341c735931fd3ac9dec52447c0bda5595203e0f7fa272625e6ea5794ef4db5b0

Sharing

Copy URL Twitter E-mail

General

Target

341c735931fd3ac9dec52447c0bda5595203e0f7fa272625e6ea5794ef4db5b0
Size

2.1MB
MD5

84e6c8963f7e64f7e27e41556f36ca97
SHA1

506906f63f74322c2b6651245f86e6961136496a
SHA256

341c735931fd3ac9dec52447c0bda5595203e0f7fa272625e6ea5794ef4db5b0
SHA512

5929a833fa54586a1ecc9a82857798ba9c6cdefae05344af0702086935bc98235810aa733db18a42496225d9f3aca10b4b7219be963eea6db579f5477547444e
SSDEEP

24576:OwO9n1AtOxnGzAsnnaxCY9kHJRwfeO/QR0yJTZ8ZbRX:a9dxGzDaxCY9kHJRvO/QRrAZp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
341c735931fd3ac9dec52447c0bda5595203e0f7fa272625e6ea5794ef4db5b0

Files

341c735931fd3ac9dec52447c0bda5595203e0f7fa272625e6ea5794ef4db5b0
.exe windows:6 windows x86 arch:x86

fbd9577ba8e70354bc482144da86354a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Visual C++\Release\SpeedCommander\20.x\20.5\[OutDir]\x32#Release\SpeedCommander\FileSync\FileSync.pdb

