13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0

Sharing

Copy URL

Twitter E-mail

General

Target

13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0
Size

3.5MB
MD5

3d65c83ef6cd531b1cea119ebaed6d4e
SHA1

dd34510ec94ccca3aad65d9956e62d99e214e9f8
SHA256

13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0
SHA512

a49634306f748433821dc246fe4624cb8f9ed1ba721ecb14ebddac9b13403d33cf58136bd2076d43abd40240166e96f91a14092b89fb962ab67fb69dd5711271
SSDEEP

98304:LVU8oNJUmv0ydoQK9q4YwjU4fyp/9EcdY11yyevzeXV:LVaOmiWV+11yyev

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0

Files

13af5dce278866f04c1b7c929b97010c9b057ca7201cde2c983a6a12c196dcb0
.exe windows:6 windows x86 arch:x86

98a27c99db18953884c0032dfa8adab4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Rnd_MainCollection\ATES\ExamShieldInstallation\ExamShieldLauncher\Release\ExamShieldLauncher.pdb

Imports

kernel32

GetFileType
SetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
QueryPerformanceFrequency
CreateThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
RaiseException
OutputDebugStringW
HeapQueryInformation
GetSystemInfo
VirtualAlloc
GetStdHandle
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
SetConsoleCtrlHandler
GetDriveTypeW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
SetCurrentDirectoryW
WriteConsoleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
VirtualQuery
ReleaseSRWLockExclusive
LocalUnlock
LocalLock
GetUserDefaultLCID
ReplaceFileW
GetTempFileNameW
GetDiskFreeSpaceW
GetProfileIntW
GetTickCount64
SearchPathW
GetWindowsDirectoryW
FindResourceExW
GetTempPathW
FindNextFileW
SetErrorMode
GetCurrentDirectoryW
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetAtomNameW
GlobalGetAtomNameW
lstrcpyW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
lstrcmpA
GetVersionExW
CreateSemaphoreW
WaitForMultipleObjects
CreateMutexW
ReleaseMutex
ReleaseSemaphore
GetThreadLocale
GetStringTypeExW
MoveFileW
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
CreateFileW
WideCharToMultiByte
MulDiv
GlobalSize
GlobalAlloc
GetCurrentProcessId
GlobalFree
GlobalLock
GlobalUnlock
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryA
LoadLibraryExW
GetProcAddress
GetModuleHandleA
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
OutputDebugStringA
GetProcessHeap
HeapDestroy
DecodePointer
SizeofResource
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
CloseHandle
GetCurrentProcess
GetCurrentThread
VerifyVersionInfoW
VerSetConditionMask
CopyFileW
CopyFileExW
GetModuleFileNameW
CreateDirectoryW
GetModuleHandleW
Sleep
GetFileAttributesW
DeleteFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetTickCount
WaitForSingleObject
ResumeThread
ExitProcess
LocalFree
LocalSize
lstrlenW
LocalAlloc
FormatMessageW
GetLastError
FindResourceW
LoadResource
LockResource
ExitThread

user32

SetCapture
IsZoomed
TrackMouseEvent
IntersectRect
GetDialogBaseUnits
MapDialogRect
GetAsyncKeyState
RealChildWindowFromPoint
CopyImage
InflateRect
GetMenuItemInfoW
DestroyMenu
EnumDisplayMonitors
SystemParametersInfoW
LoadCursorW
GetSysColorBrush
SetLayeredWindowAttributes
SetCursor
ShowOwnedPopups
PostQuitMessage
MsgWaitForMultipleObjectsEx
CharUpperW
TranslateMessage
GetMessageW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
MapVirtualKeyW
GetKeyNameTextW
GetCursorPos
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
ReleaseCapture
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassLongW
PtInRect
LoadAcceleratorsW
CopyRect
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetCursorPos
SetRect
EnableWindow
MessageBoxW
SendMessageW
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
SetMenu
GetMenu
GetCapture
GetKeyState
SetTimer
KillTimer
GetSystemMenu
DeleteMenu
SetWindowRgn
MessageBeep
WindowFromPoint
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
IsRectEmpty
UpdateLayeredWindow
EnableScrollBar
UnionRect
GetFocus
SetFocus
MonitorFromPoint
DestroyIcon
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
ToUnicodeEx
GetKeyboardLayout
CheckDlgButton
UpdateWindow
PostMessageW
SetWindowLongW
GetWindowLongW
wsprintfW
LoadIconW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadImageW
UnregisterClassW
DrawStateW
InvalidateRect
FillRect
GetClassNameW
LoadBitmapW
DrawMenuBar
LoadMenuW
GetSubMenu
GetWindowRect
GetParent
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetParent
BringWindowToTop
LockWindowUpdate
SetClassLongW
IsWindowVisible
GetDlgItem
GetDlgCtrlID
GetKeyboardState
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClipboardFormatW
CharUpperBuffW
ModifyMenuW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
CopyIcon
FrameRect
PostThreadMessageW
WaitMessage
GetNextDlgGroupItem
GetIconInfo
HideCaret
InvertRect
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
GetTabbedTextExtentW
GetDCEx
GetWindowRgn
EnumChildWindows
GetComboBoxInfo
DestroyCursor
WindowFromDC
CreateMenu
InSendMessage
MonitorFromRect
SendNotifyMessageW
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
EqualRect

gdi32

SelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
CreateCompatibleBitmap
CreateDIBitmap
CreateFontIndirectW
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
GetTextExtentPoint32W
CombineRgn
GetMapMode
SetRectRgn
SaveDC
CreateRoundRectRgn
CreateDIBSection
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
GetCurrentObject
EnumFontFamiliesExW
GetDIBits
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
GetRgnBox
OffsetRgn
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
CreateFontW
GetCharWidthW
StretchDIBits
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
SetPixelV
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
RestoreDC
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateBitmap
SetTextColor
SetBkColor
GetObjectW
GetStockObject
DeleteObject
CreateSolidBrush
DPtoLP
ExtSelectClipRgn
DeleteDC

msimg32

AlphaBlend
TransparentBlt

winspool.drv

GetJobW
ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

IsValidSecurityDescriptor
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
SetFileSecurityW
GetFileSecurityW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueW
FreeSid
AccessCheck
IsTextUnicode
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenProcessToken
OpenThreadToken

shell32

ShellExecuteW
SHGetFileInfoW
SHAddToRecentDocs
ExtractIconW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
DragQueryFileW
ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
DragFinish
SHGetFolderPathW

comctl32

ord17

shlwapi

PathStripToRootW
PathFindExtensionW
UrlUnescapeW
PathRemoveExtensionW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFindFileNameW
PathIsUNCW

uxtheme

IsAppThemed
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetThemePartSize

ole32

RegisterDragDrop
RevokeDragDrop
StgCreateDocfileOnILockBytes
WriteClassStm
GetHGlobalFromILockBytes
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
OleRun
CreateDataAdviseHolder
CreateOleAdviseHolder
OleGetClipboard
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateFileMoniker
OleRegEnumVerbs
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfile
OleLockRunning
OleSetMenuDescriptor
PropVariantCopy
WriteClassStg
OleRegGetMiscStatus
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CLSIDFromString
StringFromGUID2
CoDisconnectObject
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
IsAccelerator
OleTranslateAccelerator
CoLockObjectExternal
CreateILockBytesOnHGlobal

oleaut32

SysStringByteLen
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SetErrorInfo
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
VariantChangeType
SysStringLen
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
VariantClear
VariantInit
SysAllocStringLen
SafeArrayGetElemsize
SysAllocStringByteLen
GetErrorInfo
SysAllocString
SafeArrayGetUBound
CreateErrorInfo
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImagePaletteSize
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipGetImagePalette

wininet

InternetGetCookieW
InternetSetCookieW
HttpEndRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
GopherGetAttributeW
GopherOpenFileW
GopherFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpOpenFileW
FtpRenameFileW
FtpDeleteFileW
FtpPutFileW
FtpGetFileW
FtpFindFirstFileW
InternetGetLastResponseInfoW
InternetQueryOptionW
InternetFindNextFileW
InternetQueryDataAvailable
InternetSetFilePointer
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetWriteFile
InternetCrackUrlW
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetSetStatusCallbackW
InternetOpenW
InternetCloseHandle
InternetErrorDlg

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98a27c99db18953884c0032dfa8adab4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

wininet

crypt32

oleacc

imm32

winmm

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 547KB - Virtual size: 546KB

.data Size: 31KB - Virtual size: 51KB

.rsrc Size: 303KB - Virtual size: 302KB

.reloc Size: 201KB - Virtual size: 200KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 547KB - Virtual size: 546KB

.data
Size: 31KB - Virtual size: 51KB

.rsrc
Size: 303KB - Virtual size: 302KB

.reloc
Size: 201KB - Virtual size: 200KB