64fb40090a77e90297015cf93fd3ce60N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

64fb40090a77e90297015cf93fd3ce60N.exe
Size

549KB
MD5

64fb40090a77e90297015cf93fd3ce60
SHA1

3de25cffd85d207fb3365ecf351e3e2e5fe0312f
SHA256

d777496f863e19a2d915cbf64deba752c8c288dd4a5d65f49a4829163099e923
SHA512

6ae75597a8314c0db3874a23bfbbed770e148fe0aaf7d440749c65479e4759da42bf9f29cf086a8b66dc6c6f3f32dd5c65beb0e4feacf9374899b47063cc791d
SSDEEP

12288:wOBQjVQESE7Io0OdiF0uxm/kJdzVn1S3D1qJtqcjG:wOBDUAF0uxm/kJU3DMnqc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64fb40090a77e90297015cf93fd3ce60N.exe

Files

64fb40090a77e90297015cf93fd3ce60N.exe
.dll regsvr32 windows:6 windows x86 arch:x86

f51be9288fe4de0a858fcf0deae3d849

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

UIAutomationCore.pdb

Imports

msvcrt

bsearch
_wcsicmp
_wcsnicmp
free
malloc
memset
??_V@YAXPAX@Z
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
_initterm
_XcptFilter
wcsncmp
wcsstr
wcstol
_isnan
_finite
srand
rand
_vsnwprintf
??_U@YAPAXI@Z
_purecall
memcpy
??2@YAPAXI@Z
realloc
??3@YAXPAX@Z

user32

BlockInput
GetCursorPos
GetKeyState
MessageBeep
MapVirtualKeyW
GetSystemMetrics
GetAsyncKeyState
SendInput
GetGUIThreadInfo
GetComboBoxInfo
GetWindowLongW
GetMenuBarInfo
CharLowerW
IsWindowVisible
GetWindowRect
MonitorFromRect
NotifyWinEvent
GetWindowRgn
LoadStringW
GetClientRect
MapWindowPoints
IsWinEventHookInstalled
SendMessageTimeoutW
GetWindowThreadProcessId
GetClassNameW
GetParent
WindowFromPoint
GetAncestor
GetDesktopWindow
IsWindow
UnhookWindowsHookEx
SetWindowsHookExW
CharPrevW
CharNextW
IntersectRect
EqualRect
PostThreadMessageW
PtInRect
UnregisterHotKey
DispatchMessageW
TranslateMessage
GetMessageW
MsgWaitForMultipleObjects
RegisterHotKey
SetForegroundWindow
SetFocus
RegisterWindowMessageW
RealGetWindowClassW
GetWindowInfo
GetScrollInfo
GetScrollBarInfo
SetWindowPlacement
GetWindowPlacement
GetMenuState
SendMessageW
EnumThreadWindows
PostMessageW
IsIconic
SetWindowPos
IsChild
ScreenToClient
GetWindow
GetPropW
SetWinEventHook
UnhookWinEvent
PeekMessageW
CallNextHookEx
IsWindowEnabled

gdi32

CreateRectRgn
DeleteObject
PtInRegion

psapi

GetModuleInformation
GetModuleBaseNameW

kernel32

FindResourceExW
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
IsWow64Process
OpenProcess
GetTickCount
CreateNamedPipeW
CreateFileW
SetNamedPipeHandleState
GetNamedPipeInfo
ReadFile
SetLastError
WaitForMultipleObjects
WriteFile
GetOverlappedResult
ConnectNamedPipe
GetLocaleInfoW
CancelIo
CreateThread
CreateMutexW
ReleaseMutex
DuplicateHandle
InterlockedExchange
WaitForSingleObject
SetEvent
CreateEventW
lstrcmpW
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
ExitProcess
LocalAlloc
CloseHandle
LocalFree
GetModuleHandleExW
GlobalAddAtomW
GlobalDeleteAtom
CompareStringW
GetCurrentThreadId
GetCurrentProcessId
Sleep
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenA
lstrcatW
GetCurrentProcess
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW
lstrcpynW
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
LoadLibraryW
InterlockedDecrement
SearchPathW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrcpyW
lstrlenW
MultiByteToWideChar
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExW
GetModuleHandleW
GetProcAddress
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
DisconnectNamedPipe
InterlockedIncrement

