e859b963298ffe9d41f1484268859d6e0883de45f62d39503a0e5414a2cfd09e

Sharing

Copy URL Twitter E-mail

General

Target

e859b963298ffe9d41f1484268859d6e0883de45f62d39503a0e5414a2cfd09e
Size

1.6MB
MD5

92ec9592b87732681e1e6d6ce6bbf6b6
SHA1

cd690678da9757bc99ee6231197fa54b5ac22703
SHA256

e859b963298ffe9d41f1484268859d6e0883de45f62d39503a0e5414a2cfd09e
SHA512

208cc674edd759c1a2f0356245811f1fab6ec5db6f2b63a5a957d20ffd0d15bddfe624078af14d0ddf39d5184c2a66a9ffc55e1434ccc13620d7ec38ad8dcb55
SSDEEP

24576:frDJP43bBlMUbThfnkh5ebYgTt053Pk9q1cM+oavvRFqTsZuk+ms+:DD4QUbNfnkh5333OJSe

Score

1^/10

Malware Config

Signatures

Files

e859b963298ffe9d41f1484268859d6e0883de45f62d39503a0e5414a2cfd09e
.exe windows:5 windows x64 arch:x64

3f1a8f4db34d5a9d211ad9aed1422898

Code Sign

2a:4c:2e:c3:44:47:93:8f:4a:db:b2:f5:5d:35:fb:ad
Certificate

Issuer

CN=ConEmu-Maximus5

Not Before

24/03/2010, 21:48

Not After

31/12/2039, 23:59

Subject

CN=ConEmu-Maximus5

88:7c:41:9f:9f:43:03:26:32:ed:81:74:61:a2:96:ac:12:a9:99:73
Signer

Actual PE Digest

88:7c:41:9f:9f:43:03:26:32:ed:81:74:61:a2:96:ac:12:a9:99:73

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

T:\VCProject\Maximus5\ConEmu\src\_VCBUILD\final.ConEmu.64W.vc9\ConEmu64.pdb

Imports

kernel32

GetCurrentThread
GetFileAttributesW
SetUnhandledExceptionFilter
SetNamedPipeHandleState
WaitNamedPipeW
ReadFile
TransactNamedPipe
WriteFile
GetFileSizeEx
MultiByteToWideChar
SetFileAttributesW
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalFree
OutputDebugStringA
OutputDebugStringW
SetFilePointer
GetFileInformationByHandle
VerifyVersionInfoW
VerSetConditionMask
DisconnectNamedPipe
GetOverlappedResult
WaitForMultipleObjects
ReleaseSemaphore
ConnectNamedPipe
CreateNamedPipeW
CreateSemaphoreW
FlushFileBuffers
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
SystemTimeToFileTime
GetLocalTime
HeapCreate
HeapDestroy
LocalAlloc
CompareStringW
QueryPerformanceCounter
QueryPerformanceFrequency
FindNextFileW
GetDriveTypeW
GetTempFileNameW
SetPriorityClass
DeleteFileW
GetPrivateProfileStringW
MulDiv
GetConsoleOutputCP
OpenEventW
SetThreadPriority
OpenThread
GetFileSize
GetModuleFileNameA
CreateFileA
WriteConsoleW
WriteConsoleA
SetStdHandle
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
HeapSetInformation
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
HeapSize
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
IsValidCodePage
GetCPInfo
RtlPcToFileHeader
RaiseException
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStartupInfoA
GetCommandLineA
RtlUnwindEx
RtlLookupFunctionEntry
GetTempPathW
CreateDirectoryW
GetVersionExW
GetConsoleWindow
GetACP
GetOEMCP
GetStdHandle
GetConsoleMode
DebugBreak
GetCommandLineW
FormatMessageW
LocalFree
GetStartupInfoW
lstrcpyA
lstrlenA
lstrcatA
WideCharToMultiByte
ResetEvent
SetCurrentDirectoryW
SetProcessAffinityMask
InitializeCriticalSection
GetModuleFileNameW
CopyFileW
GetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
CreateEventW
SetEvent
ExpandEnvironmentStringsW
DeleteCriticalSection
GetFullPathNameW
GetWindowsDirectoryW
lstrcmpA
lstrcpynA
GetCurrentDirectoryW
Module32NextW
Process32FirstW
Process32NextW
UnmapViewOfFile
SetLastError
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
Sleep
CreateMutexW
SearchPathW
TerminateThread
SetEnvironmentVariableW
SetConsoleCP
SetConsoleOutputCP
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
FindFirstFileW
FindClose
IsBadReadPtr
CreateThread
CreateFileW
CreateProcessW
GetLastError
GetCurrentThreadId
WaitForSingleObject
GetExitCodeProcess
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32FirstW
lstrcmpW
lstrcatW
OpenProcess
CloseHandle
FreeLibrary
lstrlenW
lstrcpynW
ReadProcessMemory
lstrcmpiW
GetTickCount
GetModuleHandleW
LoadLibraryW
GetProcAddress
TryEnterCriticalSection
lstrcpyW

user32

SetDlgItemTextA
CallWindowProcW
EnumChildWindows
GetNextDlgTabItem
keybd_event
UpdateWindow
ShowWindowAsync
InvalidateRgn
EnableScrollBar
ShowScrollBar
FlashWindow
GetCaretBlinkTime
OffsetRect
GetWindowDC
SendDlgItemMessageW
PostThreadMessageW
DrawIconEx
DrawTextExW
CreatePopupMenu
AppendMenuW
CharLowerBuffA
CallNextHookEx
DestroyMenu
IsWindowUnicode
SetForegroundWindow
EmptyClipboard
SetClipboardData
EnumDisplayMonitors
CloseClipboard
OpenClipboard
GetActiveWindow
UnregisterClassW
GetWindowTextLengthW
LoadIconW
ValidateRect
GetClipboardData
LockSetForegroundWindow
IsCharAlphaW
GetDlgCtrlID
FindWindowW
GetScrollInfo
SetScrollInfo
ScrollWindowEx
IsWindowEnabled
DrawTextW
GetDlgItemInt
GetDlgItemTextW
CheckRadioButton
LoadImageW
SetCursor
GetWindowInfo
GetWindowLongPtrW
SendMessageW
GetDlgItem
SetWindowPos
CreateWindowExW
IsWindow
DeleteMenu
GetWindowRect
SetDlgItemTextW
GetSysColorBrush
GetSysColor
AttachThreadInput
CheckDlgButton
SetDlgItemInt
SwitchToThisWindow
SetWindowRgn
SetCapture
PostQuitMessage
LoadStringW
EqualRect
GetMessageW
RegisterClassExW
AllowSetForegroundWindow
DestroyIcon
GetWindowPlacement
GetShellWindow
CharLowerBuffW
RegisterWindowMessageW
SetLayeredWindowAttributes
ClientToScreen
ScreenToClient
ChildWindowFromPointEx
SendMessageTimeoutW
FlashWindowEx
SetWindowsHookExW
PeekMessageW
TranslateMessage
DispatchMessageW
MonitorFromRect
AdjustWindowRectEx
MessageBoxW
IsDialogMessageW
SetTimer
KillTimer
CheckMenuItem
GetForegroundWindow
GetGUIThreadInfo
WindowFromPoint
SetCursorPos
mouse_event
GetKeyboardLayoutNameW
GetKeyState
GetFocus
IsRectEmpty
IntersectRect
MonitorFromPoint
GetKeyboardLayoutList
BeginPaint
EndPaint
InvalidateRect
UnhookWindowsHookEx
RegisterHotKey
SetFocus
SetClassLongPtrW
SetWindowTextW
EndDialog
SetActiveWindow
GetDoubleClickTime
GetSystemMenu
InsertMenuW
LoadCursorW
EnableMenuItem
wsprintfA
UnregisterHotKey
GetKeyboardLayout
DefWindowProcW
GetWindowLongW
IsZoomed
IsIconic
AnimateWindow
GetParent
SetParent
GetDesktopWindow
SetWindowLongW
GetSystemMetrics
SetWindowLongPtrW
MessageBoxIndirectW
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuItemID
GetMenuItemRect
ToUnicode
TrackPopupMenuEx
LoadBitmapW
MapWindowPoints
GetCursorInfo
SystemParametersInfoW
VkKeyScanW
MapVirtualKeyW
CharUpperBuffW
GetClipboardFormatNameW
RegisterClipboardFormatW
MonitorFromWindow
GetMonitorInfoW
GetDC
FillRect
ReleaseDC
CreateDialogParamW
GetClientRect
MoveWindow
RedrawWindow
EnumWindows
PostMessageW
EnableWindow
FindWindowExW
GetCursorPos
PtInRect
ShowWindow
IsDlgButtonChecked
GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
DestroyWindow
wsprintfW
IsWindowVisible
DialogBoxParamW
ReleaseCapture

