4704766bcd2b5c691e83ae338f5970c1bdef7b691b1762cea77934319e251af3

Sharing

Copy URL Twitter E-mail

General

Target

4704766bcd2b5c691e83ae338f5970c1bdef7b691b1762cea77934319e251af3
Size

1.8MB
MD5

8fcf24bad5202efe25a6b22e32ab842f
SHA1

7ceaa906f4f884ad2b5db1fc11a99a020f1e1026
SHA256

4704766bcd2b5c691e83ae338f5970c1bdef7b691b1762cea77934319e251af3
SHA512

0591839481038bb0231daec896a26937e8ecd5f67a3713f9e1e52fee425ac2390325f692c9fff5566ed4592d5ad55d13860af5b9a63ef1e0c4b4a16e77ef3641
SSDEEP

12288:nJJeZLHExm6DYautIgAdeL6Gbz6D1KNwWZnPdk2aHkP5EYIwvi5AiXhtbkk2W45/:L2krutIgAdev6u3Iwa59bkk2aKr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4704766bcd2b5c691e83ae338f5970c1bdef7b691b1762cea77934319e251af3

Files

4704766bcd2b5c691e83ae338f5970c1bdef7b691b1762cea77934319e251af3
.exe windows:6 windows x64 arch:x64

40113964056b5c99aea7a891e30864ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Programming\CPP-C\ColorTriggerCPP\Tascher-master\bin\Debug\x64\Tascher.pdb

Imports

shlwapi

PathRemoveExtensionW
PathFindFileNameW
StrRStrIW
PathRemoveFileSpecW
StrStrIW
StrRChrW
StrCmpNIW
PathCompactPathW
SHAutoComplete
ord176
PathStripPathW
ord487
StrToIntExW
StrToIntW
StrStrW
StrNCatW
StrChrW
ChrCmpIW

comctl32

ImageList_Create
ImageList_Destroy
InitCommonControlsEx

psapi

GetProcessImageFileNameW

gdiplus

GdipAlloc
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdiplusShutdown
GdiplusStartup
GdipCreateLineBrushI
GdipDrawImageRectI
GdipFillRectangleI
GdipCreateHICONFromBitmap
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneBitmapAreaI
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM

windowscodecs

WICConvertBitmapSource

iphlpapi

GetExtendedTcpTable

urlmon

URLOpenBlockingStreamW

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FlsAlloc
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FlsGetValue
FreeEnvironmentStringsW
FindClose
SetConsoleCtrlHandler
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpyW
lstrcatW
SetCurrentDirectoryW
GetCurrentDirectoryW
HeapAlloc
HeapFree
GetProcessHeap
GetModuleFileNameW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
CompareFileTime
LocalFileTimeToFileTime
QueryDosDeviceW
CloseHandle
GetLastError
SetLastError
HeapCreate
HeapReAlloc
HeapSize
GetProcessTimes
TerminateProcess
SetPriorityClass
GetPriorityClass
OpenProcess
GetLocalTime
ReadProcessMemory
GetModuleHandleW
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcmpiW
GetPrivateProfileIntW
FlsFree
WritePrivateProfileStringW
DeleteFileW
GetCommandLineW
DuplicateHandle
HeapDestroy
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TerminateThread
GetExitCodeThread
GetProcessId
lstrcpynW
GetDateFormatW
WriteConsoleW
OutputDebugStringW
GetFileType
FreeLibraryAndExitThread
ResumeThread
GetSystemInfo
HeapValidate
WriteFile
GetStdHandle
GetModuleHandleExW
RtlPcToFileHeader
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
RtlUnwindEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
InitializeCriticalSectionEx
GetTempPathW
SetFileInformationByHandle
GetNativeSystemInfo
SwitchToThread
WaitForSingleObjectEx
QueryPerformanceFrequency
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualQuery
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
IsDebuggerPresent
GetTimeFormatW
CompareStringW
LCMapStringW
HeapQueryInformation
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
FlsSetValue
CreateFileW
GetPrivateProfileStringW
RtlUnwind

