9b2efa64a42133f5c1b7ef0bdfbcdd00N

Sharing

Copy URL Twitter E-mail

General

Target

9b2efa64a42133f5c1b7ef0bdfbcdd00N
Size

1.5MB
MD5

9b2efa64a42133f5c1b7ef0bdfbcdd00
SHA1

5c29ccc6e142fa8237611d02c0de15ab54b8ba85
SHA256

d1c029bb957dd469c18d750a0371057a136224c0f3222ca3573173444191f973
SHA512

2dba918b2e30645da650beabe62d5b6c23ee87981486d139f862717aa3d2dc2624baa1dabd05e8756c90fc4434cf7dc2d0ecc437b4e2745cb067060c777544c2
SSDEEP

24576:o2aUFJyJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJDJJJJJJJJJJJJJJl:h53rtgiomvJi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b2efa64a42133f5c1b7ef0bdfbcdd00N

Files

9b2efa64a42133f5c1b7ef0bdfbcdd00N
.exe windows:5 windows x64 arch:x64

798fb7c743e202d65c42a8de5ecb6ef8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

I:\bld\CDGS-MAS20217-BUILX64\src\out\PROD-X64-VC160\Release\Programs64\CorelDRW.pdb

Imports

crlconfig

?CanLaunch@IAppStartupInit@@UEBA_NXZ
?IsOnlyInitializeAndLoadDll@IAppStartupInit@@UEBA_NXZ
?IsWindowPainterSkinScaleSupported@IAppStartupInit@@UEBA_NXZ
??0IAppStartupInit@@QEAA@XZ
?GetClassID@IAppStartupInit@@UEBA?AV?$CrlStringT@_W@CrlPlatform@@XZ
?IsEmbedding@BaseAppStartup@@UEBA_NXZ
?IsPrintFull@BaseAppStartup@@UEBA_NXZ
?IsPrintABB@BaseAppStartup@@UEBA_NXZ
?IsNoSplash@BaseAppStartup@@UEBA_NXZ
?GetBoxVersion@IAppStartupInit@@UEBAXAEAH000@Z
?GetAppVersion@IAppStartupInit@@UEBAXAEAH000@Z
?GetAppResourceDLLName@IAppStartupInit@@UEBA?AV?$CrlStringT@_W@CrlPlatform@@XZ
?GetBoxMajorVersionNum@IAppStartupInit@@UEBAHXZ
??0BaseAppStartup@@QEAA@AEAUIAppStartupInit@@@Z
??1BaseAppStartup@@UEAA@XZ
?Initialize@BaseAppStartup@@MEAAXXZ
?Initialize@BaseAppStartup@@QEAAXPEB_W_N@Z
?Run@BaseAppStartup@@MEAAHXZ
?LoadAppDll@BaseAppStartup@@IEAA_NXZ
?RunAppDll@BaseAppStartup@@IEAAHXZ
?GetAppSkinSettingData@@YAAEAVWAppSkinSettingData@@XZ
?GetFireBallImagePath@WAppSkinSettingData@@QEAA_NAEAV?$CrlStringT@_W@CrlPlatform@@@Z
?BOXIDGetCopyrightInfo@@YAPEB_WXZ
?GetAppUIName@WAppSkinSettingData@@QEAA?AV?$CrlStringT@_W@CrlPlatform@@XZ
?CommandLine@BaseAppStartup@@UEBAAEBUICommandLine@CrlUtils@@XZ
?GetCmdLine@BaseAppStartup@@UEAAPEA_WXZ
?IsSdiMode@BaseAppStartup@@UEBA_NXZ
?StartupInitialActionDisabled@BaseAppStartup@@UEBA_NXZ
?IsDDE@BaseAppStartup@@UEBA_NXZ
?IsCOMAutomation@BaseAppStartup@@UEBA_NXZ
?IsUserMode@BaseAppStartup@@UEBA_NXZ
?IsPrintAndExit@BaseAppStartup@@UEBA_NXZ
?IsAutomation@BaseAppStartup@@UEBA_NXZ

