36f429ea8b71d4a9a2197085b8083d2c5f686fe9135a0688926aa14fdc2120da

Sharing

Copy URL

Twitter E-mail

General

Target

36f429ea8b71d4a9a2197085b8083d2c5f686fe9135a0688926aa14fdc2120da
Size

3.9MB
MD5

7f9693d83047e398cf25640a6d71c34a
SHA1

b645518a992a997dea82ee6de1f3d31f4811360a
SHA256

36f429ea8b71d4a9a2197085b8083d2c5f686fe9135a0688926aa14fdc2120da
SHA512

9b81ffc8a647525d42613dc1bebae9a11e07089910885a606801cb21e3258312c1ca2829e7ef3340a142aed19b11dcb399a056691059da4cc907175966d75231
SSDEEP

49152:4exFkrMIAsobm2qsKwpxLE5vxR5t2r4PRSEk1ul:vFkwA2DRx4RJt2sEE5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36f429ea8b71d4a9a2197085b8083d2c5f686fe9135a0688926aa14fdc2120da

Files

36f429ea8b71d4a9a2197085b8083d2c5f686fe9135a0688926aa14fdc2120da
.exe windows:6 windows x64 arch:x64

947aecd97fa2990c5ef2f0e9a8311a90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\u\workspace\nViewBranchBuilder\sw\nview\v200\_out\x64-Release\nViewMain64.pdb

Imports

magnification

MagSetWindowSource
MagUninitialize
MagSetWindowTransform
MagInitialize

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
CreateThread
ExitThread
ResetEvent
FreeLibrary
GetProcAddress
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CreateProcessW
SetEndOfFile
HeapSize
ReadConsoleW
lstrlenW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
lstrcatW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
HeapFree
HeapAlloc
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
GetCommandLineA
GetLocalTime
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
OpenEventW
GetCurrentProcess
GetCurrentThread
SetThreadPriority
GetThreadPriority
IsWow64Process
GetModuleHandleW
ReleaseMutex
CreateMutexW
FindClose
FindFirstFileW
SetFileAttributesW
lstrcpynW
OpenProcess
lstrcmpiW
GetFileAttributesW
Process32NextW
Process32FirstW
QueryPerformanceFrequency
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
lstrcpyW
lstrcmpW
FindNextFileW
GetSystemDirectoryW
SetStdHandle
RtlUnwind
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
QueryFullProcessImageNameW
MapViewOfFileEx
CreateFileMappingW
GetSystemInfo
UnmapViewOfFile
GetModuleHandleA
GetVersionExW
K32GetModuleFileNameExW
K32EnumProcessModules
GetCommandLineW
GetUserDefaultUILanguage
QueryPerformanceCounter
MulDiv
LoadLibraryW
FormatMessageW
GetCurrentThreadId
GetCurrentProcessId
VerifyVersionInfoW
LoadLibraryExW
GetModuleFileNameW
SetLastError
OutputDebugStringW
GetFullPathNameW
ExpandEnvironmentStringsW
VerSetConditionMask
LocalFree
LocalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FreeResource
CopyFileW
GetTickCount
GetSystemWindowsDirectoryW
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
GetLastError

