f72bece90d7c26caef25c78d18f234c9038abf2ff06b9d37fe289cf57baa7544

Sharing

Copy URL Twitter E-mail

General

Target

f72bece90d7c26caef25c78d18f234c9038abf2ff06b9d37fe289cf57baa7544
Size

636KB
MD5

4350aa69b3e5155ca460ddc512e49a2e
SHA1

587e1950418c952e12f1ede0863c247a54c48700
SHA256

f72bece90d7c26caef25c78d18f234c9038abf2ff06b9d37fe289cf57baa7544
SHA512

da49f09bdb35dcfa13ffccda44cd09e877070766a63ac95aef179f12196322434cb6e14794ff5beb71155a648827895fec90e250c6f4959cd1ac87dfee160a79
SSDEEP

12288:JyxcnoWTxNdVPje/WR2yzzg31KFmZc8S8x/SsE/vt4hpg:JTPyOC31KFmZq/l4fg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f72bece90d7c26caef25c78d18f234c9038abf2ff06b9d37fe289cf57baa7544

Files

f72bece90d7c26caef25c78d18f234c9038abf2ff06b9d37fe289cf57baa7544
.exe windows:5 windows x86 arch:x86

77d081d9a68473ab0ac2887ec001bea5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hzq\chromium-49.0.2623.112\src\out\release\delegate_execute.exe.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
CreateProcessAsUserW
ConvertSidToStringSidW
RegQueryValueExW
GetUserNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

wininet

InternetCrackUrlW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

timeGetTime

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW

kernel32

GetCurrentProcess
CreateDirectoryW
WriteFile
CreateFileW
GetFileAttributesW
UnmapViewOfFile
GetCurrentDirectoryW
CreateFileMappingW
MapViewOfFile
TerminateProcess
OpenProcess
GetStdHandle
AssignProcessToJobObject
ResumeThread
GetUserDefaultLangID
GetEnvironmentVariableW
LoadLibraryW
GetVersionExW
GetNativeSystemInfo
GetCurrentProcessId
LocalFree
GetTickCount
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileInformationByHandle
SetFilePointerEx
FlushFileBuffers
FindFirstFileExW
FindNextFileW
FindClose
GetProcessId
GetSystemDirectoryW
GetWindowsDirectoryW
IsDebuggerPresent
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetModuleHandleExW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
WaitForMultipleObjects
ResetEvent
GetSystemInfo
VirtualQueryEx
RtlCaptureContext
SetUnhandledExceptionFilter
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
CompareStringW
LockResource
GlobalLock
GlobalUnlock
GetPrivateProfileStringW
GetTimeZoneInformation
CreateFileA
WideCharToMultiByte
GetCurrentThreadId
CreateThread
Sleep
CreateEventW
OpenMutexW
WaitForSingleObject
SetEvent
SetLastError
CloseHandle
GetCommandLineW
GetTempPathW
MultiByteToWideChar
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
CreateProcessW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DecodePointer
EnumSystemLocalesW
WriteConsoleW
IsValidCodePage
GetOEMCP
GetProcessHeap
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetUserDefaultUILanguage
FormatMessageA
GetUserDefaultLCID
IsValidLocale
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetACP
GetDriveTypeW
ExitProcess
GetConsoleMode
GetConsoleCP
GetFileType
SetStdHandle
GetFullPathNameW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
OutputDebugStringW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
EncodePointer
LoadLibraryExA
VirtualQuery
VirtualProtect

ole32

CoCreateInstance
ReleaseStgMedium
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CLSIDFromString
StringFromGUID2

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
SysStringLen
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

user32

RegisterClipboardFormatW
CharUpperW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
AllowSetForegroundWindow
GetAsyncKeyState
CharNextW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77d081d9a68473ab0ac2887ec001bea5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

wininet

version

winmm

shlwapi

kernel32

ole32

oleaut32

user32

userenv

Exports

Exports

Sections

.text Size: 334KB - Virtual size: 333KB

.rdata Size: 279KB - Virtual size: 278KB

.data Size: 3KB - Virtual size: 27KB

.gfids Size: 1024B - Virtual size: 548B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 288B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 334KB - Virtual size: 333KB

.rdata
Size: 279KB - Virtual size: 278KB

.data
Size: 3KB - Virtual size: 27KB

.gfids
Size: 1024B - Virtual size: 548B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 288B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 14KB - Virtual size: 14KB