327ad509f79842537a0b91505b785685900cf23e9737521cc06db952ffe849aa

Sharing

Copy URL Twitter E-mail

General

Target

327ad509f79842537a0b91505b785685900cf23e9737521cc06db952ffe849aa
Size

6.5MB
MD5

d85c6407daf3c8ca7d30cc16c0cc79e1
SHA1

18bb8b6c0b7e731fe66a39507b616634131b58dc
SHA256

327ad509f79842537a0b91505b785685900cf23e9737521cc06db952ffe849aa
SHA512

fad711e1314ae583528a9dc286fbd95f4cf20ea9265e8099d8d72c3a058d64fdb4bffc798bc047a35fb87923126db7e377b93148edbd59d0e2fc79610170ce7b
SSDEEP

98304:OqY224M+128S1k/4B2FYYLF224M+128Syv7z8i:8Vp+1q1kEqFVp+1qyvf8i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
327ad509f79842537a0b91505b785685900cf23e9737521cc06db952ffe849aa

Files

327ad509f79842537a0b91505b785685900cf23e9737521cc06db952ffe849aa
.exe windows:5 windows x86 arch:x86

82b58093565d593f7f62d113b8e2a335

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\VisualStudio\Projects\Tech tool shop\Release\TechToolStore.pdb

Imports

kernel32

FindFirstFileExW
LCMapStringW
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
TlsFree
TlsSetValue
SetFilePointerEx
TlsAlloc
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
OutputDebugStringW
InitializeSListHead
GetFileInformationByHandle
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EnumResourceNamesW
ResumeThread
SuspendThread
Thread32Next
TerminateThread
Thread32First
TerminateProcess
Process32NextW
WriteFile
Process32FirstW
CreateToolhelp32Snapshot
SetLastError
GetLocalTime
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
CreateDirectoryW
CopyFileW
GetExitCodeProcess
GetProcessId
CreateProcessW
FileTimeToSystemTime
RemoveDirectoryW
MoveFileExW
UnmapViewOfFile
GetSystemTimeAsFileTime
GetFileSizeEx
SetFileTime
GetFileTime
GetFileAttributesW
GetTempPathW
GetSystemWindowsDirectoryW
CloseHandle
GetLongPathNameW
Sleep
SleepEx
GetExitCodeThread
VerifyVersionInfoW
VerSetConditionMask
WritePrivateProfileStringW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
GetCurrentProcess
GetCurrentThreadId
ReadFile
GetFileSize
FreeLibrary
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleW
GetPrivateProfileIntW
GetSystemTime
SetEnvironmentVariableW
SetThreadExecutionState
SetCurrentDirectoryW
SetErrorMode
ProcessIdToSessionId
GetCurrentProcessId
WTSGetActiveConsoleSessionId
GetComputerNameW
LocalFileTimeToFileTime
GetCurrentDirectoryW
OpenThread
GetTickCount
ExitProcess
SetFilePointer
GetStartupInfoW
LoadLibraryExW
lstrcmpiW
GetModuleFileNameW
WaitForSingleObject
CreateThread
SetFileAttributesW
MoveFileW
DeleteFileW
CreateFileW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer
GetProcAddress
GetModuleHandleW
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedIncrement
OpenProcess
FindNextFileW
FindClose
FindFirstFileW
TlsGetValue

user32

SetCursor
GetSysColorBrush
DestroyMenu
BeginDeferWindowPos
EndDeferWindowPos
TranslateAcceleratorW
CopyImage
SetMenuDefaultItem
LoadImageW
GetAsyncKeyState
DefDlgProcW
GetMenuItemID
GetForegroundWindow
SetWindowTextW
PostMessageW
SendMessageW
DestroyWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
TranslateMessage
PeekMessageW
UnregisterClassW
DispatchMessageW
CreatePopupMenu
GetMessageW
CharNextW
CopyIcon
GetWindowTextW
SetMenuInfo
InsertMenuItemW
RemoveMenu
SetClassLongW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuStringW
TrackPopupMenu
GetWindowTextLengthW
MoveWindow
SetWindowPos
BringWindowToTop
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
MapWindowPoints
SendInput
SetCursorPos
GetCursorPos
SetForegroundWindow
WindowFromPoint
GetClassLongW
EnumWindows
EnumChildWindows
GetWindowInfo
DestroyIcon
DrawIconEx
GetSystemMetrics
BeginPaint
EndPaint
GetDC
GetWindowDC
ReleaseDC
UpdateWindow
GetUpdateRect
InvalidateRect
InvalidateRgn
ShowWindow
IsWindowVisible
RedrawWindow
IsWindowEnabled
EnableWindow
SetCapture
SetFocus
ChildWindowFromPoint
GetWindow
IsChild
GetParent
GetDlgCtrlID
GetDlgItem
MessageBoxW
IsDialogMessageW
AdjustWindowRectEx
GetWindowRgn
SetWindowRgn
DeferWindowPos
GetWindowThreadProcessId
IsWindow
GetClassNameW
DeleteMenu
GetWindowRgnBox
ShowWindowAsync
GetSysColor
DestroyAcceleratorTable
GetFocus
CallWindowProcW
FillRect
GetDesktopWindow
CreateAcceleratorTableW
ReleaseCapture
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
wsprintfW
SystemParametersInfoW
GetIconInfo
FindWindowExW
FindWindowW
SetLayeredWindowAttributes