user32

GetWindowPlacement
SetWindowPlacement
IsIconic
IntersectRect
UnionRect
DefWindowProcW
RegisterClassW
CreateWindowExW
ShowWindow
GetWindowRect
UnhookWinEvent
EndPaint
InvalidateRect
InflateRect
SetWindowLongPtrW
LoadCursorW
SystemParametersInfoW
RegisterWindowMessageW
CopyRect
EnumDisplayMonitors
CharUpperW
WindowFromPoint
SetWindowPos
SetWinEventHook
EnumWindows
IsWindowVisible
SendMessageTimeoutW
PtInRect
ClientToScreen
BeginPaint
GetClientRect
PostMessageW
GetWindow
GetClassLongPtrW
GetWindowLongPtrW
IsDlgButtonChecked
CheckDlgButton
GetPhysicalCursorPos
GetDlgItem
GetLayeredWindowAttributes
DestroyWindow
SendMessageW
wsprintfW
SetLayeredWindowAttributes
EnumDisplaySettingsExW
CheckMenuRadioItem
GetSysColorBrush
InsertMenuItemW
TrackPopupMenu
CreatePopupMenu
OffsetRect
IsRectEmpty
SetRectEmpty
GetMonitorInfoW
MonitorFromRect
DestroyIcon
ReleaseDC
GetDC
IsWindow
GetWindowThreadProcessId
FindWindowExW
EqualRect
WaitForInputIdle
MsgWaitForMultipleObjects
RegisterDeviceNotificationW
PeekMessageW
LoadIconW
SetWindowLongW
GetWindowLongW
UpdateWindow
GetMenuItemInfoW
AppendMenuW
CheckMenuItem
CreateMenu
SetMenu
GetSystemMetrics
RegisterClassExW
CloseDesktop
OpenInputDesktop
EnumDisplaySettingsW
UnregisterHotKey
RegisterHotKey
GetDesktopWindow
SetCursorPos
DialogBoxParamW
CreateDialogParamW
IsZoomed
MoveWindow
ShowWindowAsync
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
GetCursorPos
GetWindowTextW
SetForegroundWindow
GetForegroundWindow
KillTimer
SetTimer
UnregisterClassW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
GetAsyncKeyState
FindWindowW
GetParent
MessageBoxW
CharLowerW
GetSysColor
LoadImageW
ValidateRect
GetClassNameW
DrawIconEx
GetAncestor
MonitorFromPoint
SetProcessDPIAware
LoadStringW
DisplayConfigGetDeviceInfo
EnumDisplayDevicesW
GetActiveWindow

gdi32

CreateSolidBrush
GetObjectW
StretchBlt
DeleteDC
CreateCompatibleDC
TextOutW
MoveToEx
SetTextColor
SetBkMode
SetDCPenColor
SetDCBrushColor
SelectObject
RoundRect
LineTo
GetTextExtentPoint32W
GetStockObject
DeleteObject
CreateFontIndirectW
StrokeAndFillPath
CreateCompatibleBitmap
GetDeviceCaps
BitBlt
CreatePen
GetDIBits
SetStretchBltMode
BeginPath
EndPath
SetBrushOrgEx

advapi32

GetUserNameW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
SetEntriesInAclW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenCurrentUser
RegOpenKeyW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ExtractIconW
ExtractIconExW
SHCreateShellItemArrayFromShellItem
SHCreateItemFromParsingName
SHGetFolderPathW
CommandLineToArgvW

ole32

CoCreateInstance
CoInitialize
CLSIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoUninitialize

oleaut32

OleLoadPicture
SysAllocString
SysFreeString

shlwapi

StrRStrIW
ord487
SHCopyKeyW
StrStrIW
SHDeleteKeyW

gdiplus

GdipCreatePen1
GdipDeletePen
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawPath
GdipFillPath
GdiplusStartup
GdiplusShutdown
GdipCreatePen2
GdipSetPenWidth
GdipCloneImage
GdipClosePathFigure
GdipDeleteBrush
GdipSetSmoothingMode
GdipDrawArcI
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImageRect
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipStartPathFigure
GdipDeletePath
GdipCreatePath
GdipFree
GdipCreateSolidFill
GdipCloneBrush
GdipCreateBitmapFromHICON
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAddPathArcI
GdipAlloc
GdipDisposeImage
GdipMeasureString
GdipLoadImageFromFile

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 558KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

947aecd97fa2990c5ef2f0e9a8311a90

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

magnification

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

dwmapi

version

Sections

.text Size: 558KB - Virtual size: 558KB

.rdata Size: 178KB - Virtual size: 178KB

.data Size: 12KB - Virtual size: 36KB

.pdata Size: 28KB - Virtual size: 28KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 558KB - Virtual size: 558KB

.rdata
Size: 178KB - Virtual size: 178KB

.data
Size: 12KB - Virtual size: 36KB

.pdata
Size: 28KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 572KB - Virtual size: 576KB