be069bc6c2b01588a651395511a9f52458c668752f0e267b64016a4ba26c0f4f

Sharing

Copy URL Twitter E-mail

General

Target

be069bc6c2b01588a651395511a9f52458c668752f0e267b64016a4ba26c0f4f
Size

1.5MB
MD5

e0e7d3a8f447938f8b2dd23c1e1a561c
SHA1

5a64143a769d05649bc2f556fa6c3ebf407a2073
SHA256

be069bc6c2b01588a651395511a9f52458c668752f0e267b64016a4ba26c0f4f
SHA512

02a6c2340598fcb0b51d7cda787e23a2c3962c74b37020fe9805d5b52ef9271dda2c52e981cbee960567afe10607ed920678eb85857667453f53f95f38f18a48
SSDEEP

12288:Jj4eamhFTirO96xe5Ml7utyoaKGq14KgunT54M:J0ea2iC96k5Mloy3KN4KLnTSM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be069bc6c2b01588a651395511a9f52458c668752f0e267b64016a4ba26c0f4f

Files

be069bc6c2b01588a651395511a9f52458c668752f0e267b64016a4ba26c0f4f
.exe windows:6 windows x86 arch:x86

305aec2a7b537b125e37ac31a6d8d20c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Visual C++\Release\SpeedCommander\20.x\20.5\[OutDir]\x32#Release\SpeedCommander\fsc\fsc.pdb

Imports

mxbase

ord3806
ord3818
ord2106
ord2230
ord2234
ord2228
ord1307
ord1337
ord3535
ord3992
ord4073
ord8903
ord9323
ord44
ord56
ord54
ord57
ord5733
ord51
ord1440
ord1445
ord2643
ord4874
ord2650
ord7097
ord7121
ord8986
ord3668
ord4506
ord5643
ord11192
ord1341
ord65
ord2512
ord7094
ord2642
ord1054
ord30
ord24
ord40
ord3534
ord7058
ord7053
ord7044
ord7043
ord9607
ord4517
ord4876
ord11183
ord70
ord6892
ord6644
ord64
ord68
ord8805
ord6740
ord7049
ord2506
ord6693
ord9002
ord1883
ord3669
ord9000
ord2497
ord1919
ord1344
ord9057
ord7095
ord10384
ord10378
ord7143
ord7144
ord9123
ord3805
ord6992
ord69
ord66
ord1343
ord11182
ord3536
ord6664
ord2294
ord9001
ord6918
ord3349
ord6663
ord60
ord5045
ord681
ord1059
ord1063
ord3709
ord71
ord10372
ord8925
ord4927
ord2659
ord10299
ord1444
ord48
ord8673
ord2115
ord9202
ord1067
ord3350
ord72
ord680
ord36
ord4873
ord1335
ord4537
ord5655
ord10524
ord8781
ord2573
ord2725
ord8457
ord682
ord63
ord684
ord5751
ord5044
ord10425
ord6797
ord4192
ord2295
ord1346
ord74
ord75
ord1066
ord683
ord5688

kernel32

GetNativeSystemInfo
LCMapStringEx
GetCPInfo
CompareStringEx
EncodePointer
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
TryAcquireSRWLockExclusive
GetStringTypeW
RaiseException
OutputDebugStringW
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetConsoleCP
ExitProcess
GetModuleHandleExW
WriteFile
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetConsoleMode
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
PeekConsoleInputA
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetFilePointerEx
GetConsoleOutputCP
ReadFile
SetErrorMode
GetModuleHandleW
LocalFree
FormatMessageW
DecodePointer
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
CreateDirectoryW
CreateFileW
SetFileAttributesW
CloseHandle
DeviceIoControl
GetSystemTimeAsFileTime
GetTickCount64
DosDateTimeToFileTime
GetLocalTime
lstrlenW
GetDateFormatW
GetTimeFormatW
CompareFileTime
FindClose
FindFirstFileW
SetLastError
lstrlenA
GetStdHandle
WriteConsoleW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
FlushFileBuffers
GetFileAttributesW
DisconnectNamedPipe
CallNamedPipeW
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetProcessId
GetModuleFileNameW
GetProcAddress
GetPrivateProfileIntW
EnterCriticalSection
LeaveCriticalSection
lstrcmpW
CopyFileExW
FindFirstFileExW
FindNextFileW
InitializeCriticalSection
CreateFileMappingW
MapViewOfFile
LoadLibraryExA
WideCharToMultiByte
MultiByteToWideChar
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
SetEndOfFile
GetSystemInfo
VirtualProtect
VirtualQuery
UnmapViewOfFile

user32

CharUpperW
RegisterWindowMessageW
SendMessageTimeoutW
CharLowerA
OemToCharBuffA
CharToOemBuffA
CharUpperA
SetWindowLongW
DestroyWindow
CreateWindowExW
GetClassInfoW
RegisterClassW
DefWindowProcW
GetWindow
GetWindowThreadProcessId
EnumWindows
FindWindowExW
GetParent
GetWindowLongW
IsWindowVisible

advapi32

GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CopySid
GetLengthSid
GetSidLengthRequired
GetSidSubAuthority
SetEntriesInAclW
InitializeSid
IsValidSid
OpenProcessToken
AccessCheck
AdjustTokenPrivileges
DuplicateToken
GetFileSecurityW
GetTokenInformation
MapGenericMask
LookupPrivilegeValueW
RegGetValueW
SetFileSecurityW

shell32

ShellExecuteExW
SHGetFileInfoW
ord155
SHGetDesktopFolder

shlwapi

PathIsUNCW
PathIsRelativeW
PathCompactPathExW
PathAppendW
PathRemoveFileSpecW
PathFindExtensionW
SHCreateStreamOnFileW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitialize
CoUninitialize
CoInitializeSecurity

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sstb
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

305aec2a7b537b125e37ac31a6d8d20c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mxbase

kernel32

user32

advapi32

shell32

shlwapi

ole32

Sections

.text Size: 337KB - Virtual size: 336KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 10KB - Virtual size: 112KB

.rsrc Size: 41KB - Virtual size: 40KB

.reloc Size: 14KB - Virtual size: 14KB

.sstb Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 337KB - Virtual size: 336KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 10KB - Virtual size: 112KB

.rsrc
Size: 41KB - Virtual size: 40KB

.reloc
Size: 14KB - Virtual size: 14KB

.sstb
Size: 1.0MB - Virtual size: 1.0MB