d0847bc14441e00ed3326e6ca5aad788cdd17719575618a4423f8a3ebd1fd36a

Sharing

Copy URL

Twitter E-mail

General

Target

d0847bc14441e00ed3326e6ca5aad788cdd17719575618a4423f8a3ebd1fd36a
Size

4.1MB
MD5

8337d626668add205c2e98aef961eb4a
SHA1

634fc2f438e7e4329a14287e9a149bdb9e954f41
SHA256

d0847bc14441e00ed3326e6ca5aad788cdd17719575618a4423f8a3ebd1fd36a
SHA512

17f7bec816af4f1e0640a77534dd1967a33fb8c670a1ea0be644efd147bcad7dd0be259b2eb499af6cff95ee6a02288de4c7feed4484de9c8b78b7570bfa1e34
SSDEEP

49152:4Zu7lBTKyNmMLb57eu55DqwkUdJoIISzY6YD27Oq:nuyVb5f55GjWJrzY6YD2Kq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d0847bc14441e00ed3326e6ca5aad788cdd17719575618a4423f8a3ebd1fd36a

Files

d0847bc14441e00ed3326e6ca5aad788cdd17719575618a4423f8a3ebd1fd36a
.exe windows:6 windows x86 arch:x86

14ba8f04cd8c0d497a33167a2f4d23a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MediaCreationTool.pdb

Imports

advapi32

GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
RegDeleteKeyW
UnregisterTraceGuids
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetKeySecurity
RegSetValueExW
CryptGenRandom
RegCreateKeyExW
CryptAcquireContextW
CryptReleaseContext
OpenThreadToken
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
LookupPrivilegeValueW

kernel32

GetSystemTimeAsFileTime
GetDiskFreeSpaceExW
GetVolumeInformationW
GetDriveTypeW
HeapAlloc
HeapFree
GetModuleHandleExW
GetModuleHandleW
GetProcessHeap
GetVersionExW
GetProcAddress
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLastError
CompareStringW
UnhandledExceptionFilter
GetTickCount
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
Sleep
GetFileAttributesW
FreeLibrary
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
CreateDirectoryW
SetFileAttributesW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
CloseHandle
CreateMutexW
CreateFileW
OutputDebugStringW
GetSystemDefaultLCID
GetSystemDefaultLangID
FormatMessageW
LocalFree
GetWindowsDirectoryW
GetCurrentProcess
DecodePointer
IsWow64Process
EncodePointer
CreateThread
WaitForSingleObject
SetEvent
FindFirstFileW
InitializeCriticalSection
SetLastError
FindClose
FindNextFileW
GetSystemDirectoryW
LoadLibraryExW
GetCurrentThread
DeviceIoControl
VirtualAlloc
ReadFile
VirtualFree
LoadLibraryW
GetLocaleInfoW
GetFullPathNameW
GetFileInformationByHandle
GetCurrentDirectoryW
SetErrorMode
ExpandEnvironmentStringsW
GetFileSize
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
GetSystemInfo
ResetEvent
CreateEventW
SetThreadExecutionState
GetSystemPowerStatus
GetLogicalDriveStringsW
GetNativeSystemInfo
TerminateProcess

gdi32

CreateCompatibleDC
SetBrushOrgEx
StretchBlt
BitBlt
CreateICW
GetStockObject
DeleteDC
CreateFontW
RemoveFontMemResourceEx
SetBkMode
SetTextColor
GetDeviceCaps
CreateSolidBrush
CreateFontIndirectW
GetObjectW
AddFontMemResourceEx
DeleteObject

user32

ClientToScreen
GetNextDlgTabItem
FillRect
SystemParametersInfoW
InvalidateRect
GetDC
GetWindowRect
CopyRect
RedrawWindow
DrawFocusRect
TrackMouseEvent
KillTimer
MessageBeep
GetForegroundWindow
ShowWindow
EnableWindow
LoadIconW
SendMessageW
LoadImageW
GetSystemMenu
ScreenToClient
IsChild
PostMessageW
GetKeyState
GetFocus
SetTimer
DrawTextW
MessageBoxW
GetParent
GetClientRect
GetWindowLongW
EnableMenuItem
SetWindowLongW
GetSysColorBrush
GetSystemMetrics
IsWindowVisible
LoadStringW
LoadBitmapW
SetCursor
LoadCursorW
GetSysColor
SetForegroundWindow

msvcrt

memcmp
memset
memcpy
memmove_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_wcsicmp
memmove
ldiv
?what@exception@@UBEPBDXZ
_purecall
wcsrchr
bsearch
iswspace
memcpy_s
_vsnwprintf
_except_handler4_common
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
time
_ftime64_s
wcschr
wcsncmp
_wcsnicmp
_wtoi
wcstoul
__RTDynamicCast

secur32

GetUserNameExW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

comctl32

InitCommonControlsEx

comdlg32

GetSaveFileNameW

ntdll

RtlAllocateHeap
NtSetInformationFile
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlCompareMemory
NtYieldExecution
RtlRaiseStatus
NtClose
RtlEnterCriticalSection
NtWriteFile
NtWaitForSingleObject
NtCreateFile
RtlReAllocateHeap
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlGetVersion
RtlFreeHeap

ole32

CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

shell32

SHGetFolderPathW
ShellExecuteExW
ShellExecuteW

version

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

uxtheme

SetWindowTheme
IsAppThemed

wdscore

CurrentIP
ConstructPartialMsgVW
WdsTerminate
WdsInitialize
WdsSetupLogMessageW

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces

Sections

.text
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14ba8f04cd8c0d497a33167a2f4d23a7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

secur32

wtsapi32

comctl32

comdlg32

ntdll

ole32

oleaut32

shell32

version

uxtheme

wdscore

winhttp

setupapi

Sections

.text Size: 406KB - Virtual size: 405KB

.data Size: 4KB - Virtual size: 9KB

.idata Size: 10KB - Virtual size: 9KB

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 406KB - Virtual size: 405KB

.data
Size: 4KB - Virtual size: 9KB

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 25KB - Virtual size: 24KB