49767b300ecb8785ba9fcb86bb82fd860790550b717363afe00d457f494db5b3

Sharing

Copy URL

Twitter E-mail

General

Target

49767b300ecb8785ba9fcb86bb82fd860790550b717363afe00d457f494db5b3
Size

9.0MB
MD5

d94a4ed1a73b21ca8620f248289e058e
SHA1

9184da8a18e5ddabbaf6ea3bc4c4e355608e19bd
SHA256

49767b300ecb8785ba9fcb86bb82fd860790550b717363afe00d457f494db5b3
SHA512

0b1f8202c396b2c150f15d5ff6da05183856ccf7b580ce81b64d0ff9aca40f27737673df7e4e8349d9dbd777f97da711a9898d93fd7930cc56bcb09a3d6c31c7
SSDEEP

98304:mqTAaghA9U9G/I3Ddp8Dk6B4800u+35nj1wk:FUzpykz3+355V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49767b300ecb8785ba9fcb86bb82fd860790550b717363afe00d457f494db5b3

Files

49767b300ecb8785ba9fcb86bb82fd860790550b717363afe00d457f494db5b3
.exe windows:6 windows x64 arch:x64

d8657c4a5b9182663ae09f5aedd5365a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

app.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

kernel32

RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetModuleHandleW
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
GetProcAddress
GetSystemInfo
GetNativeSystemInfo
GetProcessHeap
HeapAlloc
HeapFree
TlsGetValue
WaitForSingleObject
LoadLibraryW
EncodePointer
CreateMutexA
TlsSetValue
GetTempPathW
GetFullPathNameW
LCIDToLocaleName
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetModuleHandleA
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
ReadFileEx
CreateNamedPipeW
ExitProcess
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
CopyFileExW
GetFinalPathNameByHandleW
LoadLibraryExW
GetUserDefaultUILanguage
GetEnvironmentVariableW
MultiByteToWideChar
Sleep
GetCurrentProcess
DuplicateHandle
CreatePipe
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindFirstFileW
WideCharToMultiByte
GlobalFree
CreateDirectoryW
GetFileInformationByHandleEx
GetCurrentThread
WaitForSingleObjectEx
CreateFileW
GlobalAlloc
FindClose
FindNextFileW
GlobalUnlock
GlobalSize
GlobalLock
ReleaseMutex
HeapReAlloc
LoadLibraryA
QueryPerformanceFrequency
GetProcessId
TerminateProcess
GetExitCodeProcess
GetUserDefaultLocaleName
SleepEx
lstrlenW
WriteFileEx
FormatMessageW
GetCurrentProcessId
GetStdHandle
GetLastError
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
FreeLibrary
LoadLibraryExA
SetLastError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
SetHandleInformation
FreeEnvironmentStringsW
TlsFree
GetConsoleMode
GetFileInformationByHandle
SetFileCompletionNotificationModes
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx

user32

IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
SetClipboardData
GetDC
CloseClipboard
OpenClipboard
EnumChildWindows
RegisterWindowMessageA
RegisterClassExW
RegisterRawInputDevices
MsgWaitForMultipleObjectsEx
SetWindowLongPtrW
SetCapture
RegisterHotKey
UnregisterHotKey
RegisterClipboardFormatW
DispatchMessageA
GetMessageA
EnableMenuItem
ToUnicodeEx
GetKeyboardLayout
DestroyIcon
CreateIcon
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
IsProcessDPIAware
DestroyAcceleratorTable
CreateAcceleratorTableW
VkKeyScanW
SetMenuItemInfoW
CheckMenuItem
CreateMenu
CreatePopupMenu
GetMenu
MapVirtualKeyExW
GetKeyState
AppendMenuW
ShowWindow
SendInput
PostQuitMessage
GetSystemMenu
SendMessageW
GetKeyboardState
SetWindowLongW
SetWindowDisplayAffinity
GetClipCursor
TrackPopupMenu
ClipCursor
RegisterClassW
SetForegroundWindow
CreateWindowExW
IsWindow
GetRawInputData
RedrawWindow
ValidateRect
SystemParametersInfoA
GetWindowLongPtrW
PostThreadMessageW
PeekMessageW
GetUpdateRect
LoadCursorW
IsWindowVisible
AdjustWindowRectEx
GetAsyncKeyState
RegisterTouchWindow
GetSystemMetrics
GetForegroundWindow
SetCursorPos
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
ReleaseCapture
FlashWindowEx
DefWindowProcW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
GetWindowRect
MapVirtualKeyW
IsIconic
GetActiveWindow
SetMenu
ShowCursor
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
SetCursor
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ClientToScreen
GetClientRect
GetWindowLongW
DestroyWindow
TrackMouseEvent
PostMessageW
MonitorFromRect

comctl32

RemoveWindowSubclass
DefSubclassProc
TaskDialogIndirect
SetWindowSubclass

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoIncrementMTAUsage
CreateStreamOnHGlobal
RevokeDragDrop
OleInitialize
CoTaskMemAlloc
RegisterDragDrop

shell32

SHGetKnownFolderPath
DragFinish
SHAppBarMessage
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHCreateItemFromParsingName
DragQueryFileW

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

ws2_32

setsockopt
closesocket
WSAIoctl
send
recv
shutdown
WSAStartup
WSACleanup
WSAGetLastError
getsockopt
listen
WSASend
ioctlsocket
connect
bind
WSASocketW
getsockname
getpeername
accept
freeaddrinfo
getaddrinfo

advapi32

EventRegister
EventSetInformation
RegOpenKeyExW
EventWriteTransfer
RegQueryValueExW
EventUnregister
RegCloseKey
RegGetValueW
SystemFunction036
RevertToSelf
ImpersonateAnonymousToken

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SetErrorInfo
GetErrorInfo
SysStringLen
SysFreeString

uxtheme

SetWindowTheme

ntdll

RtlGetVersion
NtReadFile
NtWriteFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile

bcrypt

BCryptGenRandom

secur32

DeleteSecurityContext
QueryContextAttributesW
AcceptSecurityContext
FreeContextBuffer
InitializeSecurityContextW
ApplyControlToken
EncryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleA
DecryptMessage

crypt32

CertCloseStore
CertDuplicateStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore

api-ms-win-crt-math-l1-1-0

trunc
floor
round
pow
__setusermatherr

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcpy_s
wcslen
wcsncmp
strlen

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_seh_filter_exe
_set_app_type
_initialize_narrow_environment
_get_initial_narrow_environment
abort
_initterm
_initterm_e
exit
_exit
terminate
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
strerror
_initialize_onexit_table
_crt_atexit
_register_onexit_function

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
malloc
_callnewh
free

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8657c4a5b9182663ae09f5aedd5365a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

comctl32

ole32

shell32

gdi32

dwmapi

ws2_32

advapi32

api-ms-win-core-winrt-l1-1-0

oleaut32

uxtheme

ntdll

bcrypt

secur32

crypt32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 13KB - Virtual size: 24KB

.pdata Size: 341KB - Virtual size: 341KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 13KB - Virtual size: 24KB

.pdata
Size: 341KB - Virtual size: 341KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 34KB - Virtual size: 34KB