Imports

mxbase

ord2119
ord5545
ord6466
ord8878
ord10429
ord8491
ord8492
ord1995
ord6441
ord9137
ord3343
ord7449
ord10514
ord6425
ord10512
ord8886
ord8887
ord2316
ord4332
ord6845
ord9099
ord9127
ord7756
ord8715
ord6943
ord6996
ord50
ord2106
ord2235
ord7088
ord7157
ord9617
ord7258
ord2202
ord951
ord783
ord2754
ord3936
ord3937
ord5024
ord8818
ord1855
ord4946
ord9795
ord9800
ord4951
ord9798
ord4950
ord2394
ord3617
ord4961
ord7185
ord7432
ord6706
ord8376
ord8373
ord4342
ord3146
ord3662
ord7388
ord8607
ord8244
ord7747
ord7777
ord987
ord5502
ord2783
ord2882
ord917
ord2216
ord851
ord1879
ord8936
ord2217
ord994
ord1342
ord2519
ord2060
ord3863
ord3870
ord1898
ord3667
ord605
ord1895
ord10234
ord10172
ord9625
ord10102
ord8841
ord623
ord3053
ord11192
ord10317
ord6146
ord8673
ord3710
ord3861
ord6978
ord298
ord797
ord3704
ord573
ord970
ord3493
ord6664
ord71
ord72
ord1344
ord6665
ord9002
ord4923
ord6808
ord6835
ord3669
ord1067
ord2115
ord58
ord5363
ord4964
ord66
ord3536
ord11183
ord4192
ord6807
ord2400
ord3627
ord4489
ord6643
ord6318
ord7446
ord7261
ord9260
ord5528
ord2794
ord3435
ord7352
ord6038
ord594
ord6822
ord8176
ord8180
ord7507
ord7512
ord7509
ord7540
ord7543
ord7514
ord8075
ord7784
ord7245
ord7236
ord8343
ord8078
ord7302
ord8089
ord7594
ord7591
ord2464
ord5588
ord7383
ord8633
ord7426
ord7480
ord7634
ord7635
ord6144
ord6632
ord2266
ord4713
ord4745
ord369
ord2775
ord1888
ord1341
ord3668
ord70
ord8986
ord48
ord5644
ord3350
ord1883
ord6693
ord6867
ord2506
ord6740
ord8805
ord6644
ord6892
ord4876
ord4517
ord9607
ord7043
ord7044
ord7053
ord7058
ord2642
ord7094
ord2512
ord10372
ord5643
ord4506
ord7121
ord7097
ord8712
ord6722
ord8727
ord4752
ord7644
ord7129
ord3434
ord2359
ord3217
ord5454
ord68
ord5466
ord10855
ord7049
ord74
ord64
ord65
ord4746
ord6945
ord3410
ord4744
ord9485
ord5404
ord7346
ord3173
ord2646
ord7127
ord3429
ord2731
ord5366
ord8642
ord5131
ord9840
ord2514
ord7373
ord7312
ord8217
ord3606
ord2923
ord2924
ord2746
ord5391
ord3566
ord3138
ord4399
ord4400
ord10468
ord9561
ord9256
ord4402
ord10245
ord6316
ord6319
ord10199
ord603
ord7154
ord3074
ord3072
ord3116
ord724
ord154
ord9227
ord758
ord3701
ord3702
ord6933
ord7171
ord9397
ord9236
ord241
ord2353
ord140
ord474
ord5497
ord3241
ord2355
ord3819
ord1441
ord2092
ord2251
ord2228
ord4537
ord5655
ord10524
ord8781
ord2573
ord2725
ord8457
ord682
ord63
ord684
ord5751
ord5044
ord6797
ord2295
ord1346
ord75
ord1066
ord683
ord5688
ord3349
ord2294
ord11182
ord1343
ord69
ord2877
ord2876
ord2766
ord2765
ord2230
ord5439
ord2156
ord2157
ord731
ord3302
ord5012
ord5133
ord9843
ord2847
ord2845
ord7649
ord6707
ord2515
ord992
ord9093
ord7669
ord7671
ord7670
ord7668
ord7672
ord4599
ord8331
ord8332
ord7356
ord8610
ord3137
ord8446
ord10521
ord7262
ord8668
ord5744
ord8015
ord7393
ord2816
ord9937
ord11188
ord11186
ord10843
ord10846
ord10851
ord10849
ord10853
ord11116
ord11137
ord11120
ord11126
ord11124
ord11122
ord3153
ord11140
ord11135
ord11118
ord11142
ord11130
ord11110
ord11113
ord11132
ord3632
ord4772
ord7526
ord3616
ord2682
ord10513
ord6426
ord10515
ord5589
ord8326
ord9796
ord4947
ord2465
ord8634
ord3225
ord2894
ord2895
ord2802
ord8652
ord4194
ord4509
ord4749
ord7430
ord4486
ord4196
ord4380
ord4184
ord6230
ord6231
ord6226
ord4378
ord6727
ord7372
ord5354
ord5357
ord3181
ord5420
ord6992
ord3818
ord3805
ord3806
ord6918
ord9123
ord7144
ord7143
ord10378
ord10384
ord7095
ord3709
ord9057
ord6491
ord2650
ord2643
ord1445
ord1444
ord1440
ord1063
ord1059
ord681
ord51
ord57
ord54
ord56
ord44
ord60
ord9323
ord8903
ord6663
ord5733
ord4874
ord4073
ord3992
ord3535
ord2292
ord1337
ord1307
ord3817
ord1056
ord1054
ord680
ord36
ord30
ord24
ord40
ord5732
ord4873
ord3534
ord2290
ord1335
ord2234
ord6793

mxcommon

ord68
ord4418
ord74
ord2574
ord4343
ord4438
ord4375
ord4547
ord699
ord1125
ord4525
ord1349
ord89
ord319
ord3018
ord3040
ord2978
ord4463
ord2976
ord300
ord357
ord312
ord303
ord2944
ord67
ord2637
ord4273
ord134
ord4405
ord2394
ord82
ord1177
ord3427
ord3592
ord3066
ord2365
ord70
ord4289
ord4817
ord1169
ord4491
ord3945
ord3158
ord1037
ord3939
ord190
ord399
ord2211
ord1815
ord130
ord2121
ord353
ord2084
ord227
ord421
ord2556
ord2589
ord1379
ord2598
ord3919
ord793
ord794
ord2422
ord351
ord2892
ord2630
ord4889
ord3006
ord93
ord322
ord711
ord3860
ord1173
ord1172
ord310
ord80
ord2979
ord1724
ord919
ord124
ord125
ord2530
ord930
ord2050
ord2051
ord1837
ord4453
ord2052
ord1149
ord4448
ord4228
ord1831
ord1863
ord2188
ord1820
ord3940
ord3564
ord3950
ord2669
ord2668
ord2667
ord2666
ord1136
ord4743
ord4745
ord2654
ord2653
ord1139
ord4437
ord4436
ord1859
ord1860
ord4447
ord1862
ord4452
ord1846
ord4443
ord4440
ord4286
ord1555
ord2438
ord2437
ord4646
ord4645
ord1852
ord4444
ord1420
ord1421
ord2659
ord2658
ord4073
ord4049
ord4735
ord745
ord4080
ord1843
ord1845
ord1764
ord1039
ord1057
ord2642
ord3850
ord3871
ord3877
ord3870
ord3866
ord3868
ord3872
ord3876
ord3874
ord4215
ord4223
ord4747
ord2505
ord4028
ord4736
ord4740
ord4738
ord4818
ord2215
ord3236
ord3673
ord3378
ord1243
ord2761
ord3567
ord3571
ord2968
ord1143
ord2401
ord2114
ord2279
ord2282
ord4608
ord1247
ord2917
ord4882
ord4883
ord1223
ord5010
ord2115
ord5012
ord2122
ord5011
ord2117
ord3956
ord1816
ord4387
ord4630
ord4632
ord301
ord306
ord358
ord2579
ord4184
ord3198
ord3922
ord3175
ord3517
ord132
ord2333
ord2392
ord355
ord368
ord331
ord330
ord329
ord96
ord325
ord95
ord324
ord899
ord3738
ord3549
ord2890
ord2888
ord2915
ord4696
ord4193
ord3429
ord4161
ord1640
ord4165
ord86
ord725
ord4341
ord316
ord1179
ord1974
ord4192
ord3221
ord101
ord2284
ord149
ord3474
ord3188
ord3927
ord4225
ord1739
ord4259
ord1589
ord2444
ord1780
ord4016
ord2283
ord1856
ord1834
ord1341
ord2971
ord2947
ord3936
ord1035
ord2395
ord135
ord3181
ord2149
ord748
ord4367
ord4492
ord2184
ord3949
ord2543
ord2383
ord102
ord3926
ord3948
ord3599
ord3133
ord2381
ord3442
ord1171
ord1192
ord1381
ord757
ord2328
ord100

mxtoolkit

ord5230
ord10887
ord11023
ord10392
ord5411
ord2625
ord8467
ord8497
ord2614
ord7325
ord86
ord934
ord3526
ord8621
ord8951
ord9216
ord8384
ord9214
ord8638
ord8637
ord8962
ord8655
ord7282
ord7834
ord5165
ord7224
ord5055
ord7819
ord10040
ord9084
ord7836
ord9247
ord9386
ord7280
ord10108
ord11377
ord10702
ord10704
ord4446
ord9930
ord2634
ord2619
ord10602
ord3146
ord7318
ord10487
ord2615
ord2611
ord4419
ord2584
ord10652
ord11392
ord9929
ord10579
ord1133
ord378
ord7333