user32

SetTimer
KillTimer
TranslateAcceleratorW
GetMenuItemCount
DeleteMenu
SetForegroundWindow
ShowScrollBar
ClipCursor
SetClassLongPtrW
FindWindowW
GetShellWindow
EnumWindows
DestroyCursor
DrawIconEx
InternalGetWindowText
GetRawInputData
IsZoomed
IsIconic
SetLayeredWindowAttributes
GetLayeredWindowAttributes
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
DestroyIcon
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
EnumChildWindows
SetWindowLongPtrW
GetWindowLongW
OffsetRect
MapWindowPoints
SetCursor
InvalidateRect
EndPaint
BeginPaint
DrawTextW
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
TrackPopupMenu
DestroyMenu
CreatePopupMenu
LoadMenuW
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetKeyState
GetFocus
SetFocus
SendDlgItemMessageW
SetDlgItemTextW
SendMessageW
MessageBoxW
wsprintfW
IsHungAppWindow
TrackMouseEvent
RegisterHotKey
UnregisterHotKey
GetDlgItem
EndDialog
DialogBoxParamW
CreateDialogParamW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MoveWindow
CallWindowProcW
PostMessageW
GetDoubleClickTime
LoadStringW
GetRawInputDeviceList
RegisterRawInputDevices
GetCursorInfo
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
SystemParametersInfoW
GetIconInfo
LoadImageW
PrivateExtractIconsW
LoadIconW
GetWindow
GetWindowThreadProcessId
GetTopWindow
GetClassNameW
FindWindowExW
GetParent
GetClassLongPtrW
GetWindowLongPtrW
PtInRect
ChildWindowFromPoint
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursorPos
GetWindowRect
GetClientRect
GetWindowTextW
SetWindowTextW
ReleaseDC
GetDC
AllowSetForegroundWindow
SwitchToThisWindow
GetForegroundWindow
GetSystemMetrics
DestroyAcceleratorTable
CreateAcceleratorTableW
MapVirtualKeyW
SendInput
GetKeyNameTextW
GetAsyncKeyState
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
ShowWindow
SendMessageTimeoutW
GetSubMenu

gdi32

CreateSolidBrush
CreateRectRgn
GetTextMetricsW
SetTextColor
GetTextExtentPoint32W
SetBkMode
SelectObject
GetDIBits
GetDeviceCaps
DeleteObject
DeleteDC
CreateFontIndirectW
CreateDCW
CreateCompatibleDC
GdiGradientFill
GetPixel
FrameRgn
EnumFontFamiliesExW
GetObjectW

comdlg32

CommDlgExtendedError
ChooseColorW
GetOpenFileNameW

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
InitializeSecurityDescriptor

shell32

SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetDesktopFolder
SHGetFileInfoW
SHBrowseForFolderW
SHGetSpecialFolderLocation
Shell_NotifyIconW

ole32

CoTaskMemFree
PropVariantClear
CoUninitialize
CoInitializeEx
CoCreateInstance
IIDFromString

oleaut32

SysFreeString
VariantInit
SysStringLen
VariantClear
SysAllocString

Sections

.textbss
Size: - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 863B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40113964056b5c99aea7a891e30864ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

comctl32

psapi

gdiplus

windowscodecs

iphlpapi

urlmon

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.textbss Size: - Virtual size: 600KB

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 406KB - Virtual size: 405KB

.data Size: 19KB - Virtual size: 307KB

.pdata Size: 52KB - Virtual size: 52KB

.idata Size: 19KB - Virtual size: 19KB

.msvcjmc Size: 2KB - Virtual size: 2KB

.00cfg Size: 512B - Virtual size: 373B

_RDATA Size: 1024B - Virtual size: 863B

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 13KB - Virtual size: 13KB

.textbss
Size: - Virtual size: 600KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 406KB - Virtual size: 405KB

.data
Size: 19KB - Virtual size: 307KB

.pdata
Size: 52KB - Virtual size: 52KB

.idata
Size: 19KB - Virtual size: 19KB

.msvcjmc
Size: 2KB - Virtual size: 2KB

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 863B

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 13KB - Virtual size: 13KB