c33d145979886d6eb8552ce78baa72eae941de8075a1deaa6b3e7b8c24348549

Sharing

Copy URL Twitter E-mail

General

Target

c33d145979886d6eb8552ce78baa72eae941de8075a1deaa6b3e7b8c24348549
Size

1.3MB
MD5

68388166bf96eb457e6ceb9220acb6a5
SHA1

3a01229bf3d3e8863cb0c7f357300d9ad61b715a
SHA256

c33d145979886d6eb8552ce78baa72eae941de8075a1deaa6b3e7b8c24348549
SHA512

8d1f5a0a0ad27ac97661cfd97bd58455302a771bf55c2c27af8b2e0e9778e1ce2158690eaf7715f51e85c4c35e88eec1e1be17713880e6660792a8122a956b0f
SSDEEP

24576:csf0GaR1y5kRzAKcjY8poA6PYPwbXZq6C7Y/5kWrZVoe/1LH3bDn:crskRzA38isYPyXZU7Y1D1z3bD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c33d145979886d6eb8552ce78baa72eae941de8075a1deaa6b3e7b8c24348549

Files

c33d145979886d6eb8552ce78baa72eae941de8075a1deaa6b3e7b8c24348549
.exe windows:10 windows x64 arch:x64

1a740e3bcf1a45f07a6ae843af8719ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mblctr.pdb

Imports

gdi32

SetLayout
SetViewportOrgEx
SetBrushOrgEx
BitBlt
SetTextColor
GetBkColor
SelectClipRgn
GetDeviceCaps
GdiAlphaBlend
SetBkMode
Polygon
GetStockObject
GetObjectW
GetLayout
CreateRectRgn
GdiGradientFill
LineTo
MoveToEx
SetDCPenColor
SetBkColor
CreateDIBSection
GetTextMetricsW
CreateCompatibleDC
CreateFontIndirectW
DeleteDC
DeleteObject
GetTextExtentPoint32W
SelectObject

user32

SetWindowsHookExW
NotifyWinEvent
SendDlgItemMessageW
SetWindowPos
SetTimer
FillRect
IsWindowEnabled
DrawTextW
DrawFocusRect
OffsetRect
DrawIconEx
GetKeyState
GetDlgCtrlID
CallNextHookEx
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetTopWindow
GetDpiForWindow
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetDC
ReleaseDC
KillTimer
CallWindowProcW
SetDlgItemTextW
GetWindowTextW
EnableWindow
EnumChildWindows
SetWindowTextW
FrameRect
GetClassLongPtrW
DestroyWindow
QueryDisplayConfig
SetClassLongPtrW
PtInRect
ValidateRect
EndPaint
BeginPaint
SetRect
DrawEdge
GetWindowLongW
UnregisterClassA
CreateDialogParamW
UnregisterClassW
UnhookWindowsHookEx
GetActiveWindow
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
MoveWindow
GetWindowInfo
CopyRect
GetWindowRect
GetMonitorInfoW
MonitorFromRect
GetWindowPlacement
GetNextDlgTabItem
IsDialogMessageW
GetMessageW
LoadIconW
RegisterClassW
GetClassInfoW
ShowWindow
IsIconic
GetForegroundWindow
SetForegroundWindow
FindWindowW
DispatchMessageW
TranslateMessage
EnumDisplayDevicesW
PostQuitMessage
GetIconInfo
AllowSetForegroundWindow
LoadImageW
DestroyIcon
InvalidateRect
GetFocus
DefWindowProcW
GetWindowLongPtrW
MapWindowPoints
GetClientRect
CreateWindowExW
GetDisplayConfigBufferSizes
GetParent
SendMessageW
GetDlgItem
PostMessageW
ChangeDisplaySettingsExW
LoadStringW
EnumDisplaySettingsExW
GetSysColorBrush
GetSystemMetrics
GetSysColor
SystemParametersInfoW
LoadCursorW
SetWindowLongPtrW
InflateRect

msvcrt

memset
?terminate@@YAXXZ
realloc
_errno
_onexit
__dllonexit
memcpy
ceilf
wcscmp
__RTDynamicCast
__CxxFrameHandler3
_unlock
_lock
??1type_info@@UEAA@XZ
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
_callnewh
malloc
_purecall
wcstok
wcscspn
wcstol
_wcsicmp
free
memmove_s
memcpy_s
_vsnwprintf

batmeter

UnsubscribeBatteryUpdateNotification
UpdateBatteryDataAsync
QueryBatteryData
GetBatteryStatusText
BatMeterIconThemeReset
GetBatteryImmersiveIcon
CreateBatteryData
SubscribeBatteryUpdateNotification
CleanupBatteryData
SetBatteryLevel
BatMeterOnDeviceChange

shlwapi

PathFileExistsW
ord618
ord437
PathGetArgsW
ord219
PathRemoveBlanksW
StrTrimW

uxtheme

DrawThemeText
GetThemeTextExtent
GetThemeBackgroundContentRect
GetThemePartSize
BufferedPaintSetAlpha
EndBufferedPaint
DrawThemeTextEx
DrawThemeBackground
BufferedPaintUnInit
BufferedPaintInit
OpenThemeData
CloseThemeData
BeginBufferedPaint
GetThemeColor

oleaut32

SysAllocString
SysFreeString

api-ms-win-power-setting-l1-1-0

PowerSetActiveScheme
PowerReadDCValue
PowerSettingRegisterNotification
PowerSettingUnregisterNotification
PowerGetActiveScheme
PowerWriteACValueIndex
PowerWriteDCValueIndex

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalAlloc

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
TraceEvent
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeSecurity
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
CreateThread
CreateProcessW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
SizeofResource
LockResource
GetModuleFileNameW
LoadLibraryExA
LoadResource
FreeLibrary
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObject
CreateMutexW
CreateMutexExW
SetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ReleaseMutex

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

rpcrt4

UuidFromStringW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

powrprof

PowerApplySettingChanges
PowerDeterminePlatformRole
PowerReadFriendlyName
PowerSettingAccessCheck

comctl32

ord344
ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawIndirect
ImageList_Destroy
ord345

dwmapi

DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

gdiplus

GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreatePen1
GdipAlloc
GdipSetSmoothingMode
GdipDrawLine
GdipCreateSolidFill
GdipDeleteBrush
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipFillPath
GdipCreateLineBrush
GdipFillRectangle
GdipFree
GdiplusStartup
GdipDisposeImage
GdipDeletePen
GdiplusShutdown

kernel32

lstrcmpW
GlobalLock
GlobalUnlock
MulDiv
RegisterApplicationRestart

ntdll

EtwTraceMessage
NtPowerInformation

ole32

CoInitialize

shell32

ord100
SHGetKnownFolderIDList
ShellExecuteW
ord155
DuplicateIcon
ShellExecuteExW

winmm

waveOutGetNumDevs
PlaySoundW

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a740e3bcf1a45f07a6ae843af8719ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

user32

msvcrt

batmeter

shlwapi

uxtheme

oleaut32

api-ms-win-power-setting-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-power-base-l1-1-0

rpcrt4

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

powrprof

comctl32

dwmapi

gdiplus

kernel32

ntdll

ole32

shell32

winmm

wtsapi32

Sections

.text Size: 186KB - Virtual size: 185KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 554KB - Virtual size: 553KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 186KB - Virtual size: 185KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 554KB - Virtual size: 553KB

.reloc
Size: 568KB - Virtual size: 572KB