b8dfe3eddacbc421ac90fddfb5322e9ae2c5df5d1a567fc5308a22e67c429dbb

Sharing

Copy URL

Twitter E-mail

General

Target

b8dfe3eddacbc421ac90fddfb5322e9ae2c5df5d1a567fc5308a22e67c429dbb
Size

4.8MB
MD5

8fb6b9b5a72576a6e85ae16adada1916
SHA1

a4f20676a0a9e2d2dd5426149d2be999a24de3cb
SHA256

b8dfe3eddacbc421ac90fddfb5322e9ae2c5df5d1a567fc5308a22e67c429dbb
SHA512

8feec54f8e0e774177a628436a44bc541a1f9dc8c2495de8f6c82191c9aa7747b5493ecc737f53a405ecc5e0984167d14f978465cfe0888b7063f3582d6d915b
SSDEEP

49152:AjLG+gXmn2DBn7Nk9RpKeVED4/vvqEDrz9HjR5Zs3GkRVb2cWf8ugIgBXYuTgJnG:XFS9RptXjXs3G8WH/g5tTgJRH46Vc4i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8dfe3eddacbc421ac90fddfb5322e9ae2c5df5d1a567fc5308a22e67c429dbb

Files

b8dfe3eddacbc421ac90fddfb5322e9ae2c5df5d1a567fc5308a22e67c429dbb
.exe windows:5 windows x86 arch:x86

df501978ddd9a149a1c0b1b1e74b5edc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\AnyLink\Install_Uninstall_64\Release\Install.pdb

Imports

kernel32

CancelWaitableTimer
QueryPerformanceCounter
QueryPerformanceFrequency
GetTimeZoneInformation
RtlCaptureStackBackTrace
GetFileInformationByHandle
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
SearchPathW
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
SetWaitableTimer
CreateWaitableTimerW
DuplicateHandle
WaitForMultipleObjects
ResetEvent
ResumeThread
GetThreadIOPendingFlag
GetCurrentThread
InterlockedCompareExchange
InterlockedExchange
GetDriveTypeW
CreateEventW
WaitForSingleObject
SetEvent
WritePrivateProfileStringW
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
Sleep
InterlockedDecrement
InterlockedIncrement
DecodePointer
GetVersionExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
WideCharToMultiByte
GetStartupInfoW
CreateProcessW
GetModuleHandleW
LoadLibraryW
GetTickCount
GetCurrentProcess
OpenProcess
GetProcAddress
FreeLibrary
CreateFileW
ReadFile
GetFileSize
ReadConsoleW
SetEndOfFile
WriteConsoleW
SetFilePointerEx
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
UnlockFile
LockFile
GetModuleFileNameW
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
FindResourceExW
FindResourceW
lstrlenW
FindClose
SizeofResource
LoadResource
SetLastError
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
DeleteFileA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
CreateFileA
GetTempFileNameA
GetTempPathA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
WaitForSingleObjectEx
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
CloseHandle
WriteFile
GetLongPathNameW
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetLogicalDriveStringsW
QueryDosDeviceW
CopyFileW
OutputDebugStringA
OutputDebugStringW
GetFileSizeEx
GetLocalTime
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LocalFree
FormatMessageW
GetTempFileNameW
GetEnvironmentVariableW
GetSystemDirectoryW
GetDiskFreeSpaceExW
SetFilePointer
GetFileAttributesExW
LocalAlloc
GetPrivateProfileStringW
GetShortPathNameW
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
TryEnterCriticalSection
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FlushFileBuffers
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetPrivateProfileIntW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FreeResource

user32

DialogBoxParamW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
MapWindowPoints
SetForegroundWindow
MessageBoxW
EndDialog
RegisterWindowMessageW
SendMessageTimeoutW
SendNotifyMessageW
FindWindowW
CopyRect
EqualRect
GetActiveWindow
PtInRect
SetCursor
DrawFocusRect
DestroyCursor
MoveWindow
GetSystemMetrics
IsIconic
IsWindowVisible
PostQuitMessage
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
FillRect
ScreenToClient
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DrawTextW
ReleaseCapture
SetCapture
GetAsyncKeyState
GetFocus
SetWindowPos
UpdateLayeredWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
OffsetRect
IsDialogMessageW
MsgWaitForMultipleObjectsEx
CallWindowProcW
DefWindowProcW
GetWindowThreadProcessId
SendMessageW
FindWindowExW
PostMessageW
KillTimer
SetTimer
UnionRect
GetShellWindow
wsprintfW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
DeleteDC
DeleteObject
GetStockObject
RectVisible
SaveDC
EnumFontFamiliesW
SelectObject
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
SetViewportOrgEx
CreateFontW
OffsetViewportOrgEx
RestoreDC
SelectClipRgn

advapi32

BuildExplicitAccessWithNameW
CryptContextAddRef
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
GetTokenInformation
ChangeServiceConfig2W
ChangeServiceConfigW
GetTrusteeNameW
GetUserNameW
EqualSid
DeleteAce
LookupAccountSidW
LookupAccountNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW

shell32

SHCreateDirectoryExW
SHFileOperationW
ord165
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderPathW

ole32

CLSIDFromProgID
CoInitializeSecurity
OleRun
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantCopy
SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString
GetErrorInfo
VariantChangeType
SetErrorInfo
VariantInit
CreateErrorInfo
VarUI4FromStr
SysAllocStringLen
SysFreeString

shlwapi

PathFindFileNameA
PathIsPrefixW
PathCombineW
SHDeleteValueW
PathFileExistsW
PathFindExtensionW
PathRenameExtensionA
StrCmpIW
StrStrIA
StrTrimA
StrCmpNIW
StrStrIW
ord12
PathRemoveFileSpecW
PathFindFileNameW
AssocQueryStringW
SHGetValueW
wnsprintfW
PathIsDirectoryW
PathIsRelativeW
SHSetValueW
PathAppendW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromFileICM
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawString
GdipFillRectangleI
GdipMeasureString
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRect
GdipDrawImagePointRectI
GdipCreatePen1
GdipDeletePen
GdipDrawRectangleI
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromFile

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

setupapi

SetupIterateCabinetW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

Exports

Exports

_run@12

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df501978ddd9a149a1c0b1b1e74b5edc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

setupapi

version

secur32

wininet

iphlpapi

urlmon

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 222KB - Virtual size: 221KB

.data Size: 25KB - Virtual size: 34KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 222KB - Virtual size: 221KB

.data
Size: 25KB - Virtual size: 34KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 60KB - Virtual size: 59KB