5cfd4844fbeacc84b2505dc459eca47670edc693d74ada1948edd96097b0d6eb

Sharing

Copy URL Twitter E-mail

General

Target

5cfd4844fbeacc84b2505dc459eca47670edc693d74ada1948edd96097b0d6eb
Size

1.7MB
MD5

0743c0cf45311d8fa6a61f3e948dc519
SHA1

5851776c34c45b7a538198cc1600cafa2d1a1544
SHA256

5cfd4844fbeacc84b2505dc459eca47670edc693d74ada1948edd96097b0d6eb
SHA512

6b904612152a782c56cc4f92ffd3cfbf45402f765041a0d21cdb6b38540e66c4c1413e79d4aafad3b571765fd32dd1ba1b56e9002693723c749136d95b42c4c3
SSDEEP

24576:2Tc2zqcEtLmsYfXrbicJzoMzSIXafmv5Le3/0u9vH+j4diKU49n5aVzCmJ:n2WOJqbtYo/FvH+j4diKN9nUCmJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cfd4844fbeacc84b2505dc459eca47670edc693d74ada1948edd96097b0d6eb

Files

5cfd4844fbeacc84b2505dc459eca47670edc693d74ada1948edd96097b0d6eb
.exe windows:6 windows x86 arch:x86

46a142a783507d824e5334ae805d5012

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\MGame\WinOpt\Winopt_Tray\bin\Release\WinOptimizerTray.pdb

Imports

kernel32

Sleep
CopyFileW
DeleteAtom
AddAtomW
FindAtomW
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
GetProcessId
GetVersionExW
GetPrivateProfileIntW
MultiByteToWideChar
lstrcpynW
GetModuleHandleW
GetModuleFileNameW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WideCharToMultiByte
lstrlenW
SetLastError
GetTempPathW
GetTickCount64
OpenProcess
GetProcessTimes
GetTickCount
GetCommandLineW
SystemTimeToFileTime
ResumeThread
WaitForSingleObjectEx
GetCurrentThread
WaitForMultipleObjects
GetOverlappedResult
GetPrivateProfileStringW
CreateNamedPipeW
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
WriteFile
Process32NextW
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
lstrcmpiW
LoadLibraryW
Process32FirstW
SizeofResource
LockResource
LoadResource
GetProcAddress
FreeLibrary
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
ReadFile
CreateFileW
CreateEventW
ReleaseMutex
ResetEvent
SetEvent
LoadLibraryExW
CreateMutexW
IsBadReadPtr
VirtualProtect
GetCurrentProcessId
WaitForSingleObject
SetUnhandledExceptionFilter
CloseHandle
GetCurrentProcess
WritePrivateProfileStringW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
GetTimeZoneInformation
GetConsoleMode
HeapFree
HeapReAlloc
GetConsoleOutputCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
ExitThread
GetFileAttributesExW
RtlUnwind
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
UnregisterWaitEx
QueryDepthSList
FindResourceW
CreateToolhelp32Snapshot
InterlockedFlushSList
ReleaseSemaphore
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
TryEnterCriticalSection
DuplicateHandle
SwitchToThread
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LocalFree
lstrcpyW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetACP
MulDiv
ExitProcess
FreeResource
GetFileSize
lstrcmpW
SetEndOfFile
SetFilePointer
GetVersion
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetTempFileNameW
GetLocalTime
UnhandledExceptionFilter
TerminateProcess
FlushFileBuffers
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA

user32

GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
IntersectRect
IsRectEmpty
GetParent
GetClassNameW
GetWindow
MonitorFromWindow
MonitorFromPoint
RegisterClassW
ShowWindow
EnableWindow
SetFocus
SetPropW
GetPropW
LoadImageW
IsIconic
SetWindowRgn
MessageBoxW
CharPrevW
DrawTextW
SetRect
DrawIconEx
GetIconInfo
GetMessagePos
GetDlgCtrlID
DrawFocusRect
FillRect
HideCaret
ShowCaret
ClientToScreen
GetSysColor
GetWindowDC
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
RemovePropW
FindWindowExW
IsWindowEnabled
UnregisterClassW
RegisterWindowMessageW
PostMessageW
IsZoomed
IsWindowVisible
SetWindowPos
UpdateLayeredWindow
IsChild
SendMessageW
OffsetRect
UnionRect
InflateRect
SetCursor
wvsprintfW
GetFocus
DefWindowProcW
PostQuitMessage
CallWindowProcW
EnumDisplayMonitors
GetMonitorInfoW
GetWindowThreadProcessId
GetShellWindow
PtInRect
CopyRect
wsprintfW
GetCursorPos
SetForegroundWindow
MoveWindow
KillTimer
DestroyWindow
CharNextW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
ChangeWindowMessageFilter
DestroyIcon
LoadIconW
LoadCursorW
FindWindowW
SetWindowLongW
GetWindowLongW
SetTimer
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW

gdi32

ExtSelectClipRgn
BitBlt
CreateCompatibleBitmap
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
Rectangle
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
GetDeviceCaps
CreateRoundRectRgn
CombineRgn
CreateRectRgnIndirect
GetTextExtentPoint32W
CreateCompatibleDC
GetCharABCWidthsW
GetClipBox
SelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
SetDIBColorTable
TextOutW
ExtTextOutW
CreateSolidBrush
GetTextColor
CreateDCW
GetDIBits
SetDIBitsToDevice

advapi32

RegCreateKeyW
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetSpecialFolderPathW
SHFileOperationW
ord165
Shell_NotifyIconW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoInitialize
CoCreateInstance
CLSIDFromString
OleLockRunning
CLSIDFromProgID

oleaut32

SysStringLen
SafeArrayPutElement
SafeArrayCreate
VarUI4FromStr
VariantChangeType
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

shlwapi

StrStrIW
PathAppendW
PathFileExistsW
StrStrIA
PathRemoveFileSpecW
PathFindFileNameW
StrCmpIW
wnsprintfW
StrCpyW
PathCombineW
SHAutoComplete
StrCmpNIW
StrTrimA

comctl32

ImageList_GetIconSize
InitCommonControlsEx
_TrackMouseEvent
ord17
ImageList_DrawEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

secur32

GetUserNameExW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

msimg32

AlphaBlend
GradientFill

gdiplus

GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipLoadImageFromFile
GdipDrawEllipseI
GdipAddPathArc
GdipGetImageEncoders
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsList
GdipGetImageEncodersSize
GdipDrawImageRectRectI
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillEllipseI
GdipClosePathFigure
GdipCreateTexture
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46a142a783507d824e5334ae805d5012

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

secur32

wininet

iphlpapi

urlmon

msimg32

gdiplus

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 231KB - Virtual size: 231KB

.data Size: 20KB - Virtual size: 70KB

.rsrc Size: 204KB - Virtual size: 203KB

.reloc Size: 73KB - Virtual size: 72KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 231KB - Virtual size: 231KB

.data
Size: 20KB - Virtual size: 70KB

.rsrc
Size: 204KB - Virtual size: 203KB

.reloc
Size: 73KB - Virtual size: 72KB