6e710c8a6db57ef3452b377e1a0b33649d4e532e20602b529ce380913b089c8d

Sharing

Copy URL Twitter E-mail

General

Target

6e710c8a6db57ef3452b377e1a0b33649d4e532e20602b529ce380913b089c8d
Size

1.2MB
MD5

fe1ba2430159e15ecc7d0225015f6dce
SHA1

bdc5b5830ca979ae4f516c6a436d9687ec47a3f8
SHA256

6e710c8a6db57ef3452b377e1a0b33649d4e532e20602b529ce380913b089c8d
SHA512

e112dc4ba6f98e77908f92860aa2b9c75d7e3454f89dff9d6e777425997687ce0e7839c9dc947a9d13215498ec41b5111f6417bbaa1de4b6be523063290fd2e3
SSDEEP

24576:9/1HqAO/C7opHXjGWaOXDAT8DZBNTeTcvYtyF7+QGIDCtoR:nU+0HS8ET8DZBNTeTcwMF7+CDCuR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e710c8a6db57ef3452b377e1a0b33649d4e532e20602b529ce380913b089c8d

Files

6e710c8a6db57ef3452b377e1a0b33649d4e532e20602b529ce380913b089c8d
.exe windows:6 windows x86 arch:x86

40c2234016e80acb8ecf6125fe52c9b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Rizonesoft\Develop\Notepad3\Bin\Release_x86_v143\grepWinNP3.pdb

Imports

shlwapi

PathCanonicalizeW
SHDeleteKeyW
PathIsURLW
PathIsDirectoryW
PathFileExistsW
SHSetValueW
PathAppendW
PathRemoveFileSpecW
SHAutoComplete
PathCompactPathExW
StrFormatByteSizeW
AssocQueryStringW
StrCmpLogicalW
PathRelativePathToW
SHGetValueW
PathIsRootW
PathIsRelativeW

uxtheme

CloseThemeData
GetThemeInt
GetThemeBackgroundContentRect
SetWindowTheme
OpenThemeData
GetThemeColor
BeginBufferedPaint
BufferedPaintSetAlpha
EndBufferedPaint
DrawThemeBackground

kernel32

lstrlenW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
GetFullPathNameW
GetLongPathNameW
GetShortPathNameW
GetModuleFileNameW
CreateFileW
CloseHandle
CreateDirectoryW
GetCurrentDirectoryW
Sleep
SetCurrentDirectoryW
FormatMessageW
GetTickCount64
GetWindowsDirectoryW
GetCurrentProcess
GetFileTime
WriteFile
SetFileTime
GetFileSizeEx
GlobalMemoryStatusEx
ReadFile
WideCharToMultiByte
GetFileSize
FlushFileBuffers
SetFilePointer
SetEndOfFile
GetCommandLineW
SetDllDirectoryW
CreateMutexW
GetSystemDirectoryW
SystemTimeToFileTime
SetErrorMode
GetUserDefaultLCID
GetStringTypeExW
LoadLibraryA
LCMapStringW
ExpandEnvironmentStringsW
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeExA
LCMapStringA
GetSystemTime
FileTimeToSystemTime
CreateThread
CreateProcessW
GetFileInformationByHandle
CompareFileTime
CopyFileW
GetFileAttributesW
SetFileAttributesW
MoveFileExA
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
CreateFileA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAddAtomW
GetOEMCP
GetACP
GlobalUnlock
HeapReAlloc
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
CompareStringW
VirtualProtect
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
lstrcpyW
ExitProcess
SetEnvironmentVariableW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
CreateFileMappingA
GetModuleHandleA
MapViewOfFileEx
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
GetSystemTimeAsFileTime
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoEx
RaiseException
IsProcessorFeaturePresent
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
GetNativeSystemInfo
InitOnceBeginInitialize
InitOnceComplete
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStringTypeW
FormatMessageA
GlobalFree
GlobalLock
GlobalAlloc
FindNextFileW
FindClose
FindFirstFileW
FindFirstFileExW
lstrcpynW
GetModuleHandleW
MulDiv
GetLastError
GetProcAddress
FreeLibrary
LoadLibraryW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
LocalFree
LocalAlloc
DeleteAtom
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
IsValidCodePage
GetStdHandle

