26f17d2114f086a54840292ea399fbe4edc6c8ace4a65ed4fc9da8131bc18ff5

Sharing

Copy URL Twitter E-mail

General

Target

26f17d2114f086a54840292ea399fbe4edc6c8ace4a65ed4fc9da8131bc18ff5
Size

882KB
MD5

c41f36ca0db205beb59b73587ebeb599
SHA1

c71cf5da94bd2ad133967b47a7250809eef4ee4e
SHA256

26f17d2114f086a54840292ea399fbe4edc6c8ace4a65ed4fc9da8131bc18ff5
SHA512

843d2dfe0c5af6c8b31a9ca8370c3d38f93cd7f27c499d5f9e97a4fe3fb203472a344cf4b04f30f9ca0c9ad946c2eedc62dd1f3699cf4b911b136e1e3fcd9d97
SSDEEP

12288:FkotyhN8XvhqOhrW2nN7EOpCVlvzrZdRm9QvztPsPxeo7uvAB4wjAnKZaQC:MsCVlvzr9VvztPMA2uvAB4wjAnaaQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26f17d2114f086a54840292ea399fbe4edc6c8ace4a65ed4fc9da8131bc18ff5

Files

26f17d2114f086a54840292ea399fbe4edc6c8ace4a65ed4fc9da8131bc18ff5
.exe windows:6 windows x64 arch:x64

bfff8724e8dd9c2780b1eaf130cec5ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Working\AsusSplendid\x64\Release\AsusSplendid.pdb

Imports

user32

GetDisplayConfigBufferSizes
QueryDisplayConfig
ReleaseDC
wsprintfW
RedrawWindow
SendMessageTimeoutW
GetWindowThreadProcessId
GetWindowTextW
DisplayConfigGetDeviceInfo
GetForegroundWindow

gdi32

CreateDCW
SetDeviceGammaRamp
GetDeviceGammaRamp

asuscct

CCTAPI_WIN
CCTAPI_CUI
CCTAPI_AMD
CCTAPI_NV
CCTAPI_IGCL

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
CreateMutexW
WaitForSingleObject
OpenMutexW
OpenEventW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetSpecialFolderPathW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
GetProcAddress
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
SetStdHandle
GetCommandLineW
GetCurrentDirectoryW
SetEnvironmentVariableA
GetStdHandle
GetEnvironmentStringsW
GetCommandLineA

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CLSIDFromProgID
CoCreateInstance

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation

api-ms-win-core-file-l1-1-0

SetFilePointerEx
FindFirstFileW
ReadFile
GetFileAttributesExW
FindFirstFileExA
GetFullPathNameW
CreateFileW
WriteFile
FindNextFileA
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesW
GetFileSize
GetFileType
DeleteFileW
FindClose
FlushFileBuffers

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
MoveFileW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-io-l1-1-0

DeviceIoControl

oleaut32

SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
SafeArrayGetElement
SysFreeString
VariantClear
SysAllocString
SafeArrayGetDim

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
GetCurrentProcess
GetStartupInfoW
CreateProcessA
CreateProcessW
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
TlsGetValue
TerminateProcess
TlsSetValue
TlsFree
SwitchToThread

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcatW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

mscms

DisassociateColorProfileFromDeviceW
UninstallColorProfileW
AssociateColorProfileWithDeviceW
InstallColorProfileW

shell32

CommandLineToArgvW

api-ms-win-core-localization-l1-2-0

EnumSystemLocalesW
GetLocaleInfoW
IsValidLocale
IsValidCodePage
GetCPInfo
GetUserDefaultLCID
GetACP
GetOEMCP
LCMapStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

api-ms-win-core-console-l1-1-0

WriteConsoleW
ReadConsoleW
GetConsoleMode
GetConsoleCP

Sections

.text
Size: 622KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfff8724e8dd9c2780b1eaf130cec5ca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

asuscct

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-io-l1-1-0

oleaut32

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-sysinfo-l1-2-0

mscms

shell32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-console-l1-1-0

Sections

.text Size: 622KB - Virtual size: 622KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 11KB - Virtual size: 93KB

.pdata Size: 27KB - Virtual size: 26KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 622KB - Virtual size: 622KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 11KB - Virtual size: 93KB

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 3KB - Virtual size: 3KB