crlplatform

??4?$CrlStringT@_W@CrlPlatform@@QEAAAEAV01@PEB_W@Z
??1?$CrlStringT@_W@CrlPlatform@@QEAA@XZ
??0?$CrlStringT@_W@CrlPlatform@@QEAA@PEB_W@Z
??0?$CrlStringT@_W@CrlPlatform@@QEAA@XZ
??0?$CrlStringT@_W@CrlPlatform@@QEAA@AEBV01@@Z
??0?$CrlStringT@_W@CrlPlatform@@QEAA@PEB_WH@Z
?GetLength@?$CrlStringT@_W@CrlPlatform@@QEBAHXZ
?Empty@?$CrlStringT@_W@CrlPlatform@@QEAAXXZ
??4?$CrlStringT@_W@CrlPlatform@@QEAAAEAV01@AEBV01@@Z
?FormatInternal@?$CrlStringT@_W@CrlPlatform@@AEAAXPEB_WZZ
??4?$CrlStringT@_W@CrlPlatform@@QEAAAEAV01@$$QEAV01@@Z
?IsEmpty@?$CrlStringT@_W@CrlPlatform@@QEBA_NXZ
??B?$CrlStringT@_W@CrlPlatform@@QEBAPEB_WXZ
?GetString@?$CrlStringT@_W@CrlPlatform@@QEBAPEB_WXZ
?ReleaseBuffer@?$CrlStringT@_W@CrlPlatform@@QEAAXH@Z
?GetBuffer@?$CrlStringT@_W@CrlPlatform@@QEAAPEA_WXZ

crlresources

?Preload@Resources@Framework@@SA_NXZ
?GetString@Resources@Framework@@SA?AV?$CrlStringT@_W@CrlPlatform@@AEBV34@@Z

gdiplus

GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromFile
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipGetImageWidth

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

mfc140u

ord9975
ord9977
ord14211
ord9978
ord9976
ord14360
ord2698
ord7913
ord3209
ord3212
ord13401
ord6002
ord8830
ord2967
ord4352
ord9384
ord4360
ord5451
ord5080
ord4828
ord11850
ord11414
ord4767
ord4752
ord4814
ord4859
ord4782
ord4837
ord4853
ord4794
ord3718
ord11625
ord11415
ord4800
ord14209
ord8656
ord11902
ord6729
ord3172
ord10691
ord8947
ord3173
ord13513
ord11944
ord11940
ord1700
ord1722
ord1748
ord3279
ord1755
ord4776
ord11806
ord4843
ord2629
ord4788
ord5723
ord4806
ord5363
ord5552
ord9041
ord5339
ord5582
ord5083
ord5229
ord5062
ord5916
ord7460
ord7461
ord7450
ord5227
ord7922
ord9946
ord8900
ord3278
ord2316
ord3812
ord13864
ord7182
ord1454
ord990
ord6247
ord6549
ord6320
ord12761
ord12762
ord886
ord1369
ord878
ord13767
ord7813
ord1086
ord438
ord4721
ord13757
ord12746
ord2473
ord4726
ord2475
ord4656
ord1033
ord296
ord3756
ord2212
ord2369
ord2270
ord1489
ord1491
ord266
ord265
ord9979
ord13354
ord11406
ord6631
ord14217
ord1734
ord7651

kernel32

OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetDllDirectoryW
GetWindowsDirectoryW
CloseHandle
GetSystemDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCurrentProcess
lstrcpyW
GetACP
lstrcmpiW
GetCurrentThreadId
ReleaseActCtx
InitializeCriticalSectionEx
GetLastError
ActivateActCtx
DeactivateActCtx
LoadLibraryW
FindActCtxSectionStringW
CreateActCtxW
SetLastError
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
DeleteCriticalSection

