0988fa99de86858fd2fe975573b3665c60373514481183ab31ce455d33f46837

Sharing

Copy URL Twitter E-mail

General

Target

0988fa99de86858fd2fe975573b3665c60373514481183ab31ce455d33f46837
Size

606KB
MD5

6f9ad4749fe943bbe78f430e2c815e90
SHA1

33f36363e95d209ee6bb30e72508bca1db40c07e
SHA256

0988fa99de86858fd2fe975573b3665c60373514481183ab31ce455d33f46837
SHA512

9634e480959a76d6fe3e4cee2702736513af9273cf2e3f38b8b41c06b2e760b7ea14dd0d79b845f732352a56e250cc13e25c25b6a8c18af99f08b74331e35993
SSDEEP

12288:Dpp413GuhBKK5z96qG+T5Eoq42VejyixCJr:9p413GuhBKK5z96qG+T5Eoqd+3xC9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0988fa99de86858fd2fe975573b3665c60373514481183ab31ce455d33f46837

Files

0988fa99de86858fd2fe975573b3665c60373514481183ab31ce455d33f46837
.exe windows:6 windows x64 arch:x64

04b9942ace0b2af57365094c602499b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Work\v33\Launcher\x64\Release\Media Core Launcher.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
MultiByteToWideChar
GetDriveTypeW
GetLongPathNameW
GetFileAttributesW
CloseHandle
GetModuleFileNameW
CreateFileW
GetCurrentProcess
GetStdHandle
WaitForMultipleObjects
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Process32First
Process32Next
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentThreadId
GetThreadPriority
WideCharToMultiByte
WriteFile
FlushFileBuffers
FindClose
FindNextFileW
CreateEventW
TerminateThread
SetEvent
ResetEvent
WaitForSingleObject
SetThreadPriority
ResumeThread
RaiseException
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
FreeLibrary
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetCPInfo
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetFullPathNameW
GetCurrentDirectoryW
CreateDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
VirtualProtect
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
IsValidCodePage
GetACP
GetOEMCP
HeapReAlloc
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetFileSizeEx
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
GetThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
SetErrorMode
GetModuleHandleW
GetCommandLineW
GetProcAddress
GetLastError
LoadLibraryExW
RtlCaptureContext
VirtualQuery
LoadLibraryExA
CopyFileW
Sleep
HeapQueryInformation

user32

GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
SetTimer
KillTimer
FindWindowW
EnumWindows
EnumChildWindows
PeekMessageW
FindWindowExW
GetClassNameW
GetWindow
WindowFromPoint
GetWindowTextLengthW
GetWindowTextW
GetCursorPos
GetDoubleClickTime
GetKeyState
SetParent
EnableWindow
IsIconic
IsZoomed
DestroyWindow
IsWindow
MsgWaitForMultipleObjects
GetWindowThreadProcessId
MessageBoxW
LockSetForegroundWindow
UnregisterClassW
GetLastActivePopup
SetWindowRgn
ChangeDisplaySettingsExW
PostMessageW
SendMessageW
ShowWindow
EnumDisplayDevicesW
GetParent
EnumDisplaySettingsW
UpdateWindow
InvalidateRect
RedrawWindow
ClientToScreen
GetClientRect
GetWindowRect
SetWindowLongW
GetWindowLongW
SetWindowPos
SetWindowTextW
IsWindowEnabled

advapi32

RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW

oleaut32

SysFreeString
SysAllocString

gdi32

CreateRectRgn

ole32

OleUninitialize
CoUninitialize
OleInitialize
CoInitialize
CoTaskMemFree

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04b9942ace0b2af57365094c602499b0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleaut32

gdi32

ole32

Sections

.text Size: 392KB - Virtual size: 392KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 9KB - Virtual size: 16KB

.pdata Size: 18KB - Virtual size: 17KB

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 392KB - Virtual size: 392KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 18KB - Virtual size: 17KB

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 6KB - Virtual size: 5KB