877925b41dad686c247e309ae0059db79ecf44185ae52ceeb20bfef6d73689fa

Sharing

Copy URL

Twitter E-mail

General

Target

877925b41dad686c247e309ae0059db79ecf44185ae52ceeb20bfef6d73689fa
Size

3.5MB
MD5

e0768a6da09a16c08b60ffbfa874a2a5
SHA1

8b2db9fafb8069486d01943847ece90d49cf8fc2
SHA256

877925b41dad686c247e309ae0059db79ecf44185ae52ceeb20bfef6d73689fa
SHA512

5daef2dd43e288fda8dfa88ada672ff5baf155058fecda1fb13e60f2d39cde70a99fae4064ec16e3783f663a93b84b3fdb2a7dcf20809a16794c17b0ab0509d9
SSDEEP

49152:nAil1zLyAEOAvKtNFZhMo3UAHe8SGz8OYKSgFVDzOWTniN+GQeCUYdCRGkSCLcnq:n9MAgcjZhmKLnzdr8CUycSCLcnq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
877925b41dad686c247e309ae0059db79ecf44185ae52ceeb20bfef6d73689fa

Files

877925b41dad686c247e309ae0059db79ecf44185ae52ceeb20bfef6d73689fa
.exe windows:5 windows x64 arch:x64

4dbf491d0acb3a8f0cdfa8dc1b42d2f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\sources\notepad-plus-plus\PowerEditor\bin64\npp.pdb

Imports

comctl32

ImageList_DragEnter
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_BeginDrag
ImageList_SetIconSize
ord17
ImageList_AddMasked
ImageList_GetImageCount
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_DragMove
ImageList_Draw

shlwapi

PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW
PathMatchSpecW
PathCombineW
PathCompactPathExW
PathGetDriveNumberW
PathIsRelativeW
PathStripPathW
PathAppendW
PathAddExtensionW
AssocQueryStringW
PathIsDirectoryW
PathRemoveExtensionW
PathFindFileNameW

shell32

ShellExecuteW
ord165
SHGetFolderPathW
Shell_NotifyIconW
SHCreateItemFromParsingName
DragQueryFileW
DragFinish
DragQueryPoint
SHFileOperationW

dbghelp

ImageNtHeader

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CryptQueryObject
CertGetNameStringW
CertNameToStrW
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

wintrust

WinVerifyTrust

sensapi

IsNetworkAlive
IsDestinationReachableW

winmm

PlaySoundW

wininet

InternetCrackUrlW

kernel32

CreateDirectoryW
DeleteFileW
GetFileAttributesExW
GetFullPathNameW
GetLongPathNameW
SetFileAttributesW
lstrcpyW
MoveFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GlobalUnlock
GlobalLock
GetCurrentDirectoryW
GlobalAlloc
FormatMessageW
LCMapStringW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
lstrcmpiW
FreeLibrary
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetCurrentThreadId
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
CopyFileW
CreateFileW
GetCurrentProcess
GetCurrentProcessId
LoadLibraryW
ReleaseMutex
CreateMutexW
Sleep
GlobalSize
lstrcpynW
WaitForMultipleObjects
lstrlenW
GetSystemInfo
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLocalTime
GetTempPathW
SetLastError
CancelIo
SleepEx
WaitForSingleObjectEx
QueueUserAPC
ReadDirectoryChangesW
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetLocaleInfoW
CompareStringW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
lstrcmpW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetACP
GlobalFree
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetVersion
MulDiv
LocalFree
LocalAlloc
GetLastError
CompareFileTime
OutputDebugStringW
UnregisterWaitEx
CreateTimerQueue
RtlPcToFileHeader
RaiseException
RtlUnwindEx
ReadFile
ExitProcess
GetModuleHandleExW
ExitThread
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetFileType
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
GetFileSizeEx
IsValidCodePage
GetOEMCP
HeapReAlloc
RtlUnwind
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
SetEndOfFile
WriteConsoleW
CopyFileExW