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
LoadTypeLi
RegisterTypeLi
SysStringLen
VarUI4FromStr
UnRegisterTypeLi
SafeArrayDestroy
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayGetDim
SafeArrayCreateVector
SetErrorInfo
VariantInit
GetErrorInfo
VariantCopy
SafeArrayCreate
SafeArrayPutElement
SysAllocStringLen
CreateErrorInfo
SafeArrayCopy
SysAllocString

advapi32

GetSidSubAuthority
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
GetTraceEnableFlags
RegQueryValueExW
InitializeSecurityDescriptor
ImpersonateNamedPipeClient
RevertToSelf
CreateWellKnownSid
CheckTokenMembership
InitializeAcl
SetSecurityDescriptorSacl
OpenProcessToken
GetTokenInformation
GetTraceEnableLevel
AllocateAndInitializeSid
FreeSid
UnregisterTraceGuids
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

oleacc

GetProcessHandleFromHwnd
PropMgrClient_LookupProp
AccessibleChildren
AccessibleObjectFromWindow
CreateStdAccessibleObject
WindowFromAccessibleObject
LresultFromObject
ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DockPattern_SetDockPosition
ExpandCollapsePattern_Collapse
ExpandCollapsePattern_Expand
GridPattern_GetItem
InvokePattern_Invoke
ItemContainerPattern_FindItemByProperty
LegacyIAccessiblePattern_DoDefaultAction
LegacyIAccessiblePattern_GetIAccessible
LegacyIAccessiblePattern_Select
LegacyIAccessiblePattern_SetValue
MultipleViewPattern_GetViewName
MultipleViewPattern_SetCurrentView
RangeValuePattern_SetValue
ScrollItemPattern_ScrollIntoView
ScrollPattern_Scroll
ScrollPattern_SetScrollPercent
SelectionItemPattern_AddToSelection
SelectionItemPattern_RemoveFromSelection
SelectionItemPattern_Select
SynchronizedInputPattern_Cancel
SynchronizedInputPattern_StartListening
TextPattern_GetSelection
TextPattern_GetVisibleRanges
TextPattern_RangeFromChild
TextPattern_RangeFromPoint
TextPattern_get_DocumentRange
TextPattern_get_SupportedTextSelection
TextRange_AddToSelection
TextRange_Clone
TextRange_Compare
TextRange_CompareEndpoints
TextRange_ExpandToEnclosingUnit
TextRange_FindAttribute
TextRange_FindText
TextRange_GetAttributeValue
TextRange_GetBoundingRectangles
TextRange_GetChildren
TextRange_GetEnclosingElement
TextRange_GetText
TextRange_Move
TextRange_MoveEndpointByRange
TextRange_MoveEndpointByUnit
TextRange_RemoveFromSelection
TextRange_ScrollIntoView
TextRange_Select
TogglePattern_Toggle
TransformPattern_Move
TransformPattern_Resize
TransformPattern_Rotate
UiaAddEvent
UiaClientsAreListening
UiaEventAddWindow
UiaEventRemoveWindow
UiaFind
UiaGetErrorDescription
UiaGetPatternProvider
UiaGetPropertyValue
UiaGetReservedMixedAttributeValue
UiaGetReservedNotSupportedValue
UiaGetRootNode
UiaGetRuntimeId
UiaGetUpdatedCache
UiaHPatternObjectFromVariant
UiaHTextRangeFromVariant
UiaHUiaNodeFromVariant
UiaHasServerSideProvider
UiaHostProviderFromHwnd
UiaLookupId
UiaNavigate
UiaNodeFromFocus
UiaNodeFromHandle
UiaNodeFromPoint
UiaNodeFromProvider
UiaNodeRelease
UiaPatternRelease
UiaRaiseAsyncContentLoadedEvent
UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaRaiseStructureChangedEvent
UiaRegisterProviderCallback
UiaRemoveEvent
UiaReturnRawElementProvider
UiaSetFocus
UiaTextRangeRelease
ValuePattern_SetValue
VirtualizedItemPattern_Realize
WindowPattern_Close
WindowPattern_SetWindowVisualState
WindowPattern_WaitForInputIdle

Sections

.text
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f51be9288fe4de0a858fcf0deae3d849

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

gdi32

psapi

kernel32

ole32

oleaut32

advapi32

oleacc

Exports

Exports

Sections

.text Size: 429KB - Virtual size: 428KB

.data Size: 14KB - Virtual size: 14KB

.rsrc Size: 86KB - Virtual size: 86KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 429KB - Virtual size: 428KB

.data
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 86KB - Virtual size: 86KB

.reloc
Size: 18KB - Virtual size: 17KB