be41ea9abfae8025471e842416f4ee02bf40e7d22456b8391f741edb9073b95a

Sharing

Copy URL

Twitter E-mail

General

Target

be41ea9abfae8025471e842416f4ee02bf40e7d22456b8391f741edb9073b95a
Size

16.4MB
MD5

cc9cc2a1bd0b3ca76317f75685cf71e7
SHA1

4d56ac7a80a2bf77a57eb32390d4786b0bf2c4bf
SHA256

be41ea9abfae8025471e842416f4ee02bf40e7d22456b8391f741edb9073b95a
SHA512

16a840eab0d8fb136122e3f7e943b7984e5bddc1c822a8acbfce5f54031ff42257abd47919bd29f447915812cf688b973d96a6f115613d9d03ba1a0babdaedb7
SSDEEP

98304:TpmfMS6jW1IJmwmSAp2EbUNNQB1LI209bLABr5y/0yLO6wYGcWwMivxT2cJDSYxN:ckn05lbUnmLI24LAe/0yLxwzc/xiu9H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be41ea9abfae8025471e842416f4ee02bf40e7d22456b8391f741edb9073b95a

Files

be41ea9abfae8025471e842416f4ee02bf40e7d22456b8391f741edb9073b95a
.exe windows:6 windows x64 arch:x64

30a200931c8f14db9f3daccfce6b339f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

gale.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

kernel32

RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
GetModuleHandleW
DeleteCriticalSection
GetCurrentThreadId
LoadLibraryW
GetNamedPipeServerProcessId
InitializeCriticalSectionAndSpinCount
ReadFile
WriteFile
FlushFileBuffers
TlsAlloc
CreateNamedPipeW
DisconnectNamedPipe
EncodePointer
LCIDToLocaleName
GetUserDefaultUILanguage
CreateFileW
WaitNamedPipeW
TlsGetValue
lstrlenW
TlsSetValue
GetNamedPipeClientProcessId
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetFullPathNameW
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GetSystemDirectoryW
LoadLibraryExW
GetCurrentThread
GetEnvironmentVariableW
WaitForMultipleObjects
ConnectNamedPipe
SetThreadStackGuarantee
ReadFileEx
GlobalAlloc
ExitProcess
GlobalUnlock
GlobalSize
GlobalLock
CancelIo
CreateEventW
FormatMessageW
CopyFileExW
WaitForSingleObject
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
FreeLibrary
GetProcAddress
LoadLibraryA
RemoveDirectoryW
HeapFree
HeapAlloc
GetLastError
GetProcessHeap
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
GetSystemTimePreciseAsFileTime
SetFileTime
GetCurrentProcess
DuplicateHandle
GetSystemInfo
QueryPerformanceFrequency
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
SetHandleInformation
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
TlsFree
PostQueuedCompletionStatus
AddVectoredExceptionHandler
CompareStringOrdinal
CreateIoCompletionPort
DeleteProcThreadAttributeList
GetQueuedCompletionStatusEx
FreeEnvironmentStringsW
GetOverlappedResult
MoveFileExW
SetFileAttributesW
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetFileInformationByHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleMode
SetConsoleMode

user32

RegisterClipboardFormatW
OpenClipboard
IsClipboardFormatAvailable
EnumChildWindows
RegisterWindowMessageA
GetClipboardData
RegisterClassExW
EmptyClipboard
SetClipboardData
GetDC
RegisterRawInputDevices
CloseClipboard
DispatchMessageA
GetMessageA
MsgWaitForMultipleObjectsEx
ToUnicodeEx
GetKeyboardLayout
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
GetRawInputData
SetWindowLongPtrW
SetCapture
EnableMenuItem
CheckMenuItem
ChangeDisplaySettingsExW
SystemParametersInfoA
PostQuitMessage
ShowWindow
CreateAcceleratorTableW
GetSystemMenu
SendMessageW
SetWindowLongW
GetClipCursor
ClipCursor
ShowCursor
AppendMenuW
GetClientRect
PostMessageW
RedrawWindow
SetMenu
IsIconic
GetCursorPos
ReleaseCapture
CreateMenu
SetMenuItemInfoW
CreateIcon
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
DestroyIcon
DestroyAcceleratorTable
IsProcessDPIAware
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
SendInput
AllowSetForegroundWindow
LoadCursorW
GetWindowPlacement
SetWindowPlacement
ClientToScreen
GetMonitorInfoW
MonitorFromWindow
SetWindowPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
GetWindowLongW
TrackMouseEvent
MonitorFromRect
SetCursor
InvalidateRgn
FlashWindowEx
DefWindowProcW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
GetUpdateRect
PeekMessageW
PostThreadMessageW
ValidateRect
MonitorFromPoint
DestroyWindow
SetCursorPos
GetActiveWindow
EnumDisplayMonitors
GetWindowLongPtrW
SetWindowDisplayAffinity
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
GetMenu
GetForegroundWindow

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

ole32

CoTaskMemFree
CoInitializeEx
RegisterDragDrop
CoUninitialize
RevokeDragDrop
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc

comctl32

DefSubclassProc
RemoveWindowSubclass
TaskDialogIndirect
SetWindowSubclass

shell32

SHGetKnownFolderPath
SHAppBarMessage
SHCreateItemFromParsingName
DragFinish
DragQueryFileW
ShellExecuteW

advapi32

EventRegister
RegCloseKey
EventSetInformation
RegQueryValueExW
RegSetValueExW
EventWriteTransfer
RevertToSelf
EventUnregister
ImpersonateAnonymousToken
RegCreateKeyExW
RegGetValueW
SystemFunction036
RegOpenKeyExW

ws2_32

setsockopt
WSASend
send
getaddrinfo
recv
shutdown
WSAIoctl
getsockopt
ioctlsocket
freeaddrinfo
WSAGetLastError
connect
bind
WSASocketW
getpeername
WSAStartup
getsockname
WSACleanup
closesocket

secur32

AcquireCredentialsHandleA
FreeCredentialsHandle
DecryptMessage
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
ApplyControlToken
QueryContextAttributesW
DeleteSecurityContext

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateChain

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
SetErrorInfo

uxtheme

SetWindowTheme

ntdll

NtReadFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile
NtCreateFile

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

floorf
sinf
expf
ceilf
round
exp2f
__setusermatherr
trunc
truncf
roundf
floor
ceil
pow

api-ms-win-crt-string-l1-1-0

strlen
strcpy_s
_wcsicmp
wcslen
wcsncmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh
calloc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

terminate
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_crt_atexit
__p___argc
__p___argv
_register_onexit_function
strerror
_initialize_onexit_table
_cexit
_register_thread_local_exe_atexit_callback
_c_exit
abort

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30a200931c8f14db9f3daccfce6b339f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

gdi32

dwmapi

ole32

comctl32

shell32

advapi32

ws2_32

secur32

crypt32

oleaut32

uxtheme

ntdll

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10.2MB - Virtual size: 10.2MB

.rdata Size: 5.5MB - Virtual size: 5.5MB

.data Size: 31KB - Virtual size: 42KB

.pdata Size: 475KB - Virtual size: 475KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 10.2MB - Virtual size: 10.2MB

.rdata
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 31KB - Virtual size: 42KB

.pdata
Size: 475KB - Virtual size: 475KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 78KB - Virtual size: 78KB