b9f9cdb41dc818381038d297d7ee47b0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b9f9cdb41dc818381038d297d7ee47b0N.exe
Size

4.6MB
MD5

b9f9cdb41dc818381038d297d7ee47b0
SHA1

96e7386225e90f09cb38cd98f0378d58e1c5c3a2
SHA256

6396835220652129c9797d0176b55f43b2fe31e86db9947d6d4bd2188923f697
SHA512

651cbe11d2bac08c6d05f855b6eaad376be927300d76981535f9d41a25ab636e5f7ba4162b8158320604e94dc669a9a3d62df3c25dde9eac9e67330e430e917b
SSDEEP

98304:VBPtErfXNOkw52JXRT8AgA2Bl77YcL1F6j/8tXMR5pR+Fxk/8:VBo19BngNdnJtMf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9f9cdb41dc818381038d297d7ee47b0N.exe

Files

b9f9cdb41dc818381038d297d7ee47b0N.exe
.exe windows:5 windows x86 arch:x86

2eaf371260d3e3ba2c4df5ebc816da60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\main\source\repos\winmerge\Build\x86\Release\WinMergeU.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathStripToRootW
StrChrW
StrCmpLogicalW
SHAutoComplete
SHDeleteKeyW
PathGetCharTypeW
PathCreateFromUrlW
UrlIsW
PathIsDirectoryW
PathFindExtensionW
PathIsContentTypeW
StrCmpIW
PathMatchSpecW
PathCompactPathW
StrFormatByteSizeW
ord2
ord12
PathFileExistsW
StrTrimW
PathIsUNCW

imm32

ImmSetCompositionFontW
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

kernel32

GetFileAttributesExW
GetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SystemTimeToFileTime
GetVersionExW
FlushFileBuffers
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
GetStringTypeExW
GetDiskFreeSpaceW
ReplaceFileW
GetUserDefaultLCID
LocalAlloc
GetCurrentThread
CompareStringA
GetPrivateProfileIntW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalReAlloc
GlobalFlags
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SetErrorMode
FindResourceExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
lstrcmpA
LoadLibraryExW
EncodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
LCMapStringW
HeapQueryInformation
GetCommandLineA
GetConsoleOutputCP
FreeLibraryAndExitThread
ExitThread
SetStdHandle
ReadConsoleW
GetConsoleMode
GetModuleHandleExW
GlobalGetAtomNameW
InterlockedPushEntrySList
RtlUnwind
CreatePipe
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetLongPathNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateSemaphoreW
RemoveDirectoryW
GetCPInfo
GetCurrentProcessId
LCMapStringEx
InitializeCriticalSectionEx
QueryPerformanceFrequency
GetLocaleInfoEx
MoveFileExW
AreFileApisANSI
GetFinalPathNameByHandleW
FormatMessageA
OutputDebugStringW
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalSize
GlobalLock
FileTimeToLocalFileTime
GlobalUnlock
LoadLibraryW
GetProcAddress
MulDiv
GetACP
GetTickCount
GlobalAlloc
GlobalFree
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FindFirstFileW
FindClose
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SearchPathW
GetPrivateProfileStringW
GetThreadLocale
DeleteFileW
lstrlenW
WaitForSingleObject
CloseHandle
CreateEventW
SetEvent
WritePrivateProfileStringW
Sleep
GetSystemDirectoryW
ResetEvent
ReadDirectoryChangesW
CreateFileW
GetOverlappedResult
WaitForMultipleObjects
CreateProcessW
GetExitCodeProcess
GetFileSize
SetLastError
GetSystemDefaultLangID
GetLocaleInfoW
SetThreadPriority
GetProfileIntW
GetTickCount64
GetModuleHandleA
OutputDebugStringA
VirtualQuery
VirtualProtect
LoadLibraryExA
ExpandEnvironmentStringsA
GetCompressedFileSizeW
IsValidCodePage
MoveFileW
GetExitCodeThread
GetModuleHandleW
GetCommandLineW
GetCurrentDirectoryW
GetOEMCP
GetSystemInfo
GlobalMemoryStatusEx
GetTempPathW
GetShortPathNameW
WriteFile
SetFileTime
ReleaseSemaphore
MultiByteToWideChar
GlobalReAlloc
GetFileAttributesW
VerSetConditionMask
VerifyVersionInfoW
FindFirstFileExW
FindNextFileW
CreateThread
GetDriveTypeW
lstrcmpiW
GetProcessHeap
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
GetSystemWow64DirectoryW
GetCurrentProcess
IsWow64Process
CreateDirectoryW
GetFullPathNameW
GetUserDefaultLangID
TerminateThread
SuspendThread
GetModuleFileNameW
LoadLibraryA
GlobalDeleteAtom
ResumeThread
ExitProcess
ReleaseMutex
FreeConsole
GetStdHandle
WriteConsoleW
AttachConsole
VirtualFree
VirtualAlloc
OpenProcess
CreateMutexW
GetCurrentThreadId
lstrcpynW
WideCharToMultiByte
LocalFree
FormatMessageW
GetTimeFormatW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetNumberFormatW
SetThreadLocale
ReadFile
GetFileSizeEx
lstrcpyW
CopyFileW
ExpandEnvironmentStringsW
GetTempFileNameW

user32

LockWindowUpdate
CopyAcceleratorTableW
RealChildWindowFromPoint
PostQuitMessage
ShowOwnedPopups
UnionRect
SetWindowRgn
DrawIcon
WindowFromPoint
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
GetTabbedTextExtentW
SetCursorPos
GetWindowDC
DestroyCursor
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
BringWindowToTop
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
AdjustWindowRectEx
ShowScrollBar
GetScrollRange
SetScrollRange
SetScrollPos
ScrollWindow
EndPaint
BeginPaint
GetForegroundWindow
SetMenu
GetMenu
DeferWindowPos
SetWindowPlacement
GetWindowPlacement
GetClassInfoExW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
SetActiveWindow
EndDialog
CreateDialogIndirectParamW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CallNextHookEx
SetWindowsHookExW
ValidateRect
SendDlgItemMessageW
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
UnhookWindowsHookEx
SetRectEmpty
SendDlgItemMessageA
SetFocus
DestroyWindow
IsWindowEnabled
UnregisterHotKey
RegisterHotKey
GetWindowTextLengthW
CreateWindowExW
GetComboBoxInfo
ChildWindowFromPoint
GetClassNameW
UnregisterClassW
GetMonitorInfoW
MonitorFromPoint
GetScrollPos
GetDCEx
IsRectEmpty
EndDeferWindowPos
GetKeyState
GetClientRect
UpdateWindow
CreateCaret
SetCaretPos
ShowCaret
HideCaret
MessageBoxW
EnableWindow
GetSystemMetrics
InvalidateRect
wsprintfW
IntersectRect
CopyRect
GetSysColor
ReleaseCapture
KillTimer
IsWindow
GetDlgItem
GetDC
ReleaseDC
OffsetRect
EnableScrollBar
GetCursorPos
ScreenToClient
SetCursor
LoadCursorW
LoadAcceleratorsW
TranslateAcceleratorW
GetDoubleClickTime
GetCaretPos
RedrawWindow
MessageBeep
SetCapture
SetTimer
IsClipboardFormatAvailable
OpenClipboard
EmptyClipboard
SetClipboardData
RegisterClipboardFormatW
CloseClipboard
GetClipboardData
GetWindowLongW
SendMessageW
CharUpperW
CharNextW
CharPrevW
GetDesktopWindow
LoadImageW
SetDlgItemTextA
GetWindowRect
PostThreadMessageW
PeekMessageW
GetMessageW
FillRect
DrawEdge
SetRect
GetMenuItemInfoW
SystemParametersInfoW
AppendMenuW
GetMenuItemCount
InsertMenuW
ModifyMenuW
GetMenuState
GetSubMenu
GetMenuItemID
CreateMenu
CreatePopupMenu
LoadBitmapW
RemoveMenu
DeleteMenu
DestroyIcon
LoadIconW
PostMessageW
IsWindowVisible
GetParent
GetPropW
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetPropW
RemovePropW
SetWindowPos
IsZoomed
IsIconic
MapWindowPoints
GetDlgCtrlID
DrawFrameControl
SetParent
PtInRect
LoadMenuW
wsprintfA
GetFocus
GetAsyncKeyState
BeginDeferWindowPos
DestroyMenu
IsDialogMessageW
GetNextDlgTabItem
ChildWindowFromPointEx
GetIconInfo
MapDialogRect
IsChild
GetWindowThreadProcessId
GetLastActivePopup
SetForegroundWindow
ShowWindow
FindWindowW
GetThreadDesktop
GetUserObjectInformationW
DragDetect
TrackMouseEvent
EqualRect
DrawIconEx
GetClassLongW
GetSysColorBrush
GetTopWindow
GetSystemMenu
FlashWindowEx
GetActiveWindow
ReplyMessage
IsMenu
DrawMenuBar
RegisterClassW
GetClassInfoW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetCapture
InflateRect
DispatchMessageW
TranslateMessage
GetWindow
SetWindowTextW
GetWindowTextW
GetMenuStringW
ClientToScreen
EnableMenuItem
TrackPopupMenu
CheckMenuItem

