AltAppSwitcher_x86_64 (1)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

AltAppSwitcher_x86_64 (1).zip
Size

31KB
MD5

12cbed7799a02df1be6d104790dfe703
SHA1

1af49c5709746c55dc8cb6673c641b2d7cc8338d
SHA256

ef1c3adf6c9dec1c34004aadcdf3118d9b4c8aa40730ba74549536244936d6d3
SHA512

3c2ca57da04c399441fb8a4f1e2c84a3af5cabfb84736b7994602a9f6a1dd7e458bee9a4566d8a01760fc5cdbd4d267e4a2ff9e18deb13b307179a1dc7535665
SSDEEP

768:rTlDCiwDTmvGEHoV92T43mwiUzFqfevu2dWGXh1CeUoX4yRVEZR7gr:DwDiGEIV9CLwiUofF2dllfHEZR7gr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AltAppSwitcher.exe

Files

AltAppSwitcher_x86_64 (1).zip
.zip

Password: infected
AltAppSwitcher.exe
.exe windows:6 windows x64 arch:x64

Password: infected

69569872de483009b4eedf61c0e328bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmGetWindowAttribute
DwmSetWindowAttribute

user32

AllowSetForegroundWindow
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CreateWindowExA
DefWindowProcA
DeferWindowPos
DestroyIcon
DestroyWindow
DispatchMessageA
DrawIcon
EndDeferWindowPos
EndPaint
EnumChildWindows
EnumDesktopWindows
EnumThreadWindows
FillRect
GetAncestor
GetClassNameA
GetClientRect
GetDC
GetForegroundWindow
GetLastActivePopup
GetMessageA
GetParent
GetShellWindow
GetSysColorBrush
GetSystemMetrics
GetWindow
GetWindowInfo
GetWindowPlacement
GetWindowRect
GetWindowThreadProcessId
InvalidateRect
IsWindow
IsWindowVisible
LoadIconA
PostThreadMessageA
RegisterClassA
ReleaseDC
SendInput
SetCapture
SetForegroundWindow
SetWindowsHookExA
ShowWindowAsync
TranslateMessage
UnregisterClassA
UpdateWindow

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
SelectObject
SetBkMode

gdiplus

GdipAddPathArcI
GdipAddPathLineI
GdipCloneStringFormat
GdipClosePathFigure
GdipCreateFont
GdipCreateFromHDC
GdipCreatePath
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeletePen
GdipDeleteStringFormat
GdipDisposeImage
GdipDrawImageRectI
GdipDrawPath
GdipDrawString
GdipFillPath
GdipGetGenericFontFamilySansSerif
GdipLoadImageFromFile
GdipSetSmoothingMode
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipStringFormatGetGenericDefault
GdiplusShutdown
GdiplusStartup

shlwapi

SHLoadIndirectString

ole32

CoInitializeEx
CoUninitialize

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_ctime64
_errno
_fmode
_initterm
_ismbblead
_lock
_onexit
_time64
_unlock
abort
calloc
exit
fclose
fgets
fopen
fprintf
fputc
fputwc
free
fwprintf
fwrite
localeconv
malloc
mbstowcs
memcmp
memcpy
memset
signal
strcmp
strcpy
strerror
strlen
strncmp
strstr
vfprintf
wcscpy
wcslen

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA

shell32

ExtractIconA

kernel32

CloseHandle
CreateRemoteThread
DebugBreak
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
GetApplicationUserModelId
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
K32GetModuleFileNameExA
LeaveCriticalSection
LocalFree
MultiByteToWideChar
OpenProcess
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcmpiA
lstrcmpiW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AltAppSwitcherConfig.txt
CloseAltAppSwitcher.bat
.bat .vbs

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

69569872de483009b4eedf61c0e328bc

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

user32

gdi32

gdiplus

shlwapi

ole32

msvcrt

advapi32

shell32

kernel32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1.1MB

.pdata Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 152B

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1.1MB

.pdata
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 152B