eb444fe311d2fb5de69be5782d4efccca1b024e95e7d7f83527b32d2f3ad1dd0

Sharing

Copy URL

Twitter E-mail

General

Target

eb444fe311d2fb5de69be5782d4efccca1b024e95e7d7f83527b32d2f3ad1dd0
Size

1.6MB
MD5

b5bd0b2df70aedb8b6039ebcf013d353
SHA1

31406aaa593680f28639101a3fa95f037b7dc02a
SHA256

eb444fe311d2fb5de69be5782d4efccca1b024e95e7d7f83527b32d2f3ad1dd0
SHA512

faae3d863d07c61be75cdfec30acf98a4db34e763b6260ac7fcfcfb0b3311ebb578e81c09353230de21633362a03cd0fa6a1903103c918ded2ec7163a91e1bc7
SSDEEP

49152:CSQCiCvLgOEgggei4NyuNWU3CHxTUX7mX3:pbiYLgdg6KuNWU3T7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb444fe311d2fb5de69be5782d4efccca1b024e95e7d7f83527b32d2f3ad1dd0

Files

eb444fe311d2fb5de69be5782d4efccca1b024e95e7d7f83527b32d2f3ad1dd0
.exe windows:6 windows x86 arch:x86

81ad3c28b829fd572fa410d5da3ae805

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Program Files (x86)\Jenkins\workspace\GIAcceler_Create_Channel\Installer\Release\Installer.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

ws2_32

htonl
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAStartup
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
ntohl
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
gethostbyname
WSASetLastError
recv
send
bind
gethostname

crypt32

CertFreeCertificateContext

wldap32

ord46
ord211
ord60
ord45
ord50
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord143

normaliz

IdnToAscii

kernel32

DisconnectNamedPipe
CreateNamedPipeW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
GetCurrentProcessId
TerminateProcess
DecodePointer
CreateProcessA
OpenProcess
lstrcmpiW
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
FreeResource
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileW
GetDriveTypeW
GetFileAttributesW
GetLogicalDriveStringsW
RemoveDirectoryW
SetFileAttributesW
WriteFile
GetTempPathW
SetHandleInformation
CreatePipe
WaitNamedPipeW
GetCurrentThreadId
CreateProcessW
ConnectNamedPipe
GetProcAddress
LoadLibraryW
MoveFileExW
GetFileSize
SetEndOfFile
SetFilePointer
SetFileTime
GetStdHandle
GetFileInformationByHandle
FindClose
FindFirstFileW
FindNextFileW
GetCurrentDirectoryW
SetLastError
GetTickCount
GetModuleHandleW
GetModuleHandleA
VirtualAlloc
VirtualFree
FormatMessageA
GetTickCount64
SleepEx
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
WaitForSingleObjectEx
GetFileType
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
OutputDebugStringW
OutputDebugStringA
GetTempPathA
ReadFile
DeleteFileA
CreateDirectoryW
GetLastError
RaiseException
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetFullPathNameW
FreeLibrary
CloseHandle
GetExitCodeProcess
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileSizeEx
FlushFileBuffers
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetModuleHandleExW
ResumeThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetExitCodeThread
TryEnterCriticalSection
FormatMessageW
GetStringTypeW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetCPInfo
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetACP
GlobalUnlock
GlobalLock
lstrlenW
ExitProcess
MulDiv
LocalFree
GetVersionExW
LocalFileTimeToFileTime
SystemTimeToFileTime
GlobalAlloc
GetLocalTime
lstrcpynW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualProtect

user32

SetWindowLongW
GetWindowLongW
OffsetRect
GetWindowRect
IsWindowVisible
SetCursor
InflateRect
UnionRect
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
CreateWindowExW
IsWindow
DestroyWindow
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
GetParent
MapWindowPoints
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
GetWindow
LoadImageW
MonitorFromRect
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
SetWindowRgn
MessageBoxW
UpdateLayeredWindow
MoveWindow
IsWindowEnabled
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
UpdateWindow
EqualRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
SetWindowPos
KillTimer
PostQuitMessage
ShowWindow
PostMessageW
wsprintfW
MonitorFromWindow
GetMonitorInfoW
CharUpperW
DefWindowProcW
ScreenToClient

gdi32

SetTextColor
SetStretchBltMode
TextOutW
StretchBlt
GetObjectA
SetBkColor
SetBitmapBits
GdiFlush
CreatePatternBrush
SetBkMode
GetTextExtentPointA
MoveToEx
CreateCompatibleBitmap
BitBlt
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
SetLayout
GetLayout
SetViewportOrgEx
GetBitmapBits
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject

shell32

DragQueryFileW
ShellExecuteW
SHBrowseForFolderW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
CommandLineToArgvW

ole32

CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
OleLockRunning
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

shlwapi

PathFileExistsA
PathRemoveFileSpecW
PathRemoveBackslashW
PathIsRootW
PathFileExistsW

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

gdiplus

GdipCreateFontFromDC
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipGetPropertyItem
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipAddPathArc
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipFree
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81ad3c28b829fd572fa410d5da3ae805

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

imm32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 281KB - Virtual size: 280KB

.data Size: 18KB - Virtual size: 27KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 66KB - Virtual size: 66KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 281KB - Virtual size: 280KB

.data
Size: 18KB - Virtual size: 27KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 66KB - Virtual size: 66KB