touchHLE[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

touchHLE.exe
Size

9.8MB
MD5

9baa644b4c4c90fd33b305d41415386a
SHA1

23fdf6dd768b4763006f9082c92e892b4eb36588
SHA256

ca7b46e35b2123e115abe2885c79fd571d765f98340a7156a058e2961bef4389
SHA512

74fd09a9cbb1e37e86c027082c5f831b370a37d1f3600e8ec2236a1d3e32a162d4c8e0a089822f2860c9af6fa24155c14a377c32cc04fe5d282c6b5f9a81c902
SSDEEP

196608:aghXPBORLw6cD7ZcbuaQ4OiixZAWP1EQSGsFxV2LITrciMfMUaJ1IQQDTaAX5Gfq:agh/aLPcD7ZcbuaQ4OiixZAWP1EQSGsE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
touchHLE.exe

Files

touchHLE.exe
.exe windows:6 windows x64 arch:x64

9a242c8811ca7ad76e3b1d7f31bb41c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHGetSpecialFolderPathW
ShellExecuteW
DragAcceptFiles
SHGetFolderPathW
ExtractIconExW
DragFinish
DragQueryFileW

user32

GetUpdateRect
GetDC
GetForegroundWindow
GetMenu
GetSystemMetrics
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
IsIconic
SetWindowPos
GetClassInfoExW
ValidateRect
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageExtraInfo
PeekMessageW
ClientToScreen
DispatchMessageW
TranslateMessage
GetMessageW
TrackMouseEvent
MessageBoxA
InvalidateRect
GetPropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
GetCursorPos
RegisterClassExW
GetClipCursor
SystemParametersInfoA
DrawTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
PostThreadMessageW
GetRawInputDeviceList
GetRawInputDeviceInfoA
GetDesktopWindow
SetWindowRgn
MonitorFromWindow
MonitorFromRect
CreateIconFromResource
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
PtInRect
IntersectRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RemovePropW
SetPropW
ScreenToClient
ClipCursor
FillRect
IsRectEmpty
GetWindowLongW
CallNextHookEx
LoadIconW
DestroyIcon
GetRawInputData
RegisterWindowMessageA
GetDoubleClickTime
RegisterDeviceNotificationW
UnregisterDeviceNotification
UnregisterClassA
RegisterClassExA
CreateWindowExA
DestroyWindow
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetKeyboardLayout
GetKeyboardState
ToUnicode
MapVirtualKeyW
ReleaseDC
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplayDevicesW
MonitorFromPoint
GetMonitorInfoW
EnumDisplayMonitors
SetCapture
ReleaseCapture
SetCursorPos
LoadCursorW
CopyImage
CreateIconIndirect
SystemParametersInfoW
RegisterRawInputDevices
SendMessageW
AttachThreadInput
RegisterClassW
CreateWindowExW
ShowWindow
SetLayeredWindowAttributes
FlashWindowEx
SetFocus
GetFocus
SetActiveWindow
SetForegroundWindow

gdi32

CreateCompatibleDC
DeleteObject
DeleteDC
DescribePixelFormat
SelectObject
GetTextMetricsW
GetTextExtentPoint32A
CreateFontIndirectW
BitBlt
SwapBuffers
SetPixelFormat
GetPixelFormat
CreateSolidBrush
ChoosePixelFormat
CreateRectRgn
CombineRgn
SetDeviceGammaRamp
GetDeviceGammaRamp
GetICMProfileW
CreateBitmap
GetDIBits
GetDeviceCaps
CreateDCW
CreateCompatibleBitmap
CreateDIBSection

winmm

waveOutWrite
waveInStart
timeBeginPeriod
timeEndPeriod
waveOutGetNumDevs
waveOutGetDevCapsW
waveOutGetErrorTextW
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveInStop
waveOutReset
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInReset

imm32

ImmGetIMEFileNameA
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow

ole32

CoInitialize
CoUninitialize
StringFromCLSID
PropVariantClear
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CLSIDFromString

oleaut32

SysFreeString

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Locate_DevNodeA
CM_Get_Parent
CM_Get_Device_IDA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

