3b8c7ccecb48aeff45404cf010d676df5d9929bf53e4e42255f761728420c188

Sharing

Copy URL

Twitter E-mail

General

Target

3b8c7ccecb48aeff45404cf010d676df5d9929bf53e4e42255f761728420c188
Size

18.9MB
MD5

d02b4f1896b919e73f9e778e9cc6403c
SHA1

ca28183403dfc59ccf823eb3ceabc8b09ebe1733
SHA256

3b8c7ccecb48aeff45404cf010d676df5d9929bf53e4e42255f761728420c188
SHA512

7bdc79aa625c2c969d2099022c6447399a14f981bbabe0f8a656bda202f6704201087c7770cc219d2e9192f7b40ad21c1fd69a4756523fb2a0c6fef9d692720a
SSDEEP

98304:9QPMYCD589QLhxm3Zg0bgvkwvw+Z7TUOHgnouba4FoJ92g7kEdEDnmmSptBPT8Gf:9fF8e7IdaA0EDmPP4GoGXmlZ/VEB5F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b8c7ccecb48aeff45404cf010d676df5d9929bf53e4e42255f761728420c188

Files

3b8c7ccecb48aeff45404cf010d676df5d9929bf53e4e42255f761728420c188
.exe windows:6 windows x64 arch:x64

d0fcc93725b1d4a35ecba021f0b77deb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

app.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

kernel32

GetCurrentThread
RtlUnwindEx
EncodePointer
WideCharToMultiByte
IsProcessorFeaturePresent
ReleaseMutex
CreateMutexW
Sleep
MultiByteToWideChar
GetModuleHandleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
FormatMessageW
GetSystemTimeAsFileTime
InitializeSListHead
QueryPerformanceFrequency
QueryPerformanceCounter
SetFileTime
GetProcessId
TerminateProcess
GetCurrentProcess
GetUserDefaultLocaleName
GetCurrentThreadId
GlobalAlloc
FindClose
GetLastError
GetModuleFileNameW
GlobalUnlock
GetUserDefaultUILanguage
LCIDToLocaleName
lstrlenW
LoadLibraryW
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetFullPathNameW
CreateThread
WriteConsoleW
RtlPcToFileHeader
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
ExitProcess
CancelIo
CopyFileExW
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
HeapReAlloc
GetSystemTimePreciseAsFileTime
GetExitCodeProcess
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
GlobalSize
GlobalLock
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
FindNextFileW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
GetFileAttributesW
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
TlsAlloc
TlsGetValue
GetEnvironmentVariableW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
SetWaitableTimer
DuplicateHandle
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
TlsFree
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
CompareStringOrdinal
DeleteProcThreadAttributeList
TlsSetValue
CloseHandle
IsDebuggerPresent
CreatePipe
HeapAlloc
HeapFree
GetProcessHeap
ReadFile
WriteFile
WaitForSingleObject
CreateEventW
FreeLibrary
LoadLibraryExA
FlushFileBuffers
DisconnectNamedPipe
GetNativeSystemInfo
GetSystemInfo
RaiseException
GetModuleHandleA
GlobalFree
GetProcAddress
LoadLibraryA
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MoveFileExW
SetFileAttributesW
CreateFileW
UpdateProcThreadAttribute
GetConsoleMode
GetFileInformationByHandle
SetFileCompletionNotificationModes
GetOverlappedResult
SetHandleInformation
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort

user32

AdjustWindowRectEx
GetWindowRect
SetForegroundWindow
FlashWindowEx
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
DestroyIcon
GetForegroundWindow
GetRawInputData
IsProcessDPIAware
SystemParametersInfoA
CreateAcceleratorTableW
CreateMenu
SetMenuItemInfoW
DestroyAcceleratorTable
VkKeyScanW
MapVirtualKeyExW
GetKeyState
CreateIcon
GetKeyboardLayout
GetAsyncKeyState
CreateWindowExW
GetKeyboardState
SetWindowDisplayAffinity
GetMenu
ShowCursor
ClipCursor
GetClipCursor
ToUnicodeEx
GetSystemMenu
UnregisterHotKey
RegisterHotKey
CheckMenuItem
EnableMenuItem
SetCapture
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterWindowMessageA
GetMessageA
DispatchMessageA
GetActiveWindow
SetCursorPos
SetCursor
RegisterTouchWindow
ShowWindow
LoadCursorW
InvalidateRgn
SetWindowPos
EnumChildWindows
GetWindowPlacement
SetWindowPlacement
IsWindow
PeekMessageW
GetWindowLongW
GetWindowTextW
IsWindowVisible
ReleaseDC
ChangeDisplaySettingsExW
CloseClipboard
GetClipboardData
ClientToScreen
ReleaseCapture
GetCursorPos
DefWindowProcW
PostThreadMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
IsIconic
SetMenu
RedrawWindow
GetClientRect
DestroyWindow
SendInput
AllowSetForegroundWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetDC
SetMenuItemBitmaps
AppendMenuW
SetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatW
OpenClipboard
SendMessageW
RegisterClassExW
FindWindowW
PostQuitMessage
DestroyMenu
TrackPopupMenu
CreatePopupMenu
RemoveClipboardFormatListener
AddClipboardFormatListener
PostMessageW
GetUpdateRect
ValidateRect
GetMonitorInfoW
MonitorFromWindow
SetWindowLongW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
GetSystemMetrics

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass
TaskDialogIndirect

gdi32

CreateCompatibleDC
CreateRectRgn
GetDeviceCaps
CreateDIBSection
DeleteObject
GetObjectW
GetDIBits

dwmapi

DwmEnableBlurBehindWindow
DwmSetWindowAttribute

ole32

CreateStreamOnHGlobal
RegisterDragDrop
CoTaskMemAlloc
RevokeDragDrop
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoIncrementMTAUsage
OleInitialize

shell32

SHCreateItemFromParsingName
SHAppBarMessage
SHGetKnownFolderPath
ShellExecuteW
DragQueryFileW
DragFinish

advapi32

ImpersonateAnonymousToken
SystemFunction036
RegGetValueW
RegCloseKey
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RevertToSelf
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SysFreeString
SetErrorInfo
GetErrorInfo
SysStringLen

uxtheme

SetWindowTheme

ntdll

NtWriteFile
NtCreateFile
NtReadFile
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlGetVersion
NtCancelIoFileEx

secur32

FreeCredentialsHandle
DeleteSecurityContext
QueryContextAttributesW
InitializeSecurityContextW
DecryptMessage
AcceptSecurityContext
FreeContextBuffer
AcquireCredentialsHandleA
EncryptMessage
ApplyControlToken

ws2_32

ioctlsocket
getaddrinfo
freeaddrinfo
closesocket
WSACleanup
WSAStartup
getsockname
getpeername
WSASocketW
bind
connect
getsockopt
WSAGetLastError
shutdown
recv
WSAIoctl
setsockopt
WSASend
send

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateStore

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

__setusermatherr
roundf
fma
round
exp2f
truncf
ceilf
pow
floorf
sinf
exp
floor
ceil
log2
expf
powf
fmaf
trunc

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcpy_s
wcslen
strlen
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
strerror
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_c_exit
abort
_initialize_onexit_table
_cexit
__p___argv
__p___argc
_seh_filter_exe
_set_app_type
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode
calloc

Sections

.text
Size: 11.4MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0fcc93725b1d4a35ecba021f0b77deb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

comctl32

gdi32

dwmapi

ole32

shell32

advapi32

api-ms-win-core-winrt-l1-1-0

oleaut32

uxtheme

ntdll

secur32

ws2_32

crypt32

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 11.4MB - Virtual size: 11.4MB

.rdata Size: 6.9MB - Virtual size: 6.9MB

.data Size: 13KB - Virtual size: 25KB

.pdata Size: 504KB - Virtual size: 504KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 57KB - Virtual size: 56KB

.text
Size: 11.4MB - Virtual size: 11.4MB

.rdata
Size: 6.9MB - Virtual size: 6.9MB

.data
Size: 13KB - Virtual size: 25KB

.pdata
Size: 504KB - Virtual size: 504KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 57KB - Virtual size: 56KB