advapi32

RegCloseKey
RegOpenKeyExW
CreateProcessWithLogonW
CreateProcessAsUserW
CreateRestrictedToken
OpenProcessToken
RegSetValueExW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
LogonUserW
GetUserNameW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW

shell32

SHGetDesktopFolder
ShellExecuteExW
SHAppBarMessage
SHGetSpecialFolderPathW
ExtractIconExW
SHGetPathFromIDListW
Shell_NotifyIconW
SHGetFileInfoW
ord152
ShellExecuteW
SHFileOperationW
DragQueryFileW
SHGetFolderPathW
SHBrowseForFolderW

ole32

CoInitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop
OleUninitialize
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
DoDragDrop

gdi32

PlayEnhMetaFile
SetEnhMetaFileBits
CombineRgn
CreateRectRgn
GetRegionData
OffsetRgn
CreatePolygonRgn
BitBlt
GetRgnBox
CreateSolidBrush
GetDeviceCaps
SetBkColor
ExtTextOutW
ExtTextOutA
GetTextExtentPoint32W
CreateFontW
CreateRectRgnIndirect
GetOutlineTextMetricsW
DeleteEnhMetaFile
GetTextMetricsW
RemoveFontResourceExW
EnumFontFamiliesExW
EnumFontFamiliesW
CreateFontIndirectW
GetFontUnicodeRanges
AddFontResourceExW
GetTextColor
LineTo
MoveToEx
CreatePen
SetStretchBltMode
GetCharABCWidthsW
CreatePolyPolygonRgn
GdiSetBatchLimit
TextOutW
Rectangle
CreateDIBSection
GdiFlush
GdiAlphaBlend
CreateCompatibleBitmap
GetStockObject
DeleteObject
SetTextColor
SetBkMode
CreateCompatibleDC
SelectObject
StretchBlt
GetTextFaceW
GetObjectW
DeleteDC

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

StrStrIW
StrCmpNIW
StrCmpIW
PathUnExpandEnvStringsW
StrStrW

comctl32

ImageList_Merge
ImageList_AddMasked
ImageList_Create
ord8
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIcon
ImageList_Destroy

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

winmm

timeGetTime

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString
SysAllocStringLen

netapi32

NetApiBufferFree
NetUserEnum

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f1a8f4db34d5a9d211ad9aed1422898

Code Sign

2a:4c:2e:c3:44:47:93:8f:4a:db:b2:f5:5d:35:fb:adCertificate

88:7c:41:9f:9f:43:03:26:32:ed:81:74:61:a2:96:ac:12:a9:99:73Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

gdi32

version

shlwapi

comctl32

comdlg32

winmm

oleaut32

netapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 302KB - Virtual size: 301KB

.data Size: 15KB - Virtual size: 329KB

.pdata Size: 48KB - Virtual size: 47KB

.rsrc Size: 191KB - Virtual size: 191KB

2a:4c:2e:c3:44:47:93:8f:4a:db:b2:f5:5d:35:fb:ad
Certificate

88:7c:41:9f:9f:43:03:26:32:ed:81:74:61:a2:96:ac:12:a9:99:73
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 302KB - Virtual size: 301KB

.data
Size: 15KB - Virtual size: 329KB

.pdata
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 191KB - Virtual size: 191KB