AddAtomW
GetFileAttributesW
ExpandEnvironmentStringsW
RegDeleteValueW
RegQueryValueExW
RegOpenCurrentUser
GetModuleHandleW
LoadLibraryExW
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
GetUserDefaultUILanguage
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WideCharToMultiByte
GetLastError
WriteFile
lstrlenW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetTickCount
SetLastError
lstrcmpiW
InitializeCriticalSection
FreeLibrary
ReleaseActCtx
DeactivateActCtx
LoadLibraryW
ActivateActCtx
CreateActCtxW
GetProcAddress
DisableThreadLibraryCalls
MulDiv
CreateFileW
GetModuleFileNameW
GetAtomNameW
GetFileSize
VirtualAlloc
GetFileTime
RegGetValueW

user32

SetMenuItemInfoW
GetParent
GetWindowTextW
InternalGetWindowText
GetSysColorBrush
GetClientRect
IsWindowRedirectedForPrint
GetMonitorInfoW
MonitorFromWindow
IsZoomed
GetForegroundWindow
IsIconic
InvalidateRect
CalcMenuBar
LoadIconW
GetCapture
ReleaseCapture
MsgWaitForMultipleObjectsEx
PeekMessageW
SetCapture
DrawEdge
IsWindowVisible
DrawIconEx
MonitorFromRect
DrawMenuBar
GetMenuItemCount
GetMenuBarInfo
PaintMenuBar
ValidateRect
GetKeyState
GetMessagePos
LoadStringW
ClientToScreen
IsServerSideWindow
DestroyWindow
SetWindowTextW
CreateWindowExW
RegisterClassW
LoadCursorW
GetClassInfoW
SystemParametersInfoW
SystemParametersInfoA
AdjustWindowRectEx
GetShellWindow
FindWindowW
AllowSetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
IsMenu
GetMenuInfo
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
DefFrameProcW
DestroyIcon
GetSysColor
IsWindowInDestroy
SetWindowRgn
GetWindowRgnBox
GetIconInfo
CreateIconIndirect
GetTitleBarInfo
GetSystemMenu
GetMenuItemInfoW
SendMessageW
GetAncestor
GetClassLongW
SetWindowPos
IsThreadDesktopComposited
TrackMouseEvent
GetWindowLongW
SetWindowLongW
CallWindowProcW
DefWindowProcW
GetDCEx
GetDesktopWindow
PostMessageW
GetWindowThreadProcessId
SetProcessDPIAware
SetSysColors
GetDC
RemovePropW
SetPropW
GetPropW
GetClassNameW
OpenDesktopW
EnumDesktopWindows
CloseDesktop
GetWindow
EnumChildWindows
InflateRect
DrawTextW
CopyImage
DrawTextExW
GetWindowDC
ReleaseDC
GetGUIThreadInfo
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
CopyRect
PtInRect
WindowFromDC
SetTimer
RedrawWindow
KillTimer
EqualRect
OffsetRect
GetWindowRect
MapWindowPoints
IsRectEmpty
IntersectRect
FillRect
SetRect
IsWindow
IsChild
GetWindowInfo
CharNextW
SendMessageTimeoutW
EnumDisplaySettingsW
EnumDisplayDevicesW
EnumDesktopsW
SetRectEmpty

gdi32

SetBkMode
SetTextColor
GdiDrawStream
SetLayout
Arc
GdiGradientFill
PtInRegion
CreateFontIndirectW
SetStretchBltMode
StretchBlt
GetRegionData
GdiFlush
SetViewportOrgEx
SetWindowOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SetBoundsRect
GetBoundsRect
GdiTransparentBlt
GetRgnBox
GetViewportOrgEx
GetWindowOrgEx
GetCurrentObject
SetBitmapAttributes
ClearBitmapAttributes
SetTextAlign
GetTextAlign
GetDIBits
CreatePatternBrush
SetBrushOrgEx
GetClipBox
RectVisible
SetDIBits
ExtCreateRegion
CombineRgn
AbortPath
StrokeAndFillPath
ExtCreatePen
GetDeviceCaps
PatBlt
CreateDIBSection
GdiAlphaBlend
CreateRectRgnIndirect
DeleteDC
GetLayout
GetRandomRgn
LPtoDP
OffsetRgn
ExcludeClipRect
GetObjectType
PathToRegion
SetBkColor
ExtTextOutW
GetBkColor
IntersectClipRect
CreatePen
CreateSolidBrush
GetStockObject
Rectangle
RoundRect
BeginPath
Ellipse
EndPath
SelectClipPath
BitBlt
SelectClipRgn
CreateRectRgn
GetClipRgn
SelectObject
CreateDIBitmap
DeleteObject
GetTextMetricsW

Exports

Exports

BeginBufferedAnimation
BeginBufferedPaint
BeginPanningFeedback
BufferedPaintClear
BufferedPaintInit
BufferedPaintRenderAnimation
BufferedPaintSetAlpha
BufferedPaintStopAllAnimations
BufferedPaintUnInit
CloseThemeData
DrawThemeBackground
DrawThemeBackgroundEx
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeParentBackgroundEx
DrawThemeText
DrawThemeTextEx
EnableThemeDialogTexture
EnableTheming
EndBufferedAnimation
EndBufferedPaint
EndPanningFeedback
GetBufferedPaintBits
GetBufferedPaintDC
GetBufferedPaintTargetDC
GetBufferedPaintTargetRect
GetCurrentThemeName
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBitmap
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeStream
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetThemeTransitionDuration
GetWindowTheme
HitTestThemeBackground
IsAppThemed
IsCompositionActive
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
OpenThemeData
OpenThemeDataEx
SetThemeAppProperties
SetWindowTheme
SetWindowThemeAttribute
ThemeInitApiHook
UpdatePanningFeedback

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a31ffa66bc5094ecbad381f8239980e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 225KB - Virtual size: 225KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 225KB - Virtual size: 225KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 6KB