23e4d4b29793cf578ffa897fa8256e3e3ef0edaec1e90b91b05fd14e67fc217e

Sharing

Copy URL Twitter E-mail

General

Target

23e4d4b29793cf578ffa897fa8256e3e3ef0edaec1e90b91b05fd14e67fc217e
Size

1.7MB
MD5

e20750f48f291c33d7d601b079a41d94
SHA1

7bbd1d2e6581e6533ffe8592eb8101362edcfbf5
SHA256

23e4d4b29793cf578ffa897fa8256e3e3ef0edaec1e90b91b05fd14e67fc217e
SHA512

056516b322c35891664160ed9d386fb61826662854f1fca1ea4b3f7edaf6975be86e4159cb6c940a243144a2d5ee63a3bb7f6fe54e69d52416050859c899ad26
SSDEEP

12288:2GP9k/R47Haj+fZDmzz0llaYlerxZO2o1i+++n+6Pp+WJgvSom:LPy/Ra6j+BYzuayerLTo1X+sgQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23e4d4b29793cf578ffa897fa8256e3e3ef0edaec1e90b91b05fd14e67fc217e

Files

23e4d4b29793cf578ffa897fa8256e3e3ef0edaec1e90b91b05fd14e67fc217e
.exe windows:6 windows x86 arch:x86

72794aa07053f961c94ccf5c2dbdae15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Visual C++\Release\SpeedCommander\21.x\21.2\.vs\.out\x32#Release\Apps\SpeedView\SpeedView.pdb

Imports

mxbase

ord2761
ord2942
ord2941
ord3622
ord8246
ord7341
ord7402
ord2530
ord9876
ord5151
ord8673
ord5386
ord2746
ord3446
ord7158
ord2662
ord3191
ord7375
ord5424
ord9521
ord4764
ord3427
ord6976
ord4766
ord67
ord76
ord10891
ord2769
ord3954
ord3955
ord5044
ord10255
ord8849
ord4966
ord9831
ord9836
ord4971
ord9834
ord4970
ord2410
ord3633
ord8258
ord7216
ord7461
ord810
ord6731
ord7405
ord8402
ord4362
ord3164
ord3678
ord7417
ord8638
ord8273
ord7776
ord5960
ord355
ord2784
ord6234
ord8658
ord6989
ord3242
ord8692
ord1871
ord8403
ord4982
ord8406
ord3151
ord6139
ord48
ord2121
ord2250
ord7119
ord2217
ord1870
ord10266
ord4981
ord7806
ord2842
ord6334
ord7462
ord8407
ord8404
ord3165
ord3956
ord9837
ord9835
ord3152
ord2134
ord8522
ord2613
ord5139
ord5138
ord296
ord798
ord3321
ord5119
ord1894
ord2232
ord73
ord4939
ord290
ord3169
ord4494
ord9103
ord5430
ord4496
ord5917
ord272
ord10153
ord9923
ord2573
ord4577
ord5125
ord7358
ord3182
ord8030
ord8196
ord7397
ord9105
ord4534
ord8950
ord8195
ord6986
ord3582
ord2571
ord9483
ord2414
ord8831
ord9025
ord3741
ord7529
ord2488
ord9181
ord8646
ord784
ord3352
ord3316
ord10507
ord4368
ord4361
ord7783
ord7674
ord7909
ord8112
ord8113
ord7468
ord8370
ord7567
ord7404
ord6132
ord4774
ord2075
ord7188
ord3886
ord7206
ord8241
ord6061
ord601
ord6847
ord8205
ord8209
ord7536
ord7541
ord7538
ord7569
ord7572
ord7543
ord8104
ord7813
ord7274
ord7265
ord8372
ord8107
ord7331
ord8118
ord7623
ord7620
ord995
ord2480
ord5608
ord7412
ord8664
ord8640
ord6167
ord7673
ord4772
ord8758
ord6747
ord8743
ord4943
ord3171
ord5565
ord6490
ord8914
ord10465
ord1926
ord8523
ord2010
ord6464
ord9173
ord3361
ord7478
ord10550
ord6448
ord10548
ord8922
ord8923
ord2331
ord7661
ord4352
ord6872
ord9135
ord9163
ord7785
ord8746
ord6974
ord7027
ord376
ord2130
ord8704
ord46
ord5666
ord3685
ord3156
ord4419
ord4420
ord10504
ord9597
ord9292
ord4422
ord10281
ord6339
ord6342
ord10235
ord610
ord7185
ord3092
ord3090
ord3134
ord731
ord156
ord9263
ord766
ord3717
ord3718
ord6964
ord7202
ord9433
ord9272
ord246
ord2368
ord142
ord482
ord5517
ord3259
ord2370
ord3835
ord1455
ord2107
ord2243
ord4557
ord5677
ord10560
ord8812
ord2589
ord2740
ord8485
ord687
ord61
ord691
ord5774
ord5064
ord6822
ord2310
ord1360
ord77
ord2266
ord1076
ord690
ord5710
ord3367
ord2309
ord11218
ord1357
ord68
ord66
ord71
ord2895
ord2894
ord2781
ord2780
ord5459
ord2171
ord2172
ord739
ord3320
ord5032
ord5153
ord9879
ord2865
ord2863
ord7678
ord6732
ord2531
ord1000
ord9129
ord7698
ord7700
ord7699
ord7697
ord7701
ord4619
ord8360
ord8361
ord7385
ord8641
ord3155
ord8475
ord10557
ord7291
ord8699
ord5767
ord8044
ord7422
ord2831
ord9973
ord11224
ord11222
ord10879
ord10882
ord10887
ord10885
ord10889
ord11152
ord11173
ord11156
ord11162
ord11160
ord11158
ord11176
ord11171
ord11154
ord11178
ord11166
ord11146
ord11149
ord11168
ord5411
ord3648
ord4792
ord7555
ord3632
ord2698
ord10549
ord6449
ord10551
ord5609
ord8355
ord9832
ord4967
ord2481
ord8665
ord3243
ord2912
ord2913
ord2817
ord8683
ord4214
ord4529
ord4769
ord7459
ord4506
ord4216
ord4400
ord4204
ord6253
ord6254
ord6249
ord4398
ord6752
ord7401
ord5374
ord5377
ord3199
ord5440
ord7023
ord3834
ord3821
ord3822
ord6949
ord9159
ord7175
ord7174
ord10414
ord10420
ord7126
ord3725
ord9093
ord6515
ord2666
ord2659
ord1459
ord1458
ord1454
ord1071
ord1067
ord686
ord49
ord55
ord52
ord54
ord42
ord58
ord9359
ord8939
ord6688
ord5756
ord4894
ord4091
ord4010
ord3551
ord2307
ord1351
ord1321
ord3833
ord1064
ord1062
ord685
ord34
ord28
ord22
ord38
ord5755
ord4893
ord3550
ord2305
ord1349
ord2249
ord6184
ord2245

