9716268aae1df559a9a5ef9e90c9dc44d82ea86451a0e27121839993673ad356

Sharing

Copy URL Twitter E-mail

General

Target

9716268aae1df559a9a5ef9e90c9dc44d82ea86451a0e27121839993673ad356
Size

3.3MB
MD5

f19ae6ef2b4412dee8540eafb2155566
SHA1

4038ce094f784d68c1c9ffc324e58f00df6bbd3f
SHA256

9716268aae1df559a9a5ef9e90c9dc44d82ea86451a0e27121839993673ad356
SHA512

14cc1468c2dd922c2e3df48bfcff753a1e532ed70278f3b44552bb647afb1f7ae0f196512e5ec0ba0624e84b316851119dcc9aead93aeb2435c00e651871dd10
SSDEEP

24576:H534Wp69GTWaLg+nmc6WPeBT2TBYmaGCu1Dl33wb1ajC4Ky3xyuTdIXrmyZ:t4WAETp0+iaTKmaGCuDHwb0X3nJYCyZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9716268aae1df559a9a5ef9e90c9dc44d82ea86451a0e27121839993673ad356

Files

9716268aae1df559a9a5ef9e90c9dc44d82ea86451a0e27121839993673ad356
.exe windows:6 windows x64 arch:x64

075868c9521ce8293f887a638d396201

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

E:\workspace\MetaTrader5\Build\Installers\Distributive Core\Release64\core64.pdb

Imports

ws2_32

shutdown
WSAGetLastError
WSASend
WSARecv
select
ioctlsocket
WSAConnect
setsockopt
GetAddrInfoW
WSASocketW
FreeAddrInfoW
closesocket
WSACleanup
WSAStartup
htons

kernel32

CopyFileW
GetDiskFreeSpaceExW
GetTempPathW
ExpandEnvironmentStringsW
TerminateThread
Process32FirstW
K32GetProcessImageFileNameW
Process32NextW
WriteConsoleW
GetACP
GetStringTypeW
GetCPInfo
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
RemoveDirectoryW
ExitThread
CreateThread
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
MoveFileExW
EnumResourceNamesW
FreeResource
IsValidCodePage
LockResource
GlobalFree
VerSetConditionMask
VerifyVersionInfoW
lstrlenW
CompareStringW
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
OpenProcess
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
DecodePointer
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
GetEnvironmentVariableW
K32GetProcessMemoryInfo
GetLocalTime
GetLogicalProcessorInformationEx
GetProcessHandleCount
Module32FirstW
Module32NextW
GetCurrentThread
CreateToolhelp32Snapshot
Thread32First
OpenThread
SuspendThread
GetThreadContext
WaitForSingleObjectEx
ResumeThread
ReadProcessMemory
Thread32Next
GetCurrentProcessId
GetCurrentProcess
RaiseException
InitializeCriticalSectionEx
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrcmpiW
GetModuleHandleW
FileTimeToDosDateTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FindNextFileW
FindClose
FindFirstFileW
FileTimeToSystemTime
DosDateTimeToFileTime
DeviceIoControl
GetSystemDirectoryW
CreateProcessW
GetVolumeInformationW
GetVersionExW
GetSystemTimeAsFileTime
GetFileAttributesExW
GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
WriteFile
SetEndOfFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
WideCharToMultiByte
GetTickCount
GetCurrentThreadId
SetThreadStackGuarantee
DeleteFileW
Sleep
LeaveCriticalSection
GetExitCodeThread
EnterCriticalSection
GetSystemInfo
GetUserDefaultUILanguage
GlobalMemoryStatusEx
GetModuleFileNameW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateFileW
GetFileSizeEx
SetFilePointer
GetLastError
ReadFile
VirtualAlloc
VirtualFree
IsBadReadPtr
VirtualQuery
LocalFree
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetOEMCP
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
FreeLibraryAndExitThread