user32

IsWindow
PostThreadMessageW
ReleaseDC
GetDC
SendMessageW
TranslateMessage
GetMessageW
DdeUnaccessData
DdeAccessData
SetPropW
CopyRect
DrawTextW
DdeCmpStringHandles
UpdateLayeredWindow
GetClientRect
GetWindowRect
IsRectEmpty
OffsetRect
SetWindowPos
AdjustWindowRect
SetRect
SetWindowTextW
InflateRect
EndDialog
DestroyWindow
ShowWindow
SetWindowLongW
CreateDialogParamW
GetSystemMetrics
SetLayeredWindowAttributes
GetWindowLongW
EnableWindow
GetParent
InvalidateRect
LoadCursorW
GetSysColor
DispatchMessageW
PeekMessageW
DdeInitializeW
DdeCreateStringHandleW
DdeNameService
DdeEnableCallback
DdeFreeStringHandle
DdeUninitialize
UpdateWindow

gdi32

GetStockObject
CreateSolidBrush
SetTextAlign
SetBkColor
DeleteDC
SetTextColor
SetBkMode
CreateDIBSection
DeleteObject
RestoreDC
SaveDC
GetTextMetricsW
GetTextFaceW
BitBlt
Rectangle
RectVisible
GetNearestColor
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
GetDeviceCaps

advapi32

OpenProcessToken

ole32

CoUninitialize
CoInitialize
CoCreateInstance

userenv

ExpandEnvironmentStringsForUserW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
_CxxThrowException
wcschr
memset
__current_exception
__current_exception_context
memmove
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

terminate
_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_crt_atexit
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_c_exit
_cexit

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-string-l1-1-0

isalpha
wcscpy_s
wcscat_s
wcsncpy

api-ms-win-crt-math-l1-1-0

__setusermatherr
round

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

crlutils

?Create@CrlThread@CrlUtils@@YAPEAXV?$function@$$A6AKPEAX@Z@std@@PEAX@Z
?wait@StickyEvent@CrlUtils@@UEAAXXZ
??1StickyEvent@CrlUtils@@UEAA@XZ
?set@StickyEvent@CrlUtils@@QEAAXXZ
?GetThreadID@CrlThread@CrlUtils@@YAKAEAPEAX@Z
?Join@CrlThread@CrlUtils@@YAXAEAPEAX_N@Z
?tryWait@StickyEvent@CrlUtils@@UEAA_NXZ
??0StickyEvent@CrlUtils@@QEAA@_N0@Z
?wait_for@StickyEvent@CrlUtils@@UEAA_NK@Z
?Exists@File@SystemIO@@YA_NPEB_W@Z
?GetFolderName@Path@SystemIO@@YA?AV?$CrlStringT@_W@CrlPlatform@@PEB_W@Z
?Combine@Path@SystemIO@@YA?AV?$CrlStringT@_W@CrlPlatform@@PEB_W0@Z
?GetFileName@Path@SystemIO@@YA?AV?$CrlStringT@_W@CrlPlatform@@PEB_W@Z
?GetUserLocaleID@CrlLocale@@YAKXZ
?GetWorkAreaSizeWithoutTaskBarAndToolbarRectPixels@System@CrlUtils@@YA_NPEAX@Z
?GetProcessFileName@Path@SystemIO@@YA?AV?$CrlStringT@_W@CrlPlatform@@PEAUHINSTANCE__@@@Z
?set@InterProcessEvent@CrlUtils@@QEAAXXZ
?DeleteAllSingletons@CrlUtils@@YAXXZ
?getNativeHandle@StickyEvent@CrlUtils@@UEAAPEAXXZ

crlutl

?CRLUTLIsCurLangFarEast@@YAHXZ
?GetInst@IGLB_UILanguage@@SAAEAV1@XZ
?CreateSilentEvent@IGLB_UILanguage@@SAPEAVInterProcessEvent@CrlUtils@@XZ

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

798fb7c743e202d65c42a8de5ecb6ef8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crlconfig

crlplatform

crlresources

gdiplus

msvcp140

mfc140u

kernel32

user32

gdi32

advapi32

ole32

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

crlutils

crlutl

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 1KB - Virtual size: 9KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 301KB - Virtual size: 301KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 9KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 301KB - Virtual size: 301KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB