7211ffe7e111fdb6ea90ebec24c9bdcab300ae4b89e481784033316295f02e60

Sharing

Copy URL Twitter E-mail

General

Target

7211ffe7e111fdb6ea90ebec24c9bdcab300ae4b89e481784033316295f02e60
Size

7.0MB
MD5

7b6e1a2a03e49269d3f5ec4fffd7162e
SHA1

8b737ccbca0e45ac50760b0cc6750448d84882cb
SHA256

7211ffe7e111fdb6ea90ebec24c9bdcab300ae4b89e481784033316295f02e60
SHA512

c07b4b6cf6ac4e9539df0740f67d46213375971e8d59d189f870b373e372f0c5f0877fdfc7b8cf97adc934d74f2615a976a4e44bcc6832c3383ae7226405d4ee
SSDEEP

196608:NPboCLmYiI2nlcRM17L/WWjApjFJOSkVi+C:x0C9iIdC19jYpJOSj+C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7211ffe7e111fdb6ea90ebec24c9bdcab300ae4b89e481784033316295f02e60

Files

7211ffe7e111fdb6ea90ebec24c9bdcab300ae4b89e481784033316295f02e60
.exe windows:5 windows x64 arch:x64

5b24bdbe5f6d9c123a5c2db05ee19e3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\work\TwoMerge2017-FullScreen\Release\EndOptimize64.pdb

Imports

kernel32

FreeLibrary
lstrcmpW
GetFileTime
GetSystemTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileAttributesW
GetStdHandle
GetCurrentThreadId
SetLastError
SleepEx
FormatMessageA
WaitForMultipleObjects
GetFileType
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwind
SetThreadExecutionState
LoadLibraryA
GetModuleHandleA
IsBadCodePtr
lstrcatW
GetEnvironmentVariableW
SetThreadPriority
FindNextFileA
SetEndOfFile
SetFilePointer
SetFileTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteFileA
Module32FirstW
Process32FirstW
lstrcpyA
Process32NextW
CreateToolhelp32Snapshot
GetProcessId
GetModuleFileNameW
RemoveDirectoryW
GetPrivateProfileIntW
OpenProcess
WriteFile
SizeofResource
GetCurrentProcess
FindNextFileW
SetPriorityClass
FindFirstFileA
GetFileSizeEx
FindFirstFileW
ReadFile
CreateDirectoryW
CreateFileW
DeviceIoControl
GetComputerNameW
LocalFree
GetSystemDirectoryW
GetVolumeInformationW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
LockResource
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
TerminateProcess
SystemTimeToFileTime
GetCurrentProcessId
GetLocalTime
GetDriveTypeW
LoadLibraryW
FileTimeToSystemTime
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CreateThread
FreeResource
CreateMutexW
GetCommandLineW
SetFileAttributesA
WritePrivateProfileStringA
OutputDebugStringW
GetTempPathA
OutputDebugStringA
WritePrivateProfileStringW
GetExitCodeProcess
MoveFileW
GetTickCount
CreateDirectoryA
lstrcpyW
WideCharToMultiByte
CopyFileW
GetModuleHandleW
GetFileSize
GetProcAddress
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemInfo
GetTimeZoneInformation
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FlushFileBuffers
GetConsoleCP
ReadConsoleW
GetConsoleMode
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
FreeLibraryAndExitThread
CloseHandle
GetCurrentThread
DeleteFileW
CreateFileA
Sleep
GetPrivateProfileStringW
MultiByteToWideChar
SetFileAttributesW
WaitForSingleObject
FindClose
GetPrivateProfileSectionW
GetTempPathW
ExitThread
GetModuleHandleExW
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
lstrcpynW
lstrcmpiW
GlobalAlloc
MulDiv
ExitProcess
GetACP
lstrlenW
GlobalUnlock
GlobalLock
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
InitializeSListHead
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
FormatMessageW
RtlCaptureContext
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

