MangoKeywordsGUI[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MangoKeywordsGUI.exe
Size

15.3MB
MD5

231fa08d0028c22d60bf518bf2e3615b
SHA1

7e0fd503bf320319b9c527c823fdcf5e5d2eef4d
SHA256

07391a3d0e3cd43bf1fce74cc5dc29d95f0774d294abbc63fd8dcd281cecf105
SHA512

593307fa18b04bcd3c673537ea862e9d123550710937b461b620642eb371b67fb0b43bac44930c16ba53b4daa79a0f2b3a07fbe9b22c2811a5934ac2aa502d1e
SSDEEP

98304:xjYwG3AAkPyKDgDVtwxjt8B203CFI19SswqTdVi72XMVQmppPF32aO3QdM3HwAec:xO3PksSUVMVGaOASw/rSka

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MangoKeywordsGUI.exe

Files

MangoKeywordsGUI.exe
.exe windows:6 windows x64 arch:x64

115164967564701371491048c68fe8b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

FreeMibTable
GetIfEntry2
GetIfTable2

ntdll

NtWriteFile
RtlVirtualUnwind
RtlNtStatusToDosError
NtQuerySystemInformation
NtQueryInformationProcess
RtlGetVersion
NtReadFile
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
NtCancelIoFileEx

bcrypt

BCryptGenRandom

kernel32

SetFileCompletionNotificationModes
Sleep
GetModuleHandleW
GetCurrentThreadId
WaitForSingleObject
WakeAllConditionVariable
SetFilePointerEx
RemoveVectoredExceptionHandler
UnmapViewOfFile
VirtualProtect
IsDebuggerPresent
DuplicateHandle
GetCurrentProcess
MapViewOfFile
GlobalMemoryStatusEx
SleepConditionVariableSRW
WakeConditionVariable
CreateFileMappingW
GetSystemInfo
GetDiskFreeSpaceExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceFrequency
lstrlenW
SwitchToThread
AcquireSRWLockExclusive
CreateEventA
QueryPerformanceCounter
ReleaseSRWLockExclusive
CreateIoCompletionPort
PostQueuedCompletionStatus
GetModuleHandleA
GlobalAlloc
TryAcquireSRWLockExclusive
MultiByteToWideChar
GlobalUnlock
InitializeSListHead
WideCharToMultiByte
ReleaseMutex
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GlobalSize
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
FindClose
GetFinalPathNameByHandleW
SetHandleInformation
FormatMessageW
GetFullPathNameW
GlobalLock
GetStdHandle
GetConsoleMode
WriteConsoleW
CreateThread
GetSystemTimeAsFileTime
GetTempPathW
CloseHandle
GetProcAddress
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetProcessTimes
OpenProcess
ReadProcessMemory
VirtualQueryEx
GlobalFree
GetLastError
LoadLibraryExW
GetLogicalDrives
SetThreadErrorMode
FreeLibrary
GetTickCount64
GetQueuedCompletionStatusEx
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimes
GetProcessIoCounters
HeapReAlloc
LocalFree

user32

SystemParametersInfoA
GetClipboardData
OpenClipboard
CreateIcon
GetDC
IsProcessDPIAware
GetMenu
GetClientRect
DestroyIcon
AdjustWindowRectEx
RedrawWindow
GetMonitorInfoW
PostMessageW
ClipCursor
EmptyClipboard
SetClipboardData
SetWindowTextW
MonitorFromWindow
CloseClipboard
RegisterClassExW
CreateWindowExW
SetWindowLongPtrW
RegisterRawInputDevices
GetClipCursor
ShowCursor
GetActiveWindow
SetWindowLongW
SendMessageW
ShowWindow
MonitorFromPoint
ChangeDisplaySettingsExW
MsgWaitForMultipleObjectsEx
GetMessageW
RegisterWindowMessageA
MessageBoxW
TranslateMessage
DispatchMessageW
LoadCursorW
SetCursor
GetKeyboardLayout
ToUnicodeEx
DestroyWindow
GetWindowLongPtrW
PeekMessageW
GetWindowPlacement
SetWindowPlacement
GetKeyState
InvalidateRgn
GetUpdateRect
ValidateRect
GetRawInputData
SetWindowPos
GetCursorPos
ClientToScreen
GetWindowLongW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ReleaseCapture
SetCapture
TrackMouseEvent
MonitorFromRect
MapVirtualKeyA
GetKeyboardState
RegisterTouchWindow
GetSystemMetrics
SetForegroundWindow
SendInput
MapVirtualKeyW
DefWindowProcW
PostThreadMessageW

