6f3a8171d2b6c7ed6fee84c8d050f06dacd81e61c07214d16e2c3aa9aa7a2e4c

Sharing

Copy URL

Twitter E-mail

General

Target

6f3a8171d2b6c7ed6fee84c8d050f06dacd81e61c07214d16e2c3aa9aa7a2e4c
Size

1.5MB
MD5

40a6a7e6f6593a6a52899e037048d53b
SHA1

5375b0660ffa3dc849312fa3777ae904426fdefb
SHA256

6f3a8171d2b6c7ed6fee84c8d050f06dacd81e61c07214d16e2c3aa9aa7a2e4c
SHA512

7447e7fab37ce5b82c29c916f81f89529505a8548145e6fb35af406f0b1f42eda076dfcd06e726b0c7088f5f0c3609238c9fcb3049ed4aaff55e1b92c78bc09c
SSDEEP

49152:F3QbF9K56dpbsooooELwPVlEmIgEpe4X3:ubC56dlCVlEm7K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f3a8171d2b6c7ed6fee84c8d050f06dacd81e61c07214d16e2c3aa9aa7a2e4c

Files

6f3a8171d2b6c7ed6fee84c8d050f06dacd81e61c07214d16e2c3aa9aa7a2e4c
.exe windows:6 windows x86 arch:x86

b66d5b607ff2bcd8442f5a5ad0bc09ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb

Imports

shell32

SHGetFolderPathW

ntdll

VerSetConditionMask
RtlNtStatusToDosError
RtlCaptureContext
RtlUnwind

kernel32

LeaveCriticalSection
DeleteFileW
GetFileInformationByHandle
GetFullPathNameW
OutputDebugStringA
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
TlsAlloc
TlsGetValue
TlsSetValue
FreeLibrary
CreateEventW
WaitForMultipleObjects
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
GetSystemInfo
GetVersionExW
QueryPerformanceFrequency
QueryPerformanceCounter
ExpandEnvironmentStringsW
GetModuleFileNameW
GetFileAttributesW
LoadLibraryExW
GetSystemDirectoryW
DeviceIoControl
VirtualAlloc
VirtualFree
VirtualProtect
HeapDestroy
HeapReAlloc
GlobalMemoryStatusEx
TerminateThread
GetExitCodeThread
TlsFree
SetFilePointer
SetFileAttributesW
FlushFileBuffers
SetEndOfFile
MoveFileExW
GetWindowsDirectoryW
LockFileEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DuplicateHandle
GetFileAttributesExW
FindFirstFileW
FindClose
SetFileTime
CreateDirectoryW
RemoveDirectoryW
FindFirstFileExW
FindNextFileW
QueryDosDeviceW
GetFinalPathNameByHandleW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetEnvironmentVariableW
SetFilePointerEx
UnlockFileEx
GetFileSizeEx
CopyFileW
SetFileInformationByHandle
GetDiskFreeSpaceExW
FindResourceW
LoadResource
LockResource
SizeofResource
K32GetMappedFileNameW
FindFirstVolumeW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
VirtualQuery
GetSystemTimes
GetTickCount64
RaiseException
GetConsoleMode
GetConsoleOutputCP
GetFileType
GetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
InterlockedPushEntrySList
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
EnterCriticalSection
LocalAlloc
SetLastError
K32GetProcessMemoryInfo
GetProcessTimes
GetPriorityClass
VerifyVersionInfoW
GetExitCodeProcess
ReadFile
WriteConsoleW
WriteFile
CreateProcessW
CreateFileW
K32GetProcessImageFileNameW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
CompareStringW
WaitForSingleObject
Sleep
GetLastError
LocalFree
GetUserDefaultUILanguage
GetCommandLineW
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSectionEx
CloseHandle
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
FindResourceExW
HeapSize
GetVersion
InitializeCriticalSectionAndSpinCount
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
TerminateProcess
LoadLibraryExA
HeapSetInformation
IsProcessorFeaturePresent
ExitProcess
lstrcpyW
SetDllDirectoryW
GlobalFree
GetTimeZoneInformation
GetPrivateProfileStringA
GetStringTypeW
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

PostMessageW
CharLowerW
SetWindowLongW
GetWindowLongW
DefWindowProcW
SystemParametersInfoW
LoadImageW
CreateWindowExW
SendMessageW
SetWindowPos
SetFocus
DestroyWindow
PostQuitMessage
DestroyIcon
GetDC
ReleaseDC
IsDialogMessageW
TranslateMessage
DispatchMessageW
LoadIconW
EndPaint
BeginPaint
InvalidateRect
UpdateWindow
RegisterWindowMessageW
KillTimer
DrawTextW
MoveWindow
SetTimer
IsWindow
ShowWindow
SetWindowTextW
UnregisterClassW
GetSystemMetrics
MessageBoxW
GetMessageW
LoadCursorW
GetClassInfoExW
RegisterClassExW

advapi32

LookupPrivilegeValueW
RegDeleteKeyExW
RegEnumKeyW
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateTokenEx
CreateProcessAsUserW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LookupAccountSidW
TreeResetNamedSecurityInfoW
AddAce
InitializeAcl
CopySid
GetLengthSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AdjustTokenPrivileges

comctl32

ord17

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipLoadImageFromStream
GdipGetPropertyItemSize
GdipDeleteGraphics
GdipImageGetFrameCount
GdipCreateFromHDC
GdipImageSelectActiveFrame
GdipFree
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipGetPropertyItem
GdipCloneImage
GdipImageGetFrameDimensionsCount
GdiplusShutdown
GdiplusStartup
GdipImageGetFrameDimensionsList

shlwapi

PathMatchSpecW

gdi32

DeleteDC
CreateCompatibleDC
SetBkMode
GetTextExtentPoint32W
SelectObject
DeleteObject
CreateCompatibleBitmap
BitBlt
SetTextColor
CreateFontIndirectW

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b66d5b607ff2bcd8442f5a5ad0bc09ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

ntdll

kernel32

user32

advapi32

comctl32

gdiplus

shlwapi

gdi32

ole32

crypt32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 335KB - Virtual size: 335KB

.data Size: 42KB - Virtual size: 51KB

.didat Size: 512B - Virtual size: 84B

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 52KB - Virtual size: 51KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 335KB - Virtual size: 335KB

.data
Size: 42KB - Virtual size: 51KB

.didat
Size: 512B - Virtual size: 84B

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 52KB - Virtual size: 51KB