kernel32

CopyFileExW
FindFirstFileExW
FindNextFileW
InitializeCriticalSection
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
UnhandledExceptionFilter
LeaveCriticalSection
TerminateProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EnterCriticalSection
LocalAlloc
GetCurrentThread
GetPrivateProfileIntW
GetProcessId
GetCurrentProcessId
GetCurrentProcess
CallNamedPipeW
DisconnectNamedPipe
GetFileAttributesW
GetDiskFreeSpaceExW
FlushFileBuffers
GetEnvironmentVariableW
OutputDebugStringW
Sleep
lstrlenA
FindFirstFileW
FindClose
CompareFileTime
lstrcmpW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetLocalTime
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
LoadLibraryW
GetProcAddress
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentThreadId
GetUserDefaultLangID
GetUserGeoID
EnumSystemGeoID
GetGeoInfoW
WideCharToMultiByte
MulDiv
ResumeThread
GetExitCodeThread
WaitForSingleObject
MultiByteToWideChar
GetComputerNameA
lstrlenW
FormatMessageW
LocalFree
GetModuleHandleW
GetTickCount64
GetSystemTimeAsFileTime
DeviceIoControl
SetLastError
GetLastError
CloseHandle
SetFileAttributesW
CreateFileW
SetUnhandledExceptionFilter
LoadLibraryExA
RaiseException
GetStringTypeW
TryAcquireSRWLockExclusive
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
EncodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
GetNativeSystemInfo
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
SetFilePointerEx
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery
CreateDirectoryW

user32

GetSysColor
LoadCursorW
InflateRect
FrameRect
SetCursor
GetClientRect
IsWindowEnabled
KillTimer
SetTimer
MsgWaitForMultipleObjects
GetKeyState
CharUpperW
GetDlgItem
PostMessageW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
EnableWindow
CreateMenu
SendMessageTimeoutW
DefWindowProcW
AppendMenuW
GetClassInfoW
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
LoadIconW
RegisterWindowMessageW
GetParent
GetFocus
GetWindow
DrawTextW
RedrawWindow
DrawFocusRect
IsRectEmpty
GetAsyncKeyState
GetForegroundWindow
GetWindowLongW
SetWindowLongW
GetWindowThreadProcessId
SetWindowTextW
IsWindowVisible
FindWindowExW
EnumWindows
RegisterClassW
CreateWindowExW
DestroyWindow
CharUpperA
CharToOemBuffA
OemToCharBuffA
CharLowerA
UpdateWindow

gdi32

CreateSolidBrush
SetTextColor
SetBkMode
SetBkColor
GetObjectW
GetTextExtentPoint32W
SetBrushOrgEx
SelectObject
GetStockObject
CreatePatternBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

advapi32

SetFileSecurityW
RegGetValueW
LookupPrivilegeValueW
MapGenericMask
GetTokenInformation
GetFileSecurityW
DuplicateToken
AdjustTokenPrivileges
RevertToSelf
IsValidSecurityDescriptor
ImpersonateSelf
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSid
InitializeSid
InitializeSecurityDescriptor
InitializeAcl
GetSidSubAuthority
GetSidLengthRequired
GetLengthSid
CopySid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW

shell32

ShellExecuteExW
ord155
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderPathW

shlwapi

PathFindFileNameW
ord176
PathAppendW
PathIsUNCW
PathIsURLW
SHCreateStreamOnFileW
PathFindExtensionW
PathIsRelativeW
PathRemoveFileSpecW

uxtheme

IsAppThemed
SetWindowTheme

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
CoInitialize
OleRun
CoCreateInstance

gdiplus

GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipFree
GdipAlloc
GdipSetSmoothingMode
GdipDrawImageRectI
GdipCloneImage

Sections

.text
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sstb
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fbd9577ba8e70354bc482144da86354a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mxbase

mxcommon

mxtoolkit

kernel32

user32

gdi32

advapi32

shell32

shlwapi

uxtheme

ole32

gdiplus

Sections

.text Size: 484KB - Virtual size: 484KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 21KB - Virtual size: 108KB

.rsrc Size: 441KB - Virtual size: 440KB

.reloc Size: 29KB - Virtual size: 29KB

.sstb Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 484KB - Virtual size: 484KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 21KB - Virtual size: 108KB

.rsrc
Size: 441KB - Virtual size: 440KB

.reloc
Size: 29KB - Virtual size: 29KB

.sstb
Size: 1.0MB - Virtual size: 1.0MB