af67025f-5e33-44d0-aabd-c8aa0ae97ebf[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

af67025f-5e33-44d0-aabd-c8aa0ae97ebf.exe
Size

7.8MB
MD5

0311bcfe039be3babfa81b98a0e7b7f7
SHA1

0ed23b50cd686533d06c75688670562354c98c41
SHA256

3a828fbb58b881e7cdd0f1ceef326325433968862461521fb920cefc8df62fa6
SHA512

249b20a1d340813864ea8d1d19a4daf97650bd42f11cbe07efb3562783ee97e8ad43fe73d17b8187f59219dd6e2d605eb48962c1d7c5539eba692efa5746b55f
SSDEEP

196608:YzBtdUfhYzYpyHDz8Au4Y2r3knDiBAf7lI5:YFjUfhs5HDz8Au4Y2rUDCA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af67025f-5e33-44d0-aabd-c8aa0ae97ebf.exe

Files

af67025f-5e33-44d0-aabd-c8aa0ae97ebf.exe
.exe windows:6 windows x64 arch:x64

09b0dd92bb85aa943819b0b6214e8fc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty

kernel32

ExpandEnvironmentStringsW
GetTempFileNameW
GetLongPathNameW
IsBadReadPtr
IsBadStringPtrA
QueryPerformanceFrequency
WaitForSingleObjectEx
Sleep
GetNativeSystemInfo
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileExW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
GetTempPathW
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
FreeConsole
AttachConsole
WriteConsoleA
WriteConsoleW
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
ReadConsoleOutputCharacterA
MulDiv
ExitProcess
InitializeCriticalSection
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
GlobalHandle
GlobalFree
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlUnwind
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
ReadFile
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
GetModuleFileNameW
GetCurrentThread
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetFileSizeEx
HeapReAlloc
HeapSize
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
OutputDebugStringW
DeleteFileW
GetLogicalDriveStringsW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
CreateWaitableTimerW
QueueUserAPC
TerminateThread
GetSystemTimeAsFileTime
GetCurrentThreadId
FindResourceW
SizeofResource
LockResource
LoadResource
GetVersionExW
SetErrorMode
LocalFree
GetProcAddress
GetModuleHandleW
GetSystemDirectoryW
CreateProcessA
PostQueuedCompletionStatus
CreateThread
GetExitCodeProcess
TerminateProcess
GetLastError
CloseHandle
AreFileApisANSI
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
FreeLibrary
LoadLibraryA
LoadLibraryW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
FormatMessageA
SetFileTime
SetFileAttributesW
GetFileAttributesExW
CreateFileW
SystemTimeToFileTime
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
RtlVirtualUnwind
ConvertThreadToFiber
ConvertFiberToThread
GetCurrentProcessId
QueryPerformanceCounter
FindNextFileW

user32

SetMenuInfo
InsertMenuItemW
SetMenuItemInfoW
GetWindowDC
BeginPaint
EndPaint
UnionRect
GetDesktopWindow
DrawStateW
GetComboBoxInfo
IsMenu
keybd_event
HideCaret
PostMessageW
ChildWindowFromPoint
ChangeDisplaySettingsExW
EnumDisplaySettingsW
MonitorFromPoint
EnumDisplayMonitors
DrawEdge
DrawFrameControl
CheckMenuItem
GetMenuItemID
GetSysColorBrush
CheckMenuRadioItem
RegisterClipboardFormatW
GetClipboardFormatNameW
SetMenu
wsprintfW
IsClipboardFormatAvailable
CreateDialogIndirectParamW
IsZoomed
BringWindowToTop
IsIconic
FlashWindowEx
SetLayeredWindowAttributes
GetMonitorInfoW
MonitorFromWindow
OffsetRect
CopyRect
GetWindowPlacement
SetWindowRgn
GetDlgItem
CreateDialogParamW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
PtInRect
InflateRect
FillRect
GetSysColor
ChildWindowFromPointEx
WindowFromPoint
MapWindowPoints
ScreenToClient
ClientToScreen
GetCursorPos
SetCursorPos
GetWindowRect
ModifyMenuW
SetWindowTextW
EnableScrollBar
ScrollWindow
RedrawWindow
InvalidateRect
GetUpdateRgn
UpdateWindow
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
GetSystemMetrics
IsWindowEnabled
EnableWindow
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
MoveWindow
AnimateWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
SendMessageW
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
GetClassNameW
GetWindowLongW
SetRect
SetCursor
MessageBeep
GetWindowTextLengthW
GetWindowTextW
ReleaseDC
GetDC
PeekMessageW
DispatchMessageW
TranslateMessage
LoadCursorW
GetProcessDefaultLayout
GetKeyState
UnregisterClassW
RegisterClassW
RemoveMenu
AppendMenuW
InsertMenuW
GetSubMenu
DestroyMenu
MsgWaitForMultipleObjects
SetTimer
KillTimer
DdeInitializeW
DdeUninitialize
CreatePopupMenu
CreateMenu
GetMenuState
IsRectEmpty
SetRectEmpty
ValidateRgn
DrawFocusRect
DrawTextW
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
FindWindowExW
GetCaretBlinkTime
GetDoubleClickTime
DestroyIcon
CreateIconIndirect
DestroyCursor
DdeConnect
DdeDisconnect
DdePostAdvise
DdeNameService
DdeClientTransaction
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeGetLastError
DdeCreateStringHandleW
DdeQueryStringW
DdeFreeStringHandle
GetIconInfo
LoadImageW
LoadIconW
LoadBitmapW
DrawIconEx
ValidateRect
PostThreadMessageW
GetMessageW
SetForegroundWindow
EnableMenuItem
GetSystemMenu
DrawMenuBar
GetClientRect
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
GetDialogBaseUnits
EndDeferWindowPos
ReleaseCapture

