5b50b8ba30d837411b05aff96174f73b44ea8fe847b7833c9ae46daf21808d27

Sharing

Copy URL

Twitter E-mail

General

Target

5b50b8ba30d837411b05aff96174f73b44ea8fe847b7833c9ae46daf21808d27
Size

16.4MB
MD5

3bfbe548f7be30df63694fcd470c48c1
SHA1

29b412c5d323123c62e9f2e522d0bca1b190c8b8
SHA256

5b50b8ba30d837411b05aff96174f73b44ea8fe847b7833c9ae46daf21808d27
SHA512

18a10f297ca17317eee4d1fb75929d78b14414e04ae16e55c59a0c984eb7487bc4a9e014c263da0c63862622a2520d9f69e551c83796a6c9dc2fbc14ada89f41
SSDEEP

98304:NdkVPvUi3EXZV/UuxeK6ngY3xtRyZaxoyLObYbLABr5y/GEGckUJhfs18iReF8k:ycVj1ePgWRyZaxoyL+GLAe/Gfc5hk15

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b50b8ba30d837411b05aff96174f73b44ea8fe847b7833c9ae46daf21808d27

Files

5b50b8ba30d837411b05aff96174f73b44ea8fe847b7833c9ae46daf21808d27
.exe windows:6 windows x64 arch:x64

7c8549ffcf1ebb4a7699b1beb5c5287d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

gale.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

kernel32

CloseHandle
GetModuleHandleW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
GetCurrentThreadId
WideCharToMultiByte
GlobalFree
IsDebuggerPresent
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
ReadFile
LoadLibraryW
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
CreateFileW
WaitNamedPipeW
AcquireSRWLockExclusive
MultiByteToWideChar
WakeAllConditionVariable
RtlUnwindEx
SleepConditionVariableSRW
UnhandledExceptionFilter
LCIDToLocaleName
WriteFile
GetUserDefaultUILanguage
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetFullPathNameW
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
ExitProcess
GetFileType
CancelIo
CreateEventW
CopyFileExW
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
RemoveDirectoryW
GetCurrentThread
SetFileTime
LoadLibraryExW
DeleteFileW
GetEnvironmentVariableW
FindFirstFileW
lstrlenW
CreateDirectoryW
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
GlobalAlloc
RaiseException
GlobalUnlock
GlobalSize
GlobalLock
EncodePointer
FormatMessageW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
TlsGetValue
TlsSetValue
HeapFree
HeapAlloc
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
GetLastError
GetProcessHeap
GetCurrentProcess
DuplicateHandle
GetSystemInfo
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
GetCurrentProcessId
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
SetHandleInformation
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
CreateIoCompletionPort
SystemTimeToFileTime
GetQueuedCompletionStatusEx
SystemTimeToTzSpecificLocalTime
PostQueuedCompletionStatus
GetOverlappedResult
GetStdHandle
MoveFileExW
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetFileInformationByHandle
GetConsoleMode
SetConsoleMode
SetFileAttributesW
TlsFree

user32

GetMessageA
DispatchMessageA
ToUnicodeEx
GetKeyboardLayout
VkKeyScanW
RegisterWindowMessageA
RegisterClassExW
MapVirtualKeyExW
GetClientRect
GetKeyState
GetAsyncKeyState
GetKeyboardState
GetRawInputData
PostMessageW
SystemParametersInfoA
PostQuitMessage
CreateAcceleratorTableW
AppendMenuW
CreateMenu
SetMenuItemInfoW
CreateIcon
SetForegroundWindow
RedrawWindow
SetMenu
GetWindowTextW
GetWindowTextLengthW
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
IsIconic
EnumChildWindows
DestroyIcon
RegisterClipboardFormatW
DestroyAcceleratorTable
GetCursorPos
ReleaseCapture
ClientToScreen
EmptyClipboard
CloseClipboard
SetWindowPos
IsProcessDPIAware
IsWindowVisible
InvalidateRgn
GetWindowRect
MonitorFromPoint
EnumDisplayMonitors
GetWindowLongPtrW
SetWindowDisplayAffinity
AdjustWindowRectEx
ShowCursor
ClipCursor
GetClipCursor
SetWindowLongW
SendMessageW
GetSystemMenu
ShowWindow
SendInput
AllowSetForegroundWindow
LoadCursorW
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
MapVirtualKeyW
GetUpdateRect
ValidateRect
GetMonitorInfoW
MonitorFromWindow
GetDC
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
GetWindowLongW
TrackMouseEvent
MonitorFromRect
SetCursor
SetWindowTextW
FlashWindowEx
DefWindowProcW
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
CheckMenuItem
EnableMenuItem
DestroyWindow
SetClipboardData
GetMenu
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
RegisterRawInputDevices
GetForegroundWindow
GetActiveWindow
SetCursorPos

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

ole32

RevokeDragDrop
OleInitialize
RegisterDragDrop
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance

comctl32

DefSubclassProc
RemoveWindowSubclass
TaskDialogIndirect
SetWindowSubclass

shell32

ShellExecuteW
SHGetKnownFolderPath
DragQueryFileW
SHAppBarMessage
SHCreateItemFromParsingName
DragFinish

advapi32

RevertToSelf
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
SystemFunction036
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
ImpersonateAnonymousToken

ws2_32

closesocket
WSAStartup
WSAGetLastError
WSACleanup
WSAIoctl
getaddrinfo
getsockname
getpeername
WSASocketW
freeaddrinfo
bind
connect
ioctlsocket
getsockopt
shutdown
recv
send
WSASend
setsockopt

secur32

FreeContextBuffer
ApplyControlToken
InitializeSecurityContextW
AcceptSecurityContext
DecryptMessage
EncryptMessage
AcquireCredentialsHandleA
DeleteSecurityContext
FreeCredentialsHandle
QueryContextAttributesW

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateChain

oleaut32

SetErrorInfo
SysStringLen
GetErrorInfo
SysFreeString

uxtheme

SetWindowTheme

ntdll

NtCreateFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtReadFile
NtWriteFile
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

floor
trunc
floorf
truncf
sinf
__setusermatherr
expf
ceilf
round
roundf
exp2f
pow
ceil

api-ms-win-crt-string-l1-1-0

strcpy_s
strlen
wcslen
_wcsicmp
wcsncmp

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
malloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_set_app_type
terminate
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
strerror
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
exit
_exit
__p___argv
abort
__p___argc

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 476KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c8549ffcf1ebb4a7699b1beb5c5287d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

gdi32

dwmapi

ole32

comctl32

shell32

advapi32

ws2_32

secur32

crypt32

oleaut32

uxtheme

ntdll

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10.3MB - Virtual size: 10.3MB

.rdata Size: 5.5MB - Virtual size: 5.5MB

.data Size: 31KB - Virtual size: 42KB

.pdata Size: 476KB - Virtual size: 476KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 78KB - Virtual size: 77KB

.text
Size: 10.3MB - Virtual size: 10.3MB

.rdata
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 31KB - Virtual size: 42KB

.pdata
Size: 476KB - Virtual size: 476KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 78KB - Virtual size: 77KB