2bb34224514769f12cef2e65b2307cc0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2bb34224514769f12cef2e65b2307cc0N.exe
Size

2.9MB
MD5

2bb34224514769f12cef2e65b2307cc0
SHA1

7094d873d0d4f5432413a0dfd7300deb0e381a8e
SHA256

b6f0566ed0e0fc091ab2be447476ca6cdfe5cd4709feef8c18c9faaf40d81412
SHA512

0b11e94377cec65293b9c43f119b2168372752d68e5a7ddf1af18cfc1c1a130315b8c8794da02529fc98392247f926f444ae4e15d56e7a78c7e242a9a10cab4b
SSDEEP

24576:m9HkDEkEl+PELhkG4OqU6yLTAh34OOAt4slbxB34p4/fDATDz8zDzYWX423IQ2KF:8kDEl+UhMO0y+34LyVsTDgVItKcE8awy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bb34224514769f12cef2e65b2307cc0N.exe

Files

2bb34224514769f12cef2e65b2307cc0N.exe
.exe windows:5 windows x64 arch:x64

45d3f7ca18908d66f7833f13cb308b58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\cpuid\applications\cpu_z\cpu_z_en_vc2008\x64\Release\cpuz_x64.pdb

Imports

winmm

timeGetTime

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW

kernel32

GetFullPathNameW
SetErrorMode
GetSystemDirectoryW
GetStartupInfoW
HeapAlloc
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
ExitProcess
HeapSize
HeapQueryInformation
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
HeapSetInformation
HeapCreate
HeapDestroy
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
GetConsoleOutputCP
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
FlushFileBuffers
WritePrivateProfileStringW
lstrlenA
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
CreateProcessW
CreateProcessA
VerifyVersionInfoW
VerSetConditionMask
OutputDebugStringW
GetSystemDirectoryA
lstrcmpiA
lstrcmpW
GetCurrentThreadId
FreeResource
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
LocalAlloc
LocalFree
SetThreadAffinityMask
GetSystemInfo
GetProcessAffinityMask
SetProcessAffinityMask
ReadFile
CreateEventA
GetOverlappedResult
WriteConsoleA
SetFilePointer
GetModuleHandleA
FindResourceA
GetWindowsDirectoryA
RemoveDirectoryA
GetComputerNameA
CreateFileA
DeviceIoControl
GetCurrentDirectoryA
GetModuleFileNameA
CreateDirectoryA
CreateMutexA
SetLastError
GetLocalTime
ReleaseMutex
DeleteFileA
GetVersionExA
LoadLibraryA
SetCurrentDirectoryA
GetTempPathA
GetCurrentProcessId
GetProcessHeap
HeapFree
GlobalMemoryStatus
GetTempPathW
GetVersionExW
WinExec
lstrlenW
lstrcatW
lstrcpyW
WriteFile
GetCurrentProcess
CreateFileW
WriteConsoleW
ExitThread
Sleep
ResumeThread
SetThreadPriority
GetStdHandle
CreateThread
WideCharToMultiByte
LoadLibraryW
FreeLibrary
MultiByteToWideChar
GetLastError
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
WaitForSingleObject
CloseHandle
GlobalSize
GlobalReAlloc
GlobalAlloc
GlobalFree
SetCurrentDirectoryW
GetComputerNameW
GetCurrentDirectoryW
LockResource
SizeofResource
LoadResource
FindResourceW
FlsAlloc

user32

LoadCursorW
GetSysColorBrush
UnregisterClassW
DestroyMenu
PostQuitMessage
LoadIconW
SendDlgItemMessageA
WinHelpW
GetClassNameW
GetClassLongPtrW
GetForegroundWindow
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDesktopWindow
DestroyWindow
IsWindow
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
GetWindowTextW
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
EndPaint
BeginPaint
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetPropW
GetCapture
GetActiveWindow
SetActiveWindow
SetWindowPos
ShowWindow
GetPropW
RemovePropW
SystemParametersInfoA
GetFocus
SetFocus
GetWindowLongW
GetParent
GetDlgItem
IsWindowEnabled
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
wsprintfA
ModifyMenuW
WindowFromPoint
PostMessageW
ReleaseCapture
DrawEdge
DrawFocusRect
FrameRect
DrawFrameControl
InflateRect
FillRect
CopyRect
CheckMenuItem
EnableMenuItem
AppendMenuW
PtInRect
ClientToScreen
CreatePopupMenu
CreateCursor
SetWindowLongW
SetCursor
DestroyCursor
UpdateWindow
InvalidateRect
KillTimer
DestroyIcon
OffsetRect
GetSysColor
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
LoadImageW
MessageBoxW
wsprintfW
ReleaseDC
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClientRect
GetDC
GetWindowDC
EnableWindow
GetWindowRect
LoadBitmapW
SendMessageW
RegisterWindowMessageW
CreateDialogIndirectParamW

gdi32

CreatePen
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleDC
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetTextExtentPoint32W
SelectObject
CreateSolidBrush
SetPixel
GetCurrentObject
CreateFontIndirectW
GetPixel
CreateBitmap
CreateFontW
GetDIBits
RealizePalette
SelectPalette
GetObjectW
GetStockObject
CreatePalette
GetSystemPaletteEntries
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
DeleteObject

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueExA
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
FreeSid
RegOpenKeyExA
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
RegCloseKey
RegQueryValueW
RegOpenKeyExW
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor

shell32

SHGetFolderPathA
ShellExecuteW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysStringLen
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayGetVartype

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 978KB - Virtual size: 977KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45d3f7ca18908d66f7833f13cb308b58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 388KB - Virtual size: 388KB

.data Size: 141KB - Virtual size: 182KB

.pdata Size: 60KB - Virtual size: 60KB

.rsrc Size: 978KB - Virtual size: 977KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 388KB - Virtual size: 388KB

.data
Size: 141KB - Virtual size: 182KB

.pdata
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 978KB - Virtual size: 977KB