kernel32

WakeAllConditionVariable
SetHandleInformation
GetCurrentProcessId
SetFileInformationByHandle
FlushFileBuffers
GetCommandLineW
GetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
AcquireSRWLockExclusive
SetWaitableTimer
CreateWaitableTimerExW
SetThreadStackGuarantee
AddVectoredExceptionHandler
ReleaseSRWLockExclusive
CreateSemaphoreA
FindNextFileW
FindFirstFileW
FindClose
MultiByteToWideChar
DebugBreak
RtlDeleteFunctionTable
RtlAddFunctionTable
VirtualProtect
GetLocaleInfoA
GetSystemPowerStatus
WideCharToMultiByte
GetModuleHandleExW
CompareStringA
SleepConditionVariableSRW
GlobalUnlock
GlobalAlloc
LoadLibraryExW
TlsSetValue
TlsGetValue
TlsAlloc
VerifyVersionInfoW
FormatMessageW
LocalFree
CreateEventW
WaitForSingleObject
ResetEvent
CancelIo
GetOverlappedResult
DeviceIoControl
CreateFileA
VerSetConditionMask
QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadPriority
GetCurrentThread
CreateThread
RaiseException
IsDebuggerPresent
SetEnvironmentVariableA
GetEnvironmentVariableA
VirtualQuery
VirtualFree
VirtualAlloc
TryAcquireSRWLockExclusive
HeapFree
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
GetModuleHandleA
GetProcessHeap
HeapAlloc
GetFileInformationByHandle
GetFileInformationByHandleEx
DeleteFileW
RemoveDirectoryW
GetFinalPathNameByHandleW
GetFullPathNameW
InitOnceComplete
Sleep
CreateSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
GetCurrentThreadId
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
CreateDirectoryW
GetSystemInfo
GlobalMemoryStatusEx
TerminateProcess
ExitProcess
GetCurrentProcess
SetThreadExecutionState
MulDiv
GetModuleHandleW
GetModuleFileNameW
GetTickCount
GetSystemTimeAsFileTime
CreateMutexA
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitOnceBeginInitialize
GlobalLock
SetErrorMode
SetFilePointerEx
SetFilePointer
ReadFile
GetFileSizeEx
CreateFileW
WriteConsoleW
GetConsoleMode
AttachConsole
GetLastError
OutputDebugStringW
WriteFile
GetStdHandle
LoadLibraryA
GetProcAddress
FreeLibrary
CloseHandle

advapi32

RegCloseKey
RegQueryValueExW
SystemFunction036
RegOpenKeyExW

bcrypt

BCryptGenRandom

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

ws2_32

freeaddrinfo
WSACleanup
WSAGetLastError
setsockopt
recv
send
accept
WSAStartup
WSASocketW
getaddrinfo
bind
listen
closesocket

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?eof@ios_base@std@@QEBA_NXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
_Cnd_unregister_at_thread_exit
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
_Cnd_signal
_Cnd_broadcast
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_yield
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
_Cnd_register_at_thread_exit

vcruntime140

__std_exception_destroy
__std_exception_copy
memset
_CxxThrowException
memcmp
memcpy
__CxxFrameHandler3
_purecall
memmove
__std_terminate
memchr
strchr
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-math-l1-1-0

atanf
atan2f
atan2
sinh
sinhf
cosh
coshf
tanh
tanhf
_hypot
log1p
_hypotf
log1pf
log
logf
log2
log2f
asin
log10f
exp
expf
expm1
expm1f
exp2
exp2f
copysignf
atan
floor
floorf
round
trunc
truncf
fmod
fmodf
sqrtf
tanf
tan
cosf
acosf
cos
cbrtf
modf
sinf
sin
roundf
ceil
powf
copysign
ldexp
hypot
sqrt
acos
ceilf
asinf
__setusermatherr
log10
_dsign
pow

api-ms-win-crt-string-l1-1-0

isspace
isalpha
toupper
strcmp
strncmp
strlen
isalnum

api-ms-win-crt-stdio-l1-1-0

fsetpos
fgetpos
_fseeki64
setvbuf
_get_stream_buffer_pointers
rewind
__stdio_common_vsscanf
fputs
clearerr
__stdio_common_vsprintf_s
__stdio_common_vsprintf
fclose
_wfopen
feof
_isatty
_get_osfhandle
__stdio_common_vsnprintf_s
fwrite
fputc
_fileno
puts
fflush
__stdio_common_vfprintf
__acrt_iob_func
__p__commode
_set_fmode
ferror
ungetc
ftell
fseek
fread
fgetc

api-ms-win-crt-heap-l1-1-0

realloc
_aligned_malloc
_aligned_free
_set_new_mode
_callnewh
free
malloc
calloc

api-ms-win-crt-convert-l1-1-0

atoi
strtof
strtoul
strtol

api-ms-win-crt-runtime-l1-1-0

_errno
_initialize_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
abort
_seh_filter_exe
_initterm_e
exit
_invalid_parameter_noinfo_noreturn
_exit
_wassert
_initterm
__p___argv
_cexit
_c_exit
_beginthreadex
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
strerror
_register_onexit_function
_crt_atexit
__p___argc
_get_initial_narrow_environment

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-environment-l1-1-0

_wgetenv
_wgetcwd
getenv

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 317KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a242c8811ca7ad76e3b1d7f31bb41c4

Headers

DLL Characteristics

File Characteristics

Imports

shell32

user32

gdi32

winmm

imm32

ole32

oleaut32

version

setupapi

kernel32

advapi32

bcrypt

ntdll

ws2_32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 7.1MB - Virtual size: 7.1MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 317KB - Virtual size: 1.3MB

.pdata Size: 303KB - Virtual size: 303KB

.reloc Size: 51KB - Virtual size: 50KB

.text
Size: 7.1MB - Virtual size: 7.1MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 317KB - Virtual size: 1.3MB

.pdata
Size: 303KB - Virtual size: 303KB

.reloc
Size: 51KB - Virtual size: 50KB