gdi32

SetBkColor
CopyMetaFileW
EnumFontFamiliesW
CreateDCW
SetBkMode
SetTextColor
Escape
TextOutW
RectVisible
PtVisible
Polygon
FillRgn
PathToRegion
EndPath
BeginPath
PolyBezier
Rectangle
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
LPtoDP
CreateSolidBrush
GetCharWidthW
GetTextMetricsW
ExtTextOutW
SetDIBColorTable
PatBlt
CreateBitmap
Ellipse
CreateDIBSection
GetBkMode
SetDIBits
GetDIBits
DeleteObject
GetDIBColorTable
SelectObject
DeleteDC
RoundRect
GetTextColor
GetStockObject
GetBkColor
GetCharWidth32W
CreateRectRgnIndirect
GetViewportOrgEx
GetCurrentPositionEx
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
SetStretchBltMode
SetTextAlign
StartDocW
PolyDraw
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
SetRectRgn
GetROP2
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetWindowOrgEx
GetTextFaceW
CreateFontW
StretchDIBits
CreateEllipticRgn
EnumFontFamiliesExW
GetPixel
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
CreatePen
CreatePatternBrush
CreateRectRgn
ExcludeClipRect
GetClipBox
SetROP2
GetObjectW
BitBlt

msimg32

AlphaBlend

advapi32

CryptReleaseContext
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
SetFileSecurityW
GetFileSecurityW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptAcquireContextW

shell32

DragFinish
SHGetFileInfoW
ord701
SHGetDesktopFolder
SHGetMalloc
ExtractIconW
ShellExecuteExW
SHAddToRecentDocs
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ord155
ShellExecuteW
SHParseDisplayName
SHCreateShellItem
DragQueryFileW
SHFileOperationW

comctl32

ord17
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Remove
ImageList_Copy
ImageList_GetImageCount
ImageList_AddMasked
ImageList_DrawIndirect
ImageList_Draw
ImageList_Add
ImageList_DrawEx

uxtheme

IsThemeActive
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
CloseThemeData
GetThemeColor
GetThemeFont
DrawThemeText
DrawThemeBackground
GetThemeInt
GetThemeMargins
GetThemePartSize
OpenThemeData

ole32

CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRegisterMessageFilter
CoFreeUnusedLibraries
CoCreateGuid
CoInitializeEx
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleDuplicateData
StringFromCLSID
CoLockObjectExternal
OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CoGetObject
CLSIDFromProgID
PropVariantClear
CoTaskMemAlloc
CreateStreamOnHGlobal
RegisterDragDrop
RevokeDragDrop
OleRun
CoCreateInstance
CoTaskMemFree
ReleaseStgMedium
CoCreateFreeThreadedMarshaler

oleaut32

SysFreeString
GetErrorInfo
SysAllocString
SysStringLen
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
VariantInit
VariantChangeType
VariantCopyInd
LoadTypeLi
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayRedim
SysReAllocStringLen
CreateDispTypeInfo
VariantClear

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipGetImagePixelFormat
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdiplusShutdown

wsock32

socket
WSACleanup
closesocket
recv
send
connect
htons
gethostbyname
WSAStartup

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 923KB - Virtual size: 922KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2eaf371260d3e3ba2c4df5ebc816da60

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

imm32

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

uxtheme

ole32

oleaut32

gdiplus

wsock32

oleacc

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 923KB - Virtual size: 922KB

.data Size: 139KB - Virtual size: 170KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 182KB - Virtual size: 182KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 923KB - Virtual size: 922KB

.data
Size: 139KB - Virtual size: 170KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 182KB - Virtual size: 182KB