d7146c1fd839d6d763fff464d8c42540N

Sharing

Copy URL Twitter E-mail

General

Target

d7146c1fd839d6d763fff464d8c42540N
Size

140KB
MD5

d7146c1fd839d6d763fff464d8c42540
SHA1

9f0c3174fc9e9a6b4b53621419f0687fff0224bf
SHA256

8de16a6e1a044d3909267f0ebeb088af1001eea171bee675a175f4212f301292
SHA512

fb0f86549aba1bb2c4e54cbcc5508bf0e9d6f9add0cb085b778aec804dd9ecf6da834a277c70f5e5b217a03c9ea01885978cda68f3e5192a978ebd6379bcfef8
SSDEEP

3072:+jEwnVS570M9kdatGCO+xmBc+hMPhPsxwX7hMWET:EVs7nyatGt+SYFt9TET

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7146c1fd839d6d763fff464d8c42540N

Files

d7146c1fd839d6d763fff464d8c42540N
.exe windows:6 windows x86 arch:x86

c35dfe551f52a3442e5ea18f4586e239

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fvenotify.pdb

Imports

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegGetValueW
InitiateShutdownW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

LocalFree
GetModuleHandleW
FormatMessageW
GetCurrentProcess
GetCommandLineW
GetTickCount
RegisterApplicationRestart
Sleep
CloseHandle
CreateMutexW
HeapSetInformation
LoadLibraryW
GetLastError
FreeLibrary
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
UnhandledExceptionFilter
TerminateProcess

gdi32

ExtTextOutW
BitBlt
CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject
GetObjectW
CreateDIBSection
SetBkColor

user32

UnregisterDeviceNotification
LoadIconW
RegisterClassExW
CreateWindowExW
GetWindowLongW
GetCursorPos
LoadMenuW
GetSubMenu
TrackPopupMenu
PostMessageW
PostQuitMessage
SetWindowLongW
MoveWindow
DispatchMessageW
DestroyWindow
ShowWindow
SetForegroundWindow
SendMessageW
LoadStringW
GetIconInfo
DrawIconEx
CreateIconIndirect
GetSystemMetrics
LoadImageW
SetMenuInfo
SetMenuItemInfoW
DestroyIcon
GetDC
TranslateMessage
GetMessageW
RegisterDeviceNotificationW
DefWindowProcW
ReleaseDC
EnableMenuItem

msvcrt

_acmdln
memset
??3@YAXPAX@Z
_controlfp
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_ftol2_sse
exit
??2@YAPAXI@Z
_vsnwprintf
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
towupper
_ftol2
wcstol

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
ord344
ord345
HIMAGELIST_QueryInterface

shell32

Shell_NotifyIconW
CommandLineToArgvW
ord727
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize

bdeui

?BuisCreateProxyObject@@YGJPAPAUIDispatch@@@Z
?BuisCreateElevatedProxyObject@@YGJPAUHWND__@@PAPAUIDispatch@@@Z
?RequiresElevation@BuiVolume@@QAE_NXZ
??1BuiVolume@@QAE@XZ
?ImplicitPauseConversion@BuiVolume@@QAEJXZ
?ResumeConversion@BuiVolume@@QAEJXZ
?RefreshStatus@BuiVolume@@QAEJ_N@Z
?GetConvertedPercent@BuiVolume@@QAENXZ
?Init@BuiVolume@@QAEJPAG@Z
??0BuiVolume@@QAE@_N@Z
?BuisIsHardwareReadyForConversion@@YGJXZ
?SuspendStatusRefreshing@BuiVolume@@QAEXXZ
?ResumeStatusRefreshing@BuiVolume@@QAEXXZ
?ResetStatusRefreshing@BuiVolume@@QAEXXZ
?DeleteVolumeList@BuiVolume@@SGXPAPAU_BuiVolumeNode@@@Z
?GetAllVolumes@BuiVolume@@SGJPAPAU_BuiVolumeNode@@@Z
?SetProxyObject@BuiVolume@@QAEXPAUIDispatch@@@Z

slc

SLGetWindowsInformationDWORD

Exports

Exports

??0VolumeFveStatus@@IAE@XZ
??0VolumeFveStatus@@QAE@KJ@Z
??4BuiVolume@@QAEAAV0@ABV0@@Z
??4VolumeFveStatus@@QAEAAV0@ABV0@@Z
?FailedDryRun@VolumeFveStatus@@QAE_NXZ
?GetLastConvertStatus@VolumeFveStatus@@QAEJXZ
?GetStatusFlags@VolumeFveStatus@@QAEKXZ
?HasExternalKey@VolumeFveStatus@@QAE_NXZ
?HasPassphraseProtector@VolumeFveStatus@@QAE_NXZ
?HasPinProtector@VolumeFveStatus@@QAE_NXZ
?HasRecoveryData@VolumeFveStatus@@QAE_NXZ
?HasRecoveryPassword@VolumeFveStatus@@QAE_NXZ
?HasSmartCardProtector@VolumeFveStatus@@QAE_NXZ
?HasStartupKeyProtector@VolumeFveStatus@@QAE_NXZ
?HasTpmProtector@VolumeFveStatus@@QAE_NXZ
?IsConverting@VolumeFveStatus@@QAE_NXZ
?IsDecrypted@VolumeFveStatus@@QAE_NXZ
?IsDecrypting@VolumeFveStatus@@QAE_NXZ
?IsDisabled@VolumeFveStatus@@QAE_NXZ
?IsEncrypted@VolumeFveStatus@@QAE_NXZ
?IsEncrypting@VolumeFveStatus@@QAE_NXZ
?IsFveNotifyNecessary@VolumeFveStatus@@QAE_NXZ
?IsLocked@VolumeFveStatus@@QAE_NXZ
?IsOn@VolumeFveStatus@@QAE_NXZ
?IsOsVolume@VolumeFveStatus@@QAE_NXZ
?IsPartiallyConverted@VolumeFveStatus@@QAE_NXZ
?IsPaused@VolumeFveStatus@@QAE_NXZ
?IsRoamingDevice@VolumeFveStatus@@QAE_NXZ
?IsSecure@VolumeFveStatus@@QAE_NXZ
?NO_DRIVE_LETTER@BuiVolume@@2IB
?NeedsRestart@VolumeFveStatus@@QAE_NXZ

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c35dfe551f52a3442e5ea18f4586e239

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

shell32

ole32

bdeui

slc

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 932B

.rsrc Size: 89KB - Virtual size: 88KB

.reloc Size: 28KB - Virtual size: 29KB

.text
Size: 21KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 932B

.rsrc
Size: 89KB - Virtual size: 88KB

.reloc
Size: 28KB - Virtual size: 29KB