gdi32

PatBlt
SetBrushOrgEx
GetTextExtentPoint32W
SelectClipRgn
ExcludeClipRect
ExtSelectClipRgn
OffsetRgn
FillRgn
CombineRgn
CreateRectRgn
SetTextColor
GetBkColor
StretchBlt
SetStretchBltMode
GetDIBits
SetBkMode
SetBkColor
CreateDIBSection
CreateFontW
CreatePatternBrush
GetObjectW
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SelectObject
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
SetNamedSecurityInfoW
TreeResetNamedSecurityInfoW
CreateWellKnownSid
IsTextUnicode
AdjustTokenPrivileges
LookupPrivilegeValueW
EqualSid
AddAce
GetAce
InitializeAcl
LookupAccountNameW
GetTokenInformation
OpenProcessToken
GetLengthSid
IsValidSid
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
CloseServiceHandle
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptImportKey
CryptSetKeyParam
CryptEncrypt
CryptDestroyKey
CryptDecrypt
OpenSCManagerW
OpenServiceW
QueryServiceStatus
AbortSystemShutdownW
RegLoadKeyW
ConvertSidToStringSidW
RegUnLoadKeyW
RegSaveKeyExW

shell32

ShellExecuteExW
ord190
SHOpenFolderAndSelectItems
ord155
DragQueryPoint
DragFinish
DragQueryFileW
Shell_NotifyIconW
SHGetDesktopFolder
FindExecutableW
ExtractAssociatedIconW
SHChangeNotify
SHGetFolderPathW
CommandLineToArgvW
ExtractIconExW
ord6

ole32

CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleUninitialize
OleInitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoInitialize
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocString
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysStringLen

shlwapi

UrlCombineW
PathIsRootW
PathParseIconLocationW
PathFileExistsW
PathIsDirectoryW
PathUnExpandEnvStringsW
UrlUnescapeW
PathFindOnPathW
UrlCreateFromPathW

version

VerQueryValueW
GetFileVersionInfoW

wininet

FtpGetFileSize
InternetQueryDataAvailable
InternetReadFile
InternetCrackUrlW
FtpSetCurrentDirectoryW
FtpPutFileW
InternetConnectW
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetGetConnectedState
InternetCloseHandle
FtpOpenFileW
HttpQueryInfoW

winhttp

WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData

gdiplus

GdipCloneImage
GdipSaveImageToFile
GdipSaveImageToStream
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDeleteRegion
GdiplusStartup
GdipCreateRegionPath
GdipDeletePath
GdipCreatePath
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetPenDashStyle
GdipSetPenEndCap
GdipDeletePen
GdipCreatePen1
GdipSetLineColors
GdipCreateLineBrushFromRectI
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDrawImageI
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipDrawImageRect
GdipDrawString
GdipFillPath
GdipFillEllipseI
GdipFillEllipse
GdipFillPolygonI
GdipFillRectangleI
GdipFillRectangle
GdipGraphicsClear
GdipDrawPath
GdipDrawEllipseI
GdipDrawEllipse
GdipDrawRectangleI
GdipDrawArc
GdipDrawLineI
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHWND
GdipCreateFromHDC
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDisposeImage
GdipAddPathPolygon
GdipGetRegionHRgn
ord1
GdipAddPathLine
GdipClosePathFigure
GdiplusShutdown
GdipResetPath
GdipDisposeImageAttributes

psapi

EnumProcesses
GetModuleFileNameExW

comctl32

ImageList_Add
ImageList_Create
ord411
ImageList_Remove
ImageList_Replace
ord412
ord410
ord413
ImageList_Destroy
ImageList_GetImageCount
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_GetIcon

uxtheme

SetWindowTheme

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82b58093565d593f7f62d113b8e2a335

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wininet

winhttp

gdiplus

psapi

comctl32

uxtheme

wtsapi32

Sections

.text Size: 582KB - Virtual size: 582KB

.rdata Size: 253KB - Virtual size: 252KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 582KB - Virtual size: 582KB

.rdata
Size: 253KB - Virtual size: 252KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 25KB - Virtual size: 24KB