mxcommon

ord2755
ord4188
ord2753
ord362
ord317
ord308
ord2721
ord135
ord4138
ord2241
ord83
ord1117
ord3203
ord3384
ord2842
ord2212
ord71
ord4041
ord4489
ord1109
ord4207
ord3724
ord2933
ord985
ord3718
ord191
ord404
ord2071
ord1710
ord1711
ord3960
ord2975
ord3702
ord2951
ord160
ord2182
ord2424
ord2253
ord381
ord104
ord337
ord3536
ord3331
ord2685
ord2683
ord2709
ord4369
ord2941
ord2930
ord3969
ord3937
ord1550
ord3941
ord233
ord429
ord4488
ord3632
ord231
ord427
ord2379
ord2408
ord1312
ord2418
ord3698
ord800
ord801
ord2513
ord714
ord2269
ord2687
ord94
ord327
ord3658
ord1113
ord1112
ord1189
ord2710
ord4531
ord3735
ord1983
ord4637
ord1988
ord4638
ord1981
ord4636
ord1163
ord4532

mxtoolkit

ord11074
ord10421
ord11910
ord11147
ord2881
ord5333
ord4986
ord7310
ord9850
ord2908
ord7749
ord7734
ord3454
ord11097
ord10980
ord5788
ord7741
ord86
ord1046
ord3838
ord9061
ord9403
ord9678
ord8808
ord9676
ord9078
ord9077
ord9416
ord7697
ord9710
ord8254
ord9540
ord10533
ord8237
ord5432
ord7639
ord7702
ord5542
ord8252
ord7699
ord9095

kernel32

LocalFree
GetModuleHandleW
GetTickCount64
GetSystemTimeAsFileTime
DeviceIoControl
SetLastError
GetLastError
CloseHandle
SetFileAttributesW
FormatMessageW
CreateDirectoryW
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
lstrlenW
GetComputerNameA
MultiByteToWideChar
GetACP
GetLocaleInfoW
WaitForSingleObject
ResumeThread
GetExitCodeThread
MulDiv
WideCharToMultiByte
GetGeoInfoW
EnumSystemGeoID
GetUserGeoID
GetUserDefaultLangID
GetSystemDirectoryW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GlobalDeleteAtom
GlobalGetAtomNameW
GlobalAddAtomW
GetCurrentThreadId
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
FindClose
FindFirstFileW
Sleep
OutputDebugStringW
FlushFileBuffers
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileW
LoadLibraryExA
RaiseException
GetStringTypeW
EncodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
SetFilePointerEx
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery
TerminateProcess

user32

SendMessageW
DispatchMessageW
GetDlgItem
EnableWindow
GetKeyboardLayout
PostMessageW
PeekMessageW
TranslateMessage
CharUpperW
RegisterWindowMessageW
SendMessageTimeoutW
GetParent
LoadIconW
UpdateWindow
DeleteMenu
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
IsWindowVisible
GetClassInfoW
DefWindowProcW
LoadCursorW
InflateRect
FrameRect
SetCursor
GetClientRect
IsWindowEnabled
KillTimer
SetTimer
MsgWaitForMultipleObjects
GetKeyState

gdi32

SelectObject
GetStockObject
CreatePatternBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBrushOrgEx

advapi32

RevertToSelf
IsValidSecurityDescriptor
ImpersonateSelf
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSid
InitializeSid
InitializeSecurityDescriptor
InitializeAcl
GetSidSubAuthority
GetSidLengthRequired
GetLengthSid
CopySid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW

shell32

ShellExecuteExW
ord155
DragAcceptFiles

shlwapi

PathIsURLW
PathAppendW
PathRemoveFileSpecW
ord176
PathIsUNCW

ole32

OleRun
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize

gdiplus

GdipAlloc
GdipDrawImageRectI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipFree
GdipCreateBitmapFromHBITMAP

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sstb
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72794aa07053f961c94ccf5c2dbdae15

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mxbase

mxcommon

mxtoolkit

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

gdiplus

Sections

.text Size: 253KB - Virtual size: 252KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 19KB - Virtual size: 25KB

.rsrc Size: 331KB - Virtual size: 331KB

.reloc Size: 17KB - Virtual size: 17KB

.sstb Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 253KB - Virtual size: 252KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 19KB - Virtual size: 25KB

.rsrc
Size: 331KB - Virtual size: 331KB

.reloc
Size: 17KB - Virtual size: 17KB

.sstb
Size: 1.0MB - Virtual size: 1.0MB