840ba7eefa28550ac44e46fd8cdde34fed17d75306b92709464f5e3d6e23edae

Sharing

Copy URL Twitter E-mail

General

Target

840ba7eefa28550ac44e46fd8cdde34fed17d75306b92709464f5e3d6e23edae
Size

1.1MB
MD5

3f14c198a678c35249274e13127e986c
SHA1

86406bede1689ee717d5945823fc20cd2c5956d7
SHA256

840ba7eefa28550ac44e46fd8cdde34fed17d75306b92709464f5e3d6e23edae
SHA512

54c4313ea8694910e24fe10467db0e8d3eb12e3e76dfbc8ea6ca66223afe3a746aca024c8a212edddcab89816d7f139e9aa10303eaa0fecf99b4e34e661d3ed8
SSDEEP

24576:sxx0q20aSQPTirRX0hnWLuJ2gggg8vjfuCt82+IsBYxVGo/hbc43IvGmHWW:Q209gggg87htf+LY+o5bc4YumHWW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
840ba7eefa28550ac44e46fd8cdde34fed17d75306b92709464f5e3d6e23edae

Files

840ba7eefa28550ac44e46fd8cdde34fed17d75306b92709464f5e3d6e23edae
.exe windows:6 windows x86 arch:x86

be99e224578a411f6d8a9751aa0432d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

D:\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb

Imports

ntdll

RtlUnwind
RtlNtStatusToDosError

kernel32

LoadResource
LockResource
SizeofResource
DeviceIoControl
FindClose
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
GlobalMemoryStatusEx
GetSystemTimes
QueryPerformanceCounter
CreateEventW
SetEvent
WaitForSingleObject
SetFilePointerEx
GetEnvironmentVariableW
GetTickCount64
RaiseException
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetDiskFreeSpaceExW
SetEndOfFile
SetFilePointer
GetFileAttributesExW
GetFileSizeEx
MoveFileExW
SetFileInformationByHandle
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
K32GetProcessImageFileNameW
K32GetMappedFileNameW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetConsoleMode
FreeLibrary
GetModuleHandleExW
GetConsoleOutputCP
GetFileType
GetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
InterlockedPushEntrySList
OutputDebugStringW
LoadLibraryExA
GetProcessHeap
HeapAlloc
HeapFree
LocalFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentProcessId
HeapSetInformation
IsProcessorFeaturePresent
ExitProcess
lstrcpyW
SetDllDirectoryW
GlobalFree
GetTimeZoneInformation
GetSystemInfo
LoadLibraryW
GetSystemTimeAsFileTime
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FormatMessageA
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
WriteConsoleW
InitializeCriticalSectionAndSpinCount
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
TerminateThread
CreateThread
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForMultipleObjects
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CreateProcessW
GetExitCodeProcess
GetPriorityClass
GetProcessTimes
K32GetProcessMemoryInfo
CreateSemaphoreW
ReleaseSemaphore
GetVersionExW
GetModuleFileNameW
LoadLibraryExW
VirtualAlloc
VirtualFree
VirtualProtect
HeapDestroy
HeapReAlloc
TlsFree
LockFileEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FindFirstFileExW
GetVersion
HeapSize
FindResourceExW
VirtualQuery
UnlockFileEx
GetProcAddress
GetModuleHandleW
FileTimeToSystemTime
OutputDebugStringA
GetFullPathNameW
ReadFile
GetFileInformationByHandle
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
FlushFileBuffers
GetLastError
WriteFile
CreateFileW
SetLastError
Sleep
DeleteCriticalSection
InitializeCriticalSection
CompareStringW
GetUserDefaultUILanguage
FindResourceW
GetCommandLineW
GetCurrentProcess
InitializeCriticalSectionEx
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
ReadConsoleW
SetStdHandle
GetStringTypeW

user32

IsWindow
SetTimer
MoveWindow
LoadCursorW
DrawTextW
KillTimer
RegisterWindowMessageW
UpdateWindow
InvalidateRect
BeginPaint
EndPaint
LoadIconW
DispatchMessageW
TranslateMessage
GetMessageW
ReleaseDC
GetDC
DestroyIcon
PostQuitMessage
DestroyWindow
SetFocus
SetWindowPos
SendMessageW
CreateWindowExW
LoadImageW
SystemParametersInfoW
DefWindowProcW
GetWindowLongW
SetWindowLongW
CharLowerW
MessageBoxW
GetSystemMetrics
GetClassInfoExW
RegisterClassExW
PostMessageW
UnregisterClassW
SetWindowTextW
IsDialogMessageW
ShowWindow

advapi32

GetTokenInformation
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountSidW
OpenProcessToken
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegCloseKey

shell32

SHGetFolderPathW

comctl32

ord17

gdiplus

GdiplusShutdown
GdipFree
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipCreateFromHDC
GdipImageGetFrameCount
GdipDeleteGraphics
GdipGetPropertyItemSize
GdipLoadImageFromStream
GdipGetImageHeight
GdipGetImageWidth
GdiplusStartup
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipGetPropertyItem

gdi32

DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
SetTextColor
SetBkMode
GetTextExtentPoint32W
SelectObject
CreateFontIndirectW

ole32

CreateStreamOnHGlobal
CoCreateInstance

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 769KB - Virtual size: 769KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be99e224578a411f6d8a9751aa0432d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

advapi32

shell32

comctl32

gdiplus

gdi32

ole32

Exports

Exports

Sections

.text Size: 769KB - Virtual size: 769KB

.rdata Size: 174KB - Virtual size: 174KB

.data Size: 36KB - Virtual size: 45KB

.didat Size: 512B - Virtual size: 80B

.rsrc Size: 153KB - Virtual size: 152KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 769KB - Virtual size: 769KB

.rdata
Size: 174KB - Virtual size: 174KB

.data
Size: 36KB - Virtual size: 45KB

.didat
Size: 512B - Virtual size: 80B

.rsrc
Size: 153KB - Virtual size: 152KB

.reloc
Size: 41KB - Virtual size: 40KB