user32

PostMessageW
GetSysColor
SetCapture
GetClassNameW
InvalidateRgn
BeginPaint
GetClientRect
GetWindowLongW
SendMessageW
GetWindowTextLengthW
GetWindowTextW
EndPaint
DrawTextW
InflateRect
GetWindowRect
GetCursorPos
CheckDlgButton
GetKeyState
RedrawWindow
PtInRect
GetFocus
GetSystemMetrics
IntersectRect
MapWindowPoints
GetParent
GetDC
ReleaseDC
ScreenToClient
SystemParametersInfoW
DialogBoxParamW
CreateDialogParamW
EnableWindow
ShowWindow
BringWindowToTop
SetForegroundWindow
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DestroyWindow
EndDialog
SetFocus
CreatePopupMenu
CheckRadioButton
SendDlgItemMessageW
AppendMenuW
InsertMenuW
DestroyMenu
GetDCEx
LoadStringA
CreateDialogIndirectParamW
GetWindowPlacement
GetDesktopWindow
CopyRect
SetTimer
KillTimer
IsDlgButtonChecked
EnumWindows
RegisterWindowMessageW
TrackPopupMenu
GetSubMenu
LoadMenuW
ClientToScreen
LoadStringW
SetDlgItemTextW
DrawIconEx
GetSysColorBrush
SetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard
EnumDisplayMonitors
GetMonitorInfoW
SetWindowTextW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
GetSystemMenu
EnumThreadWindows
EnumChildWindows
CloseWindow
LoadCursorW
SetCursor
CheckMenuItem
ReleaseCapture
DrawFocusRect
RemovePropW
GetPropW
SetPropW
RegisterClipboardFormatW
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
InvalidateRect
SetWindowRgn
CallWindowProcW
SetWindowPlacement
MoveWindow
GetWindowDC
SetLayeredWindowAttributes
MessageBoxW
SetCursorPos
GetDlgItemTextW
DefDlgProcW
CreateWindowExW
SetWindowLongW
GetDlgItem
LoadImageW
SetWindowPos
OffsetRect

gdi32

GetObjectW
ExtTextOutW
CreateSolidBrush
EnumFontsW
PatBlt
SelectObject
GetDeviceCaps
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
DeleteObject
SetTextColor
CreateFontIndirectW
SetBkColor
SetBkMode

comdlg32

GetOpenFileNameW

advapi32

CryptAcquireContextW
CryptReleaseContext
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash

shell32

CommandLineToArgvW
SHGetDesktopFolder
ord701
SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
SHGetKnownFolderPath
SHCreateItemFromParsingName
DragQueryFileW

ole32

CoCreateInstance
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoUninitialize
OleInitialize
OleUninitialize
RegisterDragDrop
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipResetPath
GdipDeletePath
GdipCreatePath
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipDrawRectangleI
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipDrawPath

comctl32

ord412
ord410
ord413
InitCommonControlsEx
ord381
ImageList_GetImageCount
ImageList_GetImageInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 889KB - Virtual size: 889KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fptable
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40c2234016e80acb8ecf6125fe52c9b0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

gdiplus

comctl32

version

Sections

.text Size: 889KB - Virtual size: 889KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 18KB - Virtual size: 25KB

.fptable Size: 512B - Virtual size: 128B

.rsrc Size: 174KB - Virtual size: 174KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 889KB - Virtual size: 889KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 18KB - Virtual size: 25KB

.fptable
Size: 512B - Virtual size: 128B

.rsrc
Size: 174KB - Virtual size: 174KB

.reloc
Size: 36KB - Virtual size: 36KB