shell32

SHGetFolderPathW
ExtractIconExW
ord6
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
ExtractIconW
SHGetFileInfoW

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

advapi32

RegSetValueExW
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
DeregisterEventSource

ws2_32

send
WSAStartup
WSACleanup
closesocket
connect
ioctlsocket
getsockopt
select
setsockopt
WSASetLastError
WSAGetLastError
WSARecv
WSASend
WSASocketW
getaddrinfo
freeaddrinfo
recv

comctl32

ImageList_Replace
ImageList_Draw
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ord16
ord17
ImageList_GetImageInfo
ImageList_GetIconSize

rpcrt4

UuidToStringW
RpcStringFreeW

oleacc

LresultFromObject

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeBackgroundContentRect
IsThemeBackgroundPartiallyTransparent
GetThemeColor
DrawThemeParentBackground
IsThemeActive
IsAppThemed
GetThemeMargins
GetThemeFont
GetThemeBackgroundExtent
SetWindowTheme
GetCurrentThemeName
GetThemePartSize
GetThemeInt
GetThemeSysColor
GetThemeSysFont
IsThemePartDefined

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

msimg32

AlphaBlend
GradientFill

shlwapi

SHAutoComplete

gdi32

LineTo
SetBkColor
MoveToEx
ExtTextOutW
CreateFontIndirectW
DeleteObject
GetOutlineTextMetricsW
SelectObject
GetTextMetricsW
CreateRectRgn
ExcludeClipRect
RealizePalette
SelectPalette
SetBrushOrgEx
GdiFlush
ExtCreateRegion
GetRegionData
OffsetRgn
Arc
GetBkColor
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
Ellipse
ExtFloodFill
GetClipBox
GetGraphicsMode
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
MaskBlt
Pie
PolyPolygon
Rectangle
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkMode
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPixel
SetPolyFillMode
StretchBlt
StretchDIBits
SetROP2
SetStretchBltMode
SetTextColor
GetWorldTransform
SetWorldTransform
ModifyWorldTransform
GetObjectW
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
CreateBitmap
CreateBitmapIndirect
CreatePen
ExtCreatePen
CreateHatchBrush
CreatePatternBrush
CreateSolidBrush
CombineRgn
EqualRgn
GetRgnBox
PtInRegion
RectInRegion
GetTextExtentPoint32W
CreateRectRgnIndirect
GetCharABCWidthsW
GetTextExtentExPointW
CreateICW
CreateDIBitmap
GetDIBits
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
CreateDCW
SetViewportOrgEx
EndPage
StartPage
EndDoc
StartDocW
SetAbortProc
EnumFontFamiliesExW
GetSystemPaletteEntries
PlayEnhMetaFile
CloseEnhMetaFile
GetDeviceCaps
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader

winspool.drv

GetPrinterW
DocumentPropertiesW
ClosePrinter
OpenPrinterW

ole32

CoInitializeEx
CoUninitialize
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
CoLockObjectExternal
OleUninitialize
OleInitialize

comdlg32

CommDlgExtendedError
PrintDlgW
PageSetupDlgW
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09b0dd92bb85aa943819b0b6214e8fc7

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

shell32

oleaut32

advapi32

ws2_32

comctl32

rpcrt4

oleacc

uxtheme

bcrypt

msimg32

shlwapi

gdi32

winspool.drv

ole32

comdlg32

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 102KB - Virtual size: 320KB

.pdata Size: 198KB - Virtual size: 198KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 420KB - Virtual size: 420KB

.reloc Size: 107KB - Virtual size: 106KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 102KB - Virtual size: 320KB

.pdata
Size: 198KB - Virtual size: 198KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 420KB - Virtual size: 420KB

.reloc
Size: 107KB - Virtual size: 106KB