blur[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

blur.exe
Size

1.4MB
MD5

323a74bb63e459f34729743f63b58538
SHA1

e21f16a5ba99426baf79cf7a0c01b6137c41b2b1
SHA256

ee5b5ddadc5d8831c99916385089323505d7d6323fef61a92018ebedfe8f4d10
SHA512

a868f75a11f3ec573751be42393aa6f9908f331be45066023e01d7c76fd61ba4af79fd632e501b29daed8373aa693a2910ebf75872da6a4e06738eb3dc737304
SSDEEP

24576:mRsDBOAmxp8/MwqU7BLIOYwYfIBrHIIUCTi6NjFieZ+QnOZ3Zdmc:3BCp8t7BLIOQiUZ6NfnO5D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
blur.exe

Files

blur.exe
.exe windows:6 windows x64 arch:x64

fefade2146ecc57ef2b7e9a3d27bad4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdiplus

GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromFile
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectI
GdipDrawString
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipFree

opengl32

glClearColor
glViewport
glClear

dwmapi

DwmSetWindowAttribute

kernel32

IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
FindNextFileW
GetFileAttributesExW
UnhandledExceptionFilter
RtlVirtualUnwind
MultiByteToWideChar
GlobalLock
WideCharToMultiByte
GlobalUnlock
GlobalAlloc
GlobalFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileAttributesW
SetFileAttributesW
GetModuleFileNameA
ReadFile
GetModuleHandleW
CreatePipe
CreateProcessW
CloseHandle
WaitForSingleObject
TerminateProcess
GetCommandLineW
SetThreadExecutionState
QueryPerformanceCounter
QueryPerformanceFrequency
VerSetConditionMask
GetLastError
SetEvent
FormatMessageW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileA
GetFileSizeEx
HeapAlloc
HeapFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetStartupInfoW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
LocalFree
FormatMessageA
GetLocaleInfoEx
RtlCaptureContext
RtlLookupFunctionEntry
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
CreateEventW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetModuleHandleExW

user32

EnumDisplaySettingsW
ChangeDisplaySettingsExW
ToUnicode
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetRawInputDeviceList
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
LoadImageW
DestroyIcon
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
SetRect
ClipCursor
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
RemovePropW
GetPropW
EnumDisplayDevicesW
ReleaseDC
GetDC
SetForegroundWindow
ReleaseCapture
SetCapture
MapVirtualKeyW
GetKeyState
GetActiveWindow
SetFocus
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
DestroyWindow
UnregisterClassW
GetMessageTime
PeekMessageW
TrackMouseEvent
LoadIconW
SetClassLongPtrW
SendMessageW
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
EnumDisplayMonitors
CreateWindowExW
AdjustWindowRect
RegisterClassExW
LoadCursorW
DefWindowProcW
SetPropW
ShowWindow
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
GetWindowThreadProcessId
EnumWindows
PostQuitMessage
BeginPaint
GetClientRect
FillRect
GetWindowRect
SetWindowPos
EndPaint

gdi32

CreateRectRgn
DeleteObject
CreateDCW
DeleteDC
GetDeviceCaps
SetDeviceGammaRamp
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SwapBuffers

shell32

DragQueryFileW
CommandLineToArgvW
DragQueryPoint
DragAcceptFiles
DragFinish

msvcp140

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
_Mbrtowc
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Strcoll
_Strxfrm
?id@?$collate@D@std@@2V0locale@2@A
_Thrd_id
_Thrd_join
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xinvalid_argument@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Thrd_detach
?_Xbad_function_call@std@@YAXXZ
?_Random_device@std@@YAIXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1facet@locale@std@@MEAA@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?exceptions@ios_base@std@@QEAAXH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?uncaught_exceptions@std@@YAHXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Xbad_alloc@std@@YAXXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

imm32

ImmGetContext
ImmSetCandidateWindow
ImmReleaseContext
ImmSetCompositionWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strchr
__std_exception_destroy
__std_exception_copy
_CxxThrowException
__intrinsic_setjmp
__current_exception_context
__current_exception
__C_specific_handler
memcmp
memchr
longjmp
strrchr
memmove
memset
memcpy
__std_terminate
strstr

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
realloc
free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

strncpy
strcmp
strcspn
tolower
strncmp
strspn

api-ms-win-crt-stdio-l1-1-0

fread
fwrite
fclose
ftell
__p__commode
__acrt_iob_func
_wfopen
__stdio_common_vsprintf
fflush
__stdio_common_vsscanf
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
fputc
ungetc
fgetc
fgetpos
_fseeki64
fsetpos
setvbuf
__stdio_common_vfwprintf
_set_fmode
fseek

api-ms-win-crt-convert-l1-1-0

strtoul
strtol

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_configure_narrow_argv
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
terminate
_c_exit
_register_thread_local_exe_atexit_callback
_beginthreadex
_errno
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

_dsign
acosf
cosf
_ldclass
_fdclass
sinf
_dclass
ceilf
__setusermatherr
sqrtf

api-ms-win-crt-time-l1-1-0

_difftime64
_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

Sections

.text
Size: 878KB - Virtual size: 878KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fefade2146ecc57ef2b7e9a3d27bad4f

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

opengl32

dwmapi

kernel32

user32

gdi32

shell32

msvcp140

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 878KB - Virtual size: 878KB

.rdata Size: 354KB - Virtual size: 353KB

.data Size: 11KB - Virtual size: 24KB

.pdata Size: 46KB - Virtual size: 46KB

.rsrc Size: 101KB - Virtual size: 101KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 878KB - Virtual size: 878KB

.rdata
Size: 354KB - Virtual size: 353KB

.data
Size: 11KB - Virtual size: 24KB

.pdata
Size: 46KB - Virtual size: 46KB

.rsrc
Size: 101KB - Virtual size: 101KB

.reloc
Size: 4KB - Virtual size: 4KB