e590c2a90bed594f5ee372cf1bdc05b35557d0645642d7d49f43d58dc6a148b6

Sharing

Copy URL Twitter E-mail

General

Target

e590c2a90bed594f5ee372cf1bdc05b35557d0645642d7d49f43d58dc6a148b6
Size

2.1MB
MD5

af53e2efda3635476537b0e36827b30f
SHA1

d092799c046289ecabf7730fa37daaa520543e08
SHA256

e590c2a90bed594f5ee372cf1bdc05b35557d0645642d7d49f43d58dc6a148b6
SHA512

4373093f3025e29dbc06d03b496b59689ffecd3f26346ad03905a1dd303ff7ae72cd627bb910fffc7a92ce3acbe6c827fc417e6632c785adea880c3fcdcfd5a1
SSDEEP

24576:rscafjorRJG30ORtd4v40HGoy3gjRWdPnO7NnmkUv+KzF+yH3:rEjE03r3d4g7h3gjoPMSvN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e590c2a90bed594f5ee372cf1bdc05b35557d0645642d7d49f43d58dc6a148b6

Files

e590c2a90bed594f5ee372cf1bdc05b35557d0645642d7d49f43d58dc6a148b6
.exe windows:6 windows x64 arch:x64

bfabb51d1b7efe4193055922a025153e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\x64\Release\KeyboardManagerEditor\PowerToys.KeyboardManagerEditor.pdb

Imports

dbghelp

SymGetModuleBase64
SymGetLineFromAddr64
SymGetSymFromAddr64
StackWalk64
SymFunctionTableAccess64
SymSetOptions
SymInitialize

kernel32

WaitForSingleObject
CloseHandle
GetModuleFileNameW
RtlCaptureContext
GetCurrentProcess
GetCurrentThread
SetUnhandledExceptionFilter
CreateMutexW
GetCommandLineW
IsDebuggerPresent
OpenProcess
GetModuleHandleW
HeapFree
InitializeCriticalSectionEx
LocalFree
HeapReAlloc
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
lstrlenW
GetLastError
SetEndOfFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
LocalAlloc
HeapSize
LocalSize
GetCurrentThreadId
ReadFile
FlushFileBuffers
GetConsoleOutputCP
GetFileSizeEx
TrySubmitThreadpoolCallback
RtlPcToFileHeader
SetFilePointerEx
GetTimeZoneInformation
GetDynamicTimeZoneInformation
GetFileAttributesW
MultiByteToWideChar
Sleep
GetCurrentProcessId
WideCharToMultiByte
WriteConsoleW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
GetConsoleMode
SetEnvironmentVariableW
OutputDebugStringA
GetModuleFileNameA
CreateSemaphoreExW
SetLastError
ReleaseSemaphore
GetModuleHandleExW
ReleaseMutex
FormatMessageW
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
GetProcAddress
CreateMutexExW
DebugBreak
QueryFullProcessImageNameW
CreateEventW
SetEvent
ResetEvent
CreateThread
SizeofResource
LockResource
LoadResource
FindResourceExW
TerminateProcess
GetTickCount64
LoadLibraryW
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
SwitchToThread
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
EnumSystemLocalesW
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection
LCMapStringEx
GetSystemTimeAsFileTime
GetCPInfo
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedPushEntrySList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
DeleteFileW
SetStdHandle
GetFileType
ExitProcess
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
RtlUnwind

user32

SendInput
GetWindowThreadProcessId
EnumChildWindows
MapVirtualKeyW
GetGUIThreadInfo
GetForegroundWindow
LoadStringW
PostMessageW
LoadImageW
RegisterClassExW
CreateWindowExW
SetForegroundWindow
SetWindowsHookExW
UpdateWindow
GetClientRect
SetWindowPos
GetAsyncKeyState
PostQuitMessage
DefWindowProcW
GetMonitorInfoW
EnumDisplayMonitors
SetParent
SetWindowLongW
SendMessageW
GetKeyboardLayout
GetCursorPos
MonitorFromPoint
MessageBoxW
CallNextHookEx
PostThreadMessageW
MonitorFromWindow
UnhookWindowsHookEx
ToUnicodeEx
MapVirtualKeyExW
ShowWindow

advapi32

RegNotifyChangeKeyValue
RegGetValueW
EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
CommandLineToArgvW
SHBrowseForFolderW
SHGetKnownFolderPath

shlwapi

PathStripPathW

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

uxtheme

SetWindowThemeAttribute

gdi32

CreateSolidBrush

comdlg32

GetOpenFileNameW

ole32

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoInitializeEx
CoUninitialize
RoGetAgileReference
CoGetObjectContext
CoGetApartmentType

dwmapi

DwmSetWindowAttribute

oleaut32

SetErrorInfo
SysStringLen
GetErrorInfo
SysFreeString

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoFailFastWithErrorContext
RoTransformError

Sections

.text
Size: 890KB - Virtual size: 890KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bfabb51d1b7efe4193055922a025153e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

kernel32

user32

advapi32

shell32

shlwapi

api-ms-win-shcore-scaling-l1-1-1

uxtheme

gdi32

comdlg32

ole32

dwmapi

oleaut32

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

Sections

.text Size: 890KB - Virtual size: 890KB

.rdata Size: 253KB - Virtual size: 253KB

.data Size: 144KB - Virtual size: 158KB

.pdata Size: 41KB - Virtual size: 41KB

.rsrc Size: 229KB - Virtual size: 228KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 890KB - Virtual size: 890KB

.rdata
Size: 253KB - Virtual size: 253KB

.data
Size: 144KB - Virtual size: 158KB

.pdata
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 229KB - Virtual size: 228KB

.reloc
Size: 572KB - Virtual size: 576KB