1406bb88dc65babfd906d563994e4660N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1406bb88dc65babfd906d563994e4660N.exe
Size

10.0MB
MD5

1406bb88dc65babfd906d563994e4660
SHA1

3f32d859657384457700933491c8d88694114cd3
SHA256

57e43ca7785c1f8cc4307934069f1d3d8be8bd594e896d84ec95dc67f5c2d674
SHA512

c4d3fdf8a1e412ed38b81612ecfd91bfb850188d28c8b8713adb08bcbca681250abd04be6ea62e97a3a03903e987cf6be92edf7753da7696a5b420ceb4deca4a
SSDEEP

196608:WCIwfajOG0HcHonDROPqFyRoMz5ewsL9Yt4hao2dJt+HmD6+K2GeRl6qg9/D5j/C:WCIwfajoYoDsXoMUHL9QFrG+KddqWZ/C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1406bb88dc65babfd906d563994e4660N.exe

Files

1406bb88dc65babfd906d563994e4660N.exe
.exe windows:4 windows x86 arch:x86

1821275c5b970299b423a3701919ab01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

kcommoninstall.pdb

Imports

kernel32

GetWindowsDirectoryW
SetFileAttributesW
lstrlenA
GetComputerNameA
GetDiskFreeSpaceExW
FreeLibrary
FreeResource
GetCurrentThreadId
RaiseException
FlushInstructionCache
ExpandEnvironmentStringsW
CreateProcessW
lstrcmpiW
Sleep
GetDriveTypeW
OutputDebugStringW
GetPrivateProfileIntW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
TerminateThread
MapViewOfFileEx
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
CreateThread
SetThreadPriority
GetCommandLineW
WriteFile
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
GlobalMemoryStatusEx
DeviceIoControl
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
WriteConsoleW
MapViewOfFile
lstrcpyW
CreateFileA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
HeapCreate
GetModuleFileNameA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetStartupInfoA
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetStartupInfoW
ExitProcess
VirtualQuery
GetModuleHandleA
VirtualProtect
ExitThread
GetFileType
SetStdHandle
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
LoadLibraryA
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
InterlockedExchange
lstrcatW
CreateEventW
CreateSemaphoreW
ResetEvent
ReleaseSemaphore
GetVolumeInformationW
InitializeCriticalSection
SetEvent
WaitForSingleObject
VirtualAlloc
VirtualFree
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetStdHandle
GetUserDefaultLangID
FileTimeToLocalFileTime
GetLocalTime
SetFilePointer
GetSystemTimeAsFileTime
FileTimeToSystemTime
SetEndOfFile
FlushFileBuffers
GetTickCount
GetTempFileNameW
CopyFileW
GetTempPathW
QueryDosDeviceW
GetLogicalDriveStringsW
MoveFileW
MoveFileExW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteConsoleA
CreateFileMappingW
InterlockedCompareExchange
GetSystemInfo
GetCurrentProcess
LocalFree
LocalAlloc
LoadLibraryW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
FindResourceW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetVersionExW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
GetLastError
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetConsoleOutputCP
FindFirstFileA

user32

CharUpperW
EnumDisplayDevicesA
EnumDisplaySettingsW
EnumDisplayDevicesW
GetSystemMetrics
CharNextW
LoadStringW
GetDesktopWindow
GetWindowTextLengthW
UnregisterClassA
CharLowerW
RegisterClassExW
GetFocus
UpdateLayeredWindow
LoadCursorW
LoadIconW
IsChild
GetParent
DestroyIcon
SetRectEmpty
IsDialogMessageW
IsWindowEnabled
SendMessageW
SetWindowLongW
RegisterWindowMessageW
EndPaint
PostThreadMessageW
BeginPaint
ShowWindow
LoadImageW
GetActiveWindow
EqualRect
GetClassInfoExW
GetDC
EnableWindow
DrawTextW
MapWindowPoints
SetRect
SetWindowPos
GetClientRect
IsWindowVisible
CallWindowProcW
InvalidateRect
GetWindowThreadProcessId
PostMessageW
GetDlgItem
GetForegroundWindow
SetFocus
ReleaseDC
SystemParametersInfoW
InflateRect
AttachThreadInput
MoveWindow
SetCapture
OffsetRect
SetForegroundWindow
GetNextDlgTabItem
GetDlgCtrlID
GetWindow
FindWindowW
SetActiveWindow
ReleaseCapture
CopyRect
PeekMessageW
DrawIconEx
GetMessageW
CreateWindowExW
MonitorFromWindow
TranslateMessage
GetMonitorInfoW
DispatchMessageW
GetWindowLongW
PtInRect
DestroyWindow
GetKeyState
WindowFromPoint
IsWindow
DefWindowProcW
GetScrollPos
GetWindowRect
SetCursor
KillTimer
GetCursorPos
ScreenToClient
LoadBitmapW
ClientToScreen
SetTimer
IntersectRect
SetWindowTextW
GetWindowTextW

gdi32

CreateRoundRectRgn
OffsetRgn
CreateRectRgnIndirect
GetTextExtentPoint32W
SetTextColor
TextOutW
CreateBitmap
RoundRect
CreateCompatibleBitmap
Rectangle
CreateDIBSection
DeleteObject
CombineRgn
GetClipRgn
CreateRectRgn
GetObjectW
StretchBlt
SetStretchBltMode
RestoreDC
BitBlt
SaveDC
GetCurrentObject
DeleteDC
LineTo
ExtTextOutW
MoveToEx
SetBkColor
CreatePen
SelectObject
CreateCompatibleDC
SelectClipRgn
SetBkMode
CreateFontIndirectW
RectInRegion
GetStockObject
GetViewportOrgEx
ExtSelectClipRgn
SetViewportOrgEx
GetTextColor
GetTextMetricsW

advapi32

BuildExplicitAccessWithNameW
StartServiceW
QueryServiceStatus
DeleteService
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
CreateProcessAsUserW
DeleteAce
GetAce
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
ControlService
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetSpecialFolderLocation

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
SysStringLen
VariantCopy
VariantClear
SysAllocString
SysFreeString
VariantInit
SafeArrayUnlock
SafeArrayLock

shlwapi

StrToIntW
StrToIntA
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
PathAddBackslashW
PathFileExistsW
PathAppendW
PathRemoveExtensionW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

gdiplus

GdipFillRectangle
GdipGraphicsClear
GdipImageRotateFlip
GdipDrawPath
GdipDrawRectangleI
GdipAddPathStringI
GdipSetPenDashStyle
GdipDrawLine
GdipLoadImageFromStream
GdipDrawImagePointsRectI
GdipGetFontSize
GdipGetFamily
GdipDrawImageRectI
GdipDrawImageI
GdipSetPixelOffsetMode
GdipSetPenMode
GdipSetInterpolationMode
GdipAddPathArcI
GdipCreateHBITMAPFromBitmap
GdipSetCompositingQuality
GdipClosePathFigure
GdipSetClipPath
GdipDeleteFont
GdipDisposeImageAttributes
GdipAlloc
GdipCreateImageAttributes
GdipFree
GdipCreateFont
GdipDeletePath
GdipCreateFontFromLogfontW
GdipCreatePath
GdipDrawLinesI
GdipDeleteFontFamily
GdipDrawImageRectRectI
GdipFillPath
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipDrawImageRectRect
GdipCreatePen1
GdipPrivateAddFontFile
GdipDeletePrivateFontCollection
GdipCloneBrush
GdipNewPrivateFontCollection
GdipDeleteBrush
GdipSetStringFormatLineAlign
GdipRotateWorldTransform
GdipAddPathPieI
GdipSetStringFormatAlign
GdipTranslateWorldTransform
GdipCloneFontFamily
GdipSetStringFormatFlags
GdipGetFontCollectionFamilyList
GdipMeasureString
GdipResetWorldTransform
GdipDeleteStringFormat
GdiplusShutdown
GdipGetFontCollectionFamilyCount
GdipDrawString
GdiplusStartup
GdipAddPathRectangleI
GdipCreateStringFormat
GdipSetSmoothingMode
GdipGetImageHeight
GdipGetImageWidth
GdipSetTextRenderingHint
GdipFillRectangleI
GdipCloneImage
GdipDeleteGraphics
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDisposeImage
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipSetPenStartCap
GdipDeletePen
GdipSetPenEndCap
GdipSetStringFormatTrimming

iphlpapi

GetAdaptersInfo

Exports

Exports

??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@ABU012@@Z
??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxThreadBase@VLocker@kbase@@@kbase@@QAE@XZ
??0ReportHelper@business_publish@@AAE@XZ
??1?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAE@XZ
??1?$kxThreadBase@VLocker@kbase@@@kbase@@UAE@XZ
??1ReportHelper@business_publish@@UAE@XZ
??4?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEAAU012@ABU012@@Z
??_7?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxThreadBase@VLocker@kbase@@@kbase@@6B@
??_7ReportHelper@business_publish@@6B?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
??_7ReportHelper@business_publish@@6B?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HAAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AfterThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXH@Z
?AfterThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXH@Z
?BeginThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXXZ
?BeginThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXXZ
?GetHandle@?$kxThreadBase@VLocker@kbase@@@kbase@@QBEPAXXZ
?GetInstance@ReportHelper@business_publish@@SAPAV12@XZ
?Init@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXPAU?$_CallBack@VKSimpleDirectInfoc@@@12@K@Z
?Initialzie@ReportHelper@business_publish@@QAE_NW4ReportType@2@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Insert@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE_NABVKSimpleDirectInfoc@@@Z
?IsRunning@?$kxThreadBase@VLocker@kbase@@@kbase@@QAE_NXZ
?KCreateThread@?$kxThreadBase@VLocker@kbase@@@kbase@@SAPAXHP6GKPAX@Z0PAK0II@Z
?Kill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHXZ
?Kill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHXZ
?QueueThreadCallback@ReportHelper@business_publish@@MAEHKAAVKSimpleDirectInfoc@@@Z
?Report@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?ReportDirect@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?SetPriority@?$kxThreadBase@VLocker@kbase@@@kbase@@QAEHH@Z
?SetTimeOut@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXK@Z
?Start@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEHXZ
?StartThread@?$kxThreadBase@VLocker@kbase@@@kbase@@IAEHPAX@Z
?Thread@?$kxThreadBase@VLocker@kbase@@@kbase@@AAEIPAX@Z
?Uninitialize@ReportHelper@business_publish@@QAEXXZ
?WaitKill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHK@Z
?WaitKill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHK@Z
?size@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEIXZ
?threadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@CGIPAX@Z
?threadFunImpl@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEHKPAX@Z

Sections

.text
Size: 812KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1821275c5b970299b423a3701919ab01

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

version

wtsapi32

psapi

gdiplus

iphlpapi

Exports

Exports

Sections

.text Size: 812KB - Virtual size: 809KB

.rdata Size: 184KB - Virtual size: 181KB

.data Size: 24KB - Virtual size: 40KB

.rsrc Size: 284KB - Virtual size: 282KB

.text
Size: 812KB - Virtual size: 809KB

.rdata
Size: 184KB - Virtual size: 181KB

.data
Size: 24KB - Virtual size: 40KB

.rsrc
Size: 284KB - Virtual size: 282KB