H2MLauncher[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

H2MLauncher.exe
Size

19.6MB
MD5

de148ba4e3c67336dbee582c1b68dd70
SHA1

a5e501224175765fcf1ba441b3512ebfc61589ec
SHA256

16504570dcda898c8aa2e01cde8f3f262a189b9b2c5594ef260c54786afc3cdb
SHA512

b1055a829119bc84b400fdc13b158115f93d2acee1b5bdd653ee867f51097326021b85cdad0e311e89125edc3dbd82cc066d08e6f7c3fc33c30b5ab511f5da83
SSDEEP

196608:PTAm7OuLEBGhmoQnH3omEWCMpowbfeqjIs5Mtry:PTNvEBGhmoQnDEWCLwjeMIs5M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
H2MLauncher.exe

Files

H2MLauncher.exe
.exe windows:6 windows x64 arch:x64

4835b918654d1be517f9a453d2c58d03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

h2m_launcher.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

ntdll

NtDeviceIoControlFile
NtQueryInformationProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError
NtCreateFile
RtlVirtualUnwind
NtCancelIoFileEx
RtlGetVersion
NtQuerySystemInformation
NtReadFile
NtWriteFile
RtlPcToFileHeader
RtlUnwindEx

user32

IsClipboardFormatAvailable
GetWindowRect
GetMenu
AdjustWindowRectEx
CloseTouchInputHandle
MonitorFromRect
ShowCursor
ClientToScreen
GetCursorPos
GetClipCursor
ClipCursor
IsWindowVisible
GetWindowLongPtrW
SystemParametersInfoA
CreateMenu
GetWindowLongW
IsProcessDPIAware
DestroyAcceleratorTable
EnableMenuItem
DispatchMessageA
EmptyClipboard
SetClipboardData
CreateAcceleratorTableW
ScreenToClient
MonitorFromWindow
EnumDisplayMonitors
GetKeyboardLayout
OpenClipboard
MonitorFromPoint
GetDC
CloseClipboard
IsIconic
SetMenu
DestroyIcon
GetTouchInputInfo
PostMessageW
GetMonitorInfoW
RegisterClipboardFormatW
TrackMouseEvent
SetWindowPos
SetWindowTextW
GetClientRect
GetWindowTextLengthW
SetCursor
RedrawWindow
MessageBoxW
DestroyWindow
EnumChildWindows
RegisterWindowMessageA
ValidateRect
RegisterClassExW
RegisterRawInputDevices
SetForegroundWindow
GetKeyboardState
SetWindowDisplayAffinity
GetAsyncKeyState
GetSystemMenu
SetWindowLongW
GetKeyState
MapVirtualKeyExW
VkKeyScanW
MsgWaitForMultipleObjectsEx
SetWindowLongPtrW
SetMenuItemInfoW
CreateIcon
RegisterHotKey
UnregisterHotKey
ToUnicodeEx
CheckMenuItem
SendMessageW
GetRawInputData
PostQuitMessage
SendInput
ShowWindow
AppendMenuW
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
SetCapture
LoadCursorW
GetForegroundWindow
GetMessageA
GetClipboardData
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
GetActiveWindow
SetCursorPos
InvalidateRgn
ReleaseCapture
DispatchMessageW
TranslateMessage
GetUpdateRect
PeekMessageW
PostThreadMessageW
GetWindowTextW

kernel32

GetProcAddress
WakeAllConditionVariable
GetLastError
SleepConditionVariableSRW
CreateEventW
WaitForSingleObject
GetSystemTimeAsFileTime
GetCurrentThreadId
FormatMessageW
VirtualQuery
ReleaseMutex
WideCharToMultiByte
WaitForSingleObjectEx
LoadLibraryA
lstrlenW
CreateMutexA
CloseHandle
LoadLibraryExW
AcquireSRWLockExclusive
FreeLibrary
InitializeSListHead
LoadLibraryExA
ReleaseSRWLockExclusive
GetCurrentProcess
GetModuleHandleA
GetNativeSystemInfo
IsDebuggerPresent
IsProcessorFeaturePresent
GetTempPathW
GetFullPathNameW
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
ExitProcess
SetEnvironmentVariableW
SetCurrentDirectoryW
CancelIo
CopyFileExW
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetUserDefaultLocaleName
SetFileTime
FindClose
SetUnhandledExceptionFilter
HeapReAlloc
GetSystemTimePreciseAsFileTime
GlobalLock
GlobalSize
GlobalUnlock
QueryPerformanceFrequency
GlobalAlloc
GetProcessId
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleW
GetCurrentThread
SleepEx
RaiseException
GlobalFree
MultiByteToWideChar
WriteFileEx
ReadProcessMemory
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
GetEnvironmentStringsW
GetCurrentDirectoryW
GetUserDefaultUILanguage
LCIDToLocaleName
SetLastError
LoadLibraryW
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
Sleep
SetFileCompletionNotificationModes
GetOverlappedResult
ReadFile
HeapAlloc
GetQueuedCompletionStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
SetHandleInformation
DuplicateHandle
GetProcessIoCounters
EncodePointer
GetSystemTimes
OpenProcess
HeapFree
GetProcessHeap
GetExitCodeProcess
GetConsoleMode
GetComputerNameExW
GetFileType
LocalFree
GetFileInformationByHandleEx
TlsFree
GetSystemInfo
GlobalMemoryStatusEx
K32GetPerformanceInfo
GetCurrentProcessId
VirtualQueryEx
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
GetEnvironmentVariableW
CreatePipe
GetFileInformationByHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
SetFileAttributesW
MoveFileExW
TlsSetValue
CreateFileW
GetProcessTimes
FindNextFileW

ole32

RevokeDragDrop
CreateStreamOnHGlobal
OleInitialize
CoTaskMemFree
CoIncrementMTAUsage
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
RegisterDragDrop

shell32

ShellExecuteW
CommandLineToArgvW
SHAppBarMessage
SHGetKnownFolderPath
DragFinish
DragQueryFileW
SHCreateItemFromParsingName

comctl32

TaskDialogIndirect
DefSubclassProc
RemoveWindowSubclass
SetWindowSubclass

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

pdh

PdhCollectQueryData
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery
PdhOpenQueryA

powrprof

CallNtPowerInformation

secur32

FreeCredentialsHandle
DeleteSecurityContext
AcquireCredentialsHandleA
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
ApplyControlToken
FreeContextBuffer
DecryptMessage
QueryContextAttributesW

oleaut32

SetErrorInfo
SysStringLen
GetErrorInfo
SysFreeString

advapi32

GetTokenInformation
CopySid
GetLengthSid
IsValidSid
SystemFunction036
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RevertToSelf
ImpersonateAnonymousToken
RegOpenKeyExW
OpenProcessToken
RegCloseKey
RegQueryValueExW

psapi

GetModuleInformation
EnumProcessModules
GetModuleFileNameExW

ws2_32

freeaddrinfo
getsockname
WSACleanup
WSAStartup
getaddrinfo
select
WSAGetLastError
WSADuplicateSocketW
WSAIoctl
setsockopt
WSASend
send
WSARecv
recv
shutdown
getsockopt
listen
ioctlsocket
connect
bind
WSASocketW
getpeername
accept
closesocket

crypt32

CertDuplicateCertificateContext
CertDuplicateStore
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

uxtheme

SetWindowTheme

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr
round
ceil
floor
trunc

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
calloc
malloc

api-ms-win-crt-string-l1-1-0

wcsncmp
_wcsicmp
strlen
wcslen
strcpy_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit
terminate
_set_app_type
_seh_filter_exe
abort
strerror
_initialize_onexit_table

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 579KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4835b918654d1be517f9a453d2c58d03

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ntdll

user32

kernel32

ole32

shell32

comctl32

gdi32

dwmapi

pdh

powrprof

secur32

oleaut32

advapi32

psapi

ws2_32

crypt32

api-ms-win-core-winrt-l1-1-0

uxtheme

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10.9MB - Virtual size: 10.9MB

.rdata Size: 7.9MB - Virtual size: 7.9MB

.data Size: 25KB - Virtual size: 36KB

.pdata Size: 579KB - Virtual size: 578KB

.rsrc Size: 92KB - Virtual size: 91KB

.reloc Size: 75KB - Virtual size: 74KB

.text
Size: 10.9MB - Virtual size: 10.9MB

.rdata
Size: 7.9MB - Virtual size: 7.9MB

.data
Size: 25KB - Virtual size: 36KB

.pdata
Size: 579KB - Virtual size: 578KB

.rsrc
Size: 92KB - Virtual size: 91KB

.reloc
Size: 75KB - Virtual size: 74KB