d7a59eff79f146b3b9998ce3f9aab540N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d7a59eff79f146b3b9998ce3f9aab540N.exe
Size

182KB
MD5

d7a59eff79f146b3b9998ce3f9aab540
SHA1

11418133a21c95f9c6c66e6755f61deee90f6917
SHA256

8438d58036e58ce9eafa16373c1399008ba6cb02af06b392ef8489b22ef8bdea
SHA512

5058fc547a5434884e4b3f6df5ceccf0506ffc6e5ef29284b6c0c72ad7d37025e1021b84e300874e18b4e3a9bd4c7146b574dbd710335bf778ff6b385b33d141
SSDEEP

3072:qcQeSLJww9ET5f/RYzwaeKdHNb8nR9SOPLbZgJra0hxc:vQe02wm9XAVtb8Rg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7a59eff79f146b3b9998ce3f9aab540N.exe

Files

d7a59eff79f146b3b9998ce3f9aab540N.exe
.dll windows:6 windows x64 arch:x64

137d81618bf0cd95866b061470921ecf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\dev\ProcessHacker\trunk\bin\Release64\plugins\HardwareDevices.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhSystemBasicInformation
PhReAllocate
PhGetOwnTokenAttributes
PhConvertMultiByteToUtf16
PhStringToInteger64
WindowsVersion
PhQueryRegistryString
PhConcatStrings_V
PhCreateFileWin32
PhInsertEMenuItem
PhTrimStringRef
PhCreateEMenuItem
PhCreateEMenu
PhDereferenceObject
PhfAcquireQueuedLockExclusive
PhReferenceObject
PhCreateObject
PhGetIntegerSetting
PhFindItemList
PhReferenceObjectSafe
PhfAcquireQueuedLockShared
PhInitializeCircularBuffer_ULONG64
PhRemoveItemList
PhAddItemList
PhfWakeForReleaseQueuedLock
PhCountStringZ
PhCreateObjectType
PhfReleaseQueuedLockShared
PhDeleteCircularBuffer_ULONG64
PhCreateString
PhDereferenceObjectDeferDelete
PhCreateList
PhModalPropertySheet
PhFormatUInt64
PhLayoutManagerLayout
PhFree
PhCenterWindow
PhAddSettings
PhGetGeneralCallback
PhShowEMenu
PhDestroyEMenu
PhRegisterPlugin
PhGetPluginCallback
PhQueryValueKey
PhEqualStringRef
PhFindListViewItemByFlags
PhGetStringSetting
PhSetStringSetting2
PhSplitStringRefAtChar
PhGetListViewItemParam
PhFormatString
PhDivideSinglesBySingle
PhInitializeGraphState
PhConcatStrings2
PhSiSizeLabelYFunction
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhGetDrawInfoGraphBuffers
PhGetStatisticsTimeString
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhUnregisterCallback
PhRemoveStringBuilder
PhDrainAutoPool
PhFinalStringBuilderString
PhRegisterCallback
PhInitializeAutoPool
PhDeleteStringBuilder
PhProcessesUpdatedEvent
PhMainWndHandle
PhFormatSize
PhInitializeLayoutManager
PhBufferToHexString
PhDeleteLayoutManager
PhSetListViewSubItem
PhSetControlTheme
PhAllocate
PhCreateThread
PhSetExtendedListView
PhGetSelectedListViewItemParam
PhAddListViewColumn
PhCreateStringEx
PhAddLayoutItem
PhAddListViewItem
PhFormatString_V
PhAutoDereferenceObject
PhFormatDateTime

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtQueryVolumeInformationFile
NtFsControlFile
RtlVirtualUnwind
NtQueryInformationProcess
NtDeviceIoControlFile
RtlGUIDFromString
LdrGetProcedureAddress
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtClose
RtlUnwindEx

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
GetProcessHeap
GetStdHandle
GetFileType
SetLastError
GetLogicalDrives
FreeLibrary
LoadLibraryW
FileTimeToLocalFileTime
FileTimeToSystemTime
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
CreateFileW
WriteConsoleW

user32

GetCursorPos
CreateWindowExW
InvalidateRect
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
TranslateMessage
PostQuitMessage
SetForegroundWindow
IsIconic
DefWindowProcW
GetPropW
SendMessageW
RemovePropW
SetDlgItemTextW
SetPropW
GetDlgItem
GetParent

comctl32

ord413
ord410
ord412
CreatePropertySheetPageW

advapi32

SystemFunction036

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

137d81618bf0cd95866b061470921ecf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

uxtheme

processhacker.exe

ntdll

kernel32

user32

comctl32

advapi32

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 2KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 512B

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 9KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 512B

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 9KB