user32

RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
SetWindowPos
GetWindowThreadProcessId
GetTopWindow
GetSysColor
GetClassNameW
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
SetCursor
EndDialog
MessageBeep
LoadBitmapW
LoadIconW
EnableWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
DialogBoxParamW
BringWindowToTop
SetForegroundWindow
ShowWindow
GetWindowRect
SetClassLongPtrW
PostQuitMessage
MessageBoxW
LoadStringW
PostMessageW
IsWindowVisible
LoadImageW
SetTimer
KillTimer
SystemParametersInfoW
IsWindowEnabled
DrawFocusRect
ReleaseDC
TrackMouseEvent
GetCapture
GetCursorPos
UpdateWindow
OffsetRect
DrawTextW
SetRectEmpty
PtInRect
IsWindow
SendMessageW
GetDlgItem
GetWindow
SetFocus
GetFocus
IsChild
EndPaint
GetSystemMetrics
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
PostMessageA
CharNextW
CharLowerW
DefWindowProcW
UnregisterClassW
RegisterClassExW
LoadCursorW
SetWindowLongW
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
DestroyAcceleratorTable
GetDesktopWindow
RegisterWindowMessageW
GetActiveWindow
GetDlgCtrlID

gdi32

DeleteDC
GetDeviceCaps
GetObjectW
GetStockObject
BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateFontIndirectW
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode
GetTextExtentPoint32W
GdiGradientFill
GetTextExtentPointW
TextOutW
RestoreDC
SaveDC
CreateFontW
GetDIBits
EnumFontFamiliesExW
CreateDIBitmap

advapi32

CryptReleaseContext
CryptDestroyKey
RegCloseKey
RegQueryValueExW
QueryServiceConfigW
ControlService
QueryServiceStatus
OpenServiceW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
RegEnumKeyW
RegDeleteKeyExW
RegQueryValueW
CryptVerifySignatureW
CryptDestroyHash
CryptHashData
CryptCreateHash
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
OpenProcessToken
GetTokenInformation
GetFileSecurityW
GetSecurityDescriptorDacl
GetAclInformation
GetAce
EqualSid
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
CryptAcquireContextW

shell32

ShellExecuteExW
SHBrowseForFolderW
SHChangeNotify
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
OleUninitialize
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CLSIDFromProgID
CoUninitialize
OleInitialize
CLSIDFromString
CoGetClassObject

oleaut32

SysAllocStringLen
VariantInit
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
SysAllocString
SysFreeString
VariantClear
VarUI4FromStr

shlwapi

PathFindExtensionW
PathCanonicalizeW

comctl32

InitCommonControlsEx
DestroyPropertySheetPage
PropertySheetW
ImageList_GetImageCount
CreatePropertySheetPageW
ImageList_Create
ImageList_SetBkColor
ImageList_AddMasked
ImageList_Draw
ImageList_Destroy
ImageList_GetImageInfo

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

secur32

QueryContextAttributesW
EncryptMessage
DecryptMessage
DeleteSecurityContext
AcquireCredentialsHandleW
InitializeSecurityContextW
FreeCredentialsHandle

crypt32

CryptImportPublicKeyInfo
CertCreateCertificateChainEngine
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CryptHashCertificate
CertNameToStrW
CertGetNameStringW
CertFreeCertificateChain
CertCreateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertFreeCertificateChainEngine

dbghelp

MiniDumpWriteDump
SymFunctionTableAccess64
SymGetModuleBase64
StackWalk64
SymLoadModule64
SymInitialize
SymSetOptions
SymGetOptions

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdiplus

GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown
GdiplusStartup

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvCertFromChain

Sections

.text
Size: 490KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

075868c9521ce8293f887a638d396201

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

iphlpapi

bcrypt

secur32

crypt32

dbghelp

version

gdiplus

wintrust

Sections

.text Size: 490KB - Virtual size: 490KB

.rdata Size: 167KB - Virtual size: 166KB

.data Size: 91KB - Virtual size: 306KB

.pdata Size: 18KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 490KB - Virtual size: 490KB

.rdata
Size: 167KB - Virtual size: 166KB

.data
Size: 91KB - Virtual size: 306KB

.pdata
Size: 18KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 6KB - Virtual size: 6KB