DrawTextA
wsprintfA
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
UpdateWindow
IsWindowEnabled
ClientToScreen
CreateAcceleratorTableW
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
DestroyMenu
CreatePopupMenu
SendMessageW
SetWindowPos
GetWindowRect
InvalidateRgn
PostQuitMessage
KillTimer
ExitWindowsEx
SetTimer
ShowWindow
MessageBoxW
PostMessageW
MoveWindow
GetSystemMetrics
wsprintfW
AppendMenuW
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
mouse_event
FindWindowA
SetCursorPos
GetCursorPos
GetCaretPos
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
IsWindow
DestroyWindow
IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
SetCursor
InflateRect
LoadCursorW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
SetPropW
GetPropW
GetWindowLongPtrW
SetWindowLongPtrW
SetWindowRgn
UpdateLayeredWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
EnableMenuItem
SetCaretPos

advapi32

GetTokenInformation
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyW
RegQueryValueExA
RegEnumKeyExA
RegEnumKeyA
RegQueryInfoKeyW
RegDeleteKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueW
RegDeleteValueA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegFlushKey
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
ConvertSidToStringSidW
LookupAccountNameW
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

SHGetFolderPathW
DragQueryFileW
ShellExecuteW
SHChangeNotify
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetFolderPathA
ShellExecuteExW
SHGetDesktopFolder

ole32

CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
OleLockRunning

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

shlwapi

PathFileExistsA
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW

ws2_32

htons
WSAEnumNetworkEvents
recvfrom
WSAWaitForMultipleEvents
ntohs
socket
accept
listen
ioctlsocket
gethostname
sendto
WSAEventSelect
inet_addr
WSAStartup
WSACreateEvent
ntohl
WSACleanup
WSAGetLastError
setsockopt
recv
connect
send
gethostbyname
__WSAFDIsSet
select
WSASetLastError
bind
closesocket
getpeername
getsockname
getsockopt
WSAIoctl
getaddrinfo
freeaddrinfo

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

crypt32

CertOpenStore
CertCloseStore
CertFreeCertificateContext
CertAddEncodedCertificateToStore

wininet

InternetCheckConnectionW
InternetCheckConnectionA

winmm

mixerGetLineInfoW
mixerSetControlDetails
mixerClose
mixerGetLineControlsW
mixerOpen

wldap32

ord50
ord41
ord60
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord211
ord143
ord46
ord22

wlanapi

WlanReasonCodeToString
WlanOpenHandle
WlanEnumInterfaces
WlanCloseHandle
WlanSetProfile

gdi32

CombineRgn
SetBitmapBits
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CreateDIBSection
GetBitmapBits
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
GetTextExtentPointA
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipCreateFontFromDC
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipGetPropertyItemSize
ord1
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipAddPathLine
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dwl0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dwl1
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b24bdbe5f6d9c123a5c2db05ee19e3d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

iphlpapi

crypt32

wininet

winmm

wldap32

wlanapi

gdi32

comctl32

gdiplus

imm32

Sections

.text Size: - Virtual size: 1.4MB

.rdata Size: 571KB - Virtual size: 571KB

.data Size: - Virtual size: 25KB

.pdata Size: - Virtual size: 89KB

.dwl0 Size: - Virtual size: 1.0MB

.dwl1 Size: 6.5MB - Virtual size: 6.5MB

.reloc Size: 17KB - Virtual size: 17KB

.rsrc Size: 3KB - Virtual size: 6.0MB

.text
Size: - Virtual size: 1.4MB

.rdata
Size: 571KB - Virtual size: 571KB

.data
Size: - Virtual size: 25KB

.pdata
Size: - Virtual size: 89KB

.dwl0
Size: - Virtual size: 1.0MB

.dwl1
Size: 6.5MB - Virtual size: 6.5MB

.reloc
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 3KB - Virtual size: 6.0MB