shell32

DragQueryFileW
CommandLineToArgvW
SHGetKnownFolderPath
DragFinish
SHCreateItemFromParsingName

ole32

CoInitializeEx
CoInitializeSecurity
RevokeDragDrop
RegisterDragDrop
OleInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree

ws2_32

send
WSASend
recv
getsockopt
shutdown
WSACleanup
freeaddrinfo
getaddrinfo
getpeername
getsockname
connect
WSAGetLastError
closesocket
WSAIoctl
WSAStartup
setsockopt
bind
ioctlsocket
WSASocketW
socket

crypt32

CertFreeCertificateChain
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertGetCertificateChain
CertOpenStore
CertCloseStore
CertFreeCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore

pdh

PdhAddEnglishCounterA
PdhGetFormattedCounterArrayA
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhOpenQueryA
PdhRemoveCounter
PdhCloseQuery

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

secur32

ApplyControlToken
AcquireCredentialsHandleA
DecryptMessage
QueryContextAttributesW
InitializeSecurityContextW
LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer
AcceptSecurityContext
FreeCredentialsHandle
FreeContextBuffer
DeleteSecurityContext
EncryptMessage

advapi32

LookupAccountSidW
GetTokenInformation
OpenProcessToken
SystemFunction036
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

oleaut32

VariantClear
SysFreeString
SysAllocString

powrprof

CallNtPowerInformation

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

d3dcompiler_47

D3DCompile

uxtheme

SetWindowTheme

winmm

timeBeginPeriod
timeEndPeriod
timeGetDevCaps

psapi

GetPerformanceInfo
GetModuleFileNameExW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__CxxFrameHandler3
memcmp
_CxxThrowException
__std_exception_copy
__std_exception_destroy
memmove
memcpy
__C_specific_handler
__current_exception
__current_exception_context
memset

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-math-l1-1-0

_hypotf
roundf
round
pow
ceil
tan
powf
cos
sin
exp2f
__setusermatherr
acos
log10
trunc
_hypot
fmod
log2
floor
sinf
ceilf
floorf
cosf
log2f
truncf
atan2
fmodf
acosf

api-ms-win-crt-string-l1-1-0

strlen
wcslen

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_configure_narrow_argv
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
terminate
_exit
_invalid_parameter_noinfo_noreturn
__p___argv
__p___argc
_initialize_narrow_environment
_wassert
exit
_initterm_e
_seh_filter_exe
_get_initial_narrow_environment
_set_app_type
_initterm
strerror

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc

Sections

.text
Size: 10.7MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

115164967564701371491048c68fe8b7

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

ntdll

bcrypt

kernel32

user32

shell32

ole32

ws2_32

crypt32

pdh

gdi32

dwmapi

secur32

advapi32

oleaut32

powrprof

netapi32

d3dcompiler_47

uxtheme

winmm

psapi

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 10.7MB - Virtual size: 10.7MB

.rdata Size: 4.1MB - Virtual size: 4.1MB

.data Size: 10KB - Virtual size: 12KB

.pdata Size: 365KB - Virtual size: 364KB

.rsrc Size: 75KB - Virtual size: 75KB

.reloc Size: 75KB - Virtual size: 74KB

.text
Size: 10.7MB - Virtual size: 10.7MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 10KB - Virtual size: 12KB

.pdata
Size: 365KB - Virtual size: 364KB

.rsrc
Size: 75KB - Virtual size: 75KB

.reloc
Size: 75KB - Virtual size: 74KB