bfcb63bcfa85f913f4c8c233ab13d092af25401970038190007e32e346b807ac

Sharing

Copy URL Twitter E-mail

General

Target

bfcb63bcfa85f913f4c8c233ab13d092af25401970038190007e32e346b807ac
Size

6.3MB
MD5

426755c45c76db48527802b5d8a00b1e
SHA1

d344064855ca63018d4befbcfd57e105f35de077
SHA256

bfcb63bcfa85f913f4c8c233ab13d092af25401970038190007e32e346b807ac
SHA512

15f8870334dff6457ef413955808992ba2e6c32f655035c10109e43e00fe89cd2b6c81417c51e542e16f3da16cb7df5021a973c270a1c852798e76462cb4058d
SSDEEP

98304:Md9+Ts05k1f3v34MRmXrPrcHf1w47y9DMbJcioxcKK2SewFiYCJc7vfmIw:68TZ5kR34CqrcH9w471w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfcb63bcfa85f913f4c8c233ab13d092af25401970038190007e32e346b807ac

Files

bfcb63bcfa85f913f4c8c233ab13d092af25401970038190007e32e346b807ac
.exe windows:5 windows x86 arch:x86

34541904dc96d432d96a86efb2d5fa9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\a.timohovich\Projects\launcher101xp_setup\Release\launcher101xp_setup.pdb

Imports

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest

ws2_32

getsockopt
htonl
ioctlsocket
setsockopt
WSAGetLastError
htons
getservbyname
sendto
recvfrom
recv
send
WSACleanup
getaddrinfo
__WSAFDIsSet
gethostname
ntohl
freeaddrinfo
connect
ntohs
gethostbyname
accept
select
WSASetLastError
WSAStartup
WSAIoctl
shutdown
listen
getpeername
bind
closesocket
getsockname
socket

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

user32

ChangeClipboardChain
PeekMessageA
PeekMessageW
SendMessageA
ReleaseDC
GetForegroundWindow
SendMessageW
GetIconInfo
CharUpperW
GetUserObjectInformationW
GetProcessWindowStation
SetActiveWindow
WindowFromPoint
SetForegroundWindow
MessageBoxA
GetSysColor
FillRect
SetRect
MessageBeep
PostThreadMessageA
SystemParametersInfoA
CopyIcon
CreateIconIndirect
DestroyIcon
LoadIconA
LoadCursorA
GetWindow
GetParent
SetWindowLongA
GetWindowLongA
MapWindowPoints
ClientToScreen
GetCursorPos
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
ValidateRgn
InvalidateRect
GetUpdateRgn
KillTimer
SetTimer
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
GetAsyncKeyState
GetKeyState
SetFocus
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
GetDC
SetClipboardViewer
GetClipboardOwner
CloseClipboard
OpenClipboard
BringWindowToTop
IsIconic
SetWindowLongW
PostMessageA
DefWindowProcA
DefWindowProcW
RegisterClassExA
RegisterClassExW
CreateWindowExA
CreateWindowExW
IsWindow
DestroyWindow
GetSystemMetrics
ShowWindow
OpenIcon
TranslateMessage
RegisterWindowMessageW
GetKeyboardLayout
MessageBoxW
LoadIconW
GetWindowLongW
SetWindowPos
SetWindowRgn
DispatchMessageW

advapi32

LookupPrivilegeValueW
SetFileSecurityW
AdjustTokenPrivileges
RegCloseKey
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenProcessToken
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExW
RegDeleteKeyW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegDeleteTreeW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
GetUserNameW

gdi32

Pie
Arc
ExtCreatePen
Polygon
DPtoLP
MoveToEx
PolyPolygon
RectInRegion
LineTo
GetRgnBox
EqualRgn
SetPixel
ExtCreateRegion
CreateCompatibleDC
BitBlt
SelectPalette
SelectObject
RealizePalette
GetStockObject
CreateSolidBrush
Polyline
CreateDCA
CreateFontA
GetGlyphOutlineW
GetObjectW
GetTextExtentPoint32W
GetCharacterPlacementW
CreatePen
SetTextColor
GetDIBits
GetTextMetricsA
TextOutW
StretchDIBits
OffsetRgn
CreatePalette
GetDCOrgEx
GetObjectA
SelectClipRgn
CreateRoundRectRgn
GdiFlush
LPtoDP
CreatePolygonRgn
CreateDIBSection
PlayEnhMetaFile
GetEnhMetaFileHeader
AddFontMemResourceEx
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateRectRgn
DeleteDC
DeleteObject
GetDeviceCaps
RestoreDC
SaveDC
SetBkMode
SetDIBitsToDevice
SetTextAlign
UpdateColors

wldap32

ord32
ord33
ord301
ord200
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143
ord30
ord79
ord35

normaliz

IdnToAscii

kernel32

InterlockedFlushSList
GetModuleHandleExW
GetModuleFileNameA
LockFileEx
GetStringTypeW
GetLocaleInfoW
CompareStringW
GetCPInfo
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetExitCodeThread
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
IsDebuggerPresent
UnlockFileEx
UnhandledExceptionFilter
GetFullPathNameW
FindNextFileA
FindFirstFileA
GetSystemDirectoryA
ExpandEnvironmentStringsA
SleepEx
WaitForSingleObjectEx
GetTickCount64
InitializeCriticalSectionEx
SetFilePointer
SetEndOfFile
InterlockedPushEntrySList
GetVersionExW
GetProcessAffinityMask
CreateEventW
MoveFileW
SetFileAttributesW
VirtualFree
VirtualAlloc
FlushConsoleInputBuffer
GlobalMemoryStatus
GetTickCount
OutputDebugStringA
GetStdHandle
GetStartupInfoW
GetExitCodeProcess
LCMapStringW
UnregisterWaitEx
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
SetFilePointerEx
SetStdHandle
GetConsoleCP
ExitThread
GetFileSize
RtlUnwind
FreeLibraryAndExitThread
QueryPerformanceCounter
ReadConsoleInputA
HeapReAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetTimeZoneInformation
SetEnvironmentVariableA
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
VerSetConditionMask
GetSystemInfo
QueryPerformanceFrequency
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
SetThreadAffinityMask
GetThreadTimes
VirtualProtect
FileTimeToSystemTime
InterlockedPopEntrySList
QueryDepthSList
SetEnvironmentVariableW
VerifyVersionInfoA
GetFileType
IsProcessorFeaturePresent
GetModuleFileNameW
WriteConsoleW
ReadConsoleW
GetConsoleMode
SetConsoleMode
Sleep
SetConsoleCtrlHandler
SwitchToThread
DuplicateHandle
PeekNamedPipe
TlsFree
TlsGetValue
DeleteCriticalSection
GetEnvironmentVariableA
GetFileAttributesA
GetSystemTimeAsFileTime
GetCurrentProcess
CreateFileW
GetCurrentThreadId
GetLastError
CloseHandle
RaiseException
GetCurrentProcessId
SetUnhandledExceptionFilter
GetLogicalDrives
GetCurrentThread
VirtualQuery
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CreateProcessW
CreateDirectoryW
FindFirstFileW
LoadLibraryW
GetTempPathW
FindClose
MultiByteToWideChar
FormatMessageW
GetCurrentDirectoryW
GetProcAddress
LocalFree
GetModuleHandleW
CopyFileW
SizeofResource
LockResource
LoadResource
FindResourceW
ReleaseSemaphore
CreateSemaphoreW
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitOnceExecuteOnce
WideCharToMultiByte
DeleteFileW
FindNextFileW
RemoveDirectoryW
FreeLibrary
LoadLibraryExW
Module32FirstW
Module32NextW
LoadLibraryA
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WaitForSingleObject
CreateThread
GetModuleHandleA
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoA
GetACP
GetComputerNameA
ExitProcess
lstrlenA
ReadFile
SetLastError
WriteFile
DeviceIoControl
SetFileTime
CreateHardLinkW
GetFileAttributesW
GetFileInformationByHandle
MoveFileExW
FlushFileBuffers
FormatMessageA
CreateIoCompletionPort
RegisterWaitForSingleObject
UnregisterWait
PostQueuedCompletionStatus
CreateEventA
SetErrorMode
TryEnterCriticalSection
TlsSetValue
WaitForMultipleObjects
ResumeThread
SetEvent
TlsAlloc
ResetEvent

shell32

SHGetMalloc
DragQueryFileW
ShellExecuteA
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ExtractIconW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteExW

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
SysStringLen
SysFreeString
SysAllocStringLen
VariantCopy

dbghelp

SymFromAddr
SymSetOptions
StackWalk64
SymInitialize
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
MiniDumpWriteDump

comctl32

_TrackMouseEvent

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34541904dc96d432d96a86efb2d5fa9f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

ws2_32

rpcrt4

user32

advapi32

gdi32

wldap32

normaliz

kernel32

shell32

ole32

oleaut32

dbghelp

comctl32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 104KB - Virtual size: 154KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 600KB - Virtual size: 600KB

.reloc Size: 145KB - Virtual size: 144KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 104KB - Virtual size: 154KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 600KB - Virtual size: 600KB

.reloc
Size: 145KB - Virtual size: 144KB