user32

IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
GetClassNameA
CreateAcceleratorTableW
FindWindowW
ShowCursor
CreateDialogIndirectParamW
SystemParametersInfoW
MonitorFromRect
TrackMouseEvent
GetCapture
SetRectEmpty
AppendMenuW
RegisterWindowMessageW
CreateCursor
DestroyCursor
ScrollWindow
SetPropW
GetPropW
RemovePropW
SetScrollInfo
LoadStringW
InsertMenuItemW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
LoadMenuW
GetWindowTextW
TrackPopupMenu
FlashWindowEx
RegisterClassExW
UnregisterClassW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
MapWindowPoints
BringWindowToTop
ReleaseCapture
SetCapture
GetDlgCtrlID
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetParent
GetCursorPos
RedrawWindow
IsChild
GetClassNameW
FindWindowExW
EnumChildWindows
GetAsyncKeyState
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuW
GetMenuItemCount
EnableMenuItem
CheckMenuItem
DestroyMenu
CreatePopupMenu
CreateMenu
GetMenuState
ScreenToClient
EmptyClipboard
SetClipboardData
IsWindow
GetDlgItemInt
FrameRect
FillRect
DrawFocusRect
IsDialogMessageW
InflateRect
GetSysColor
ClientToScreen
GetWindowRect
IsWindowVisible
CharUpperW
IsClipboardFormatAvailable
RegisterClipboardFormatW
GetClipboardData
ChangeClipboardChain
SetClipboardViewer
CloseClipboard
OpenClipboard
LoadCursorW
GetParent
GetWindowLongW
SetCaretPos
ShowCaret
SetMenu
RealChildWindowFromPoint
GetMonitorInfoW
MonitorFromWindow
CheckMenuRadioItem
HideCaret
DestroyCaret
CreateCaret
SetCursor
MessageBeep
GetClientRect
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DrawTextExW
DrawTextW
GetMenu
GetSystemMetrics
ToAscii
GetKeyboardState
GetFocus
SetWindowPlacement
GetWindowPlacement
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageW
DrawFrameControl
DrawEdge
SetWindowPos
SetFocus
MoveWindow
DrawIconEx
LoadImageW
EnableWindow
GetKeyState
SendDlgItemMessageW
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowTextW
GetDlgItemTextW
SetDlgItemTextW
SetDlgItemTextA
GetDlgItem
CallWindowProcW
SendMessageW
MessageBoxW
wsprintfW
SetForegroundWindow
SetMenuItemBitmaps
DeleteMenu
DrawMenuBar
GetMenuStringW
CharLowerW
DrawIcon
ShowWindow
TranslateAcceleratorW
DestroyAcceleratorTable
IsZoomed
IsIconic
ModifyMenuW
GetMenuItemID
GetSubMenu
RemoveMenu
DestroyIcon
LoadIconW
GetDesktopWindow
PtInRect
WindowFromPoint
LockWindowUpdate
GetDCEx
mouse_event
SetDlgItemInt
LoadBitmapW
GetComboBoxInfo
GetDlgItemTextA
GetSysColorBrush
MessageBoxA
AdjustWindowRectEx
CreateDialogParamW
GetWindowTextLengthW
GetActiveWindow

gdi32

SetWindowOrgEx
OffsetWindowOrgEx
CreateBitmap
CreatePatternBrush
PatBlt
SetBrushOrgEx
CreateFontIndirectW
GetObjectW
SaveDC
RestoreDC
BitBlt
GetPixel
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW
EnumFontFamiliesExW
SetTextAlign
StartDocW
EndDoc
StartPage
EndPage
ExtTextOutW
DPtoLP
GetTextExtentPointW
StretchBlt
MoveToEx
LineTo
CreateHatchBrush
SetTextColor
SetROP2
SetBkMode
SelectObject
Rectangle
GetTextExtentPoint32W
GetStockObject
GetROP2
DeleteObject
CreateSolidBrush
CreatePen
CreateFontW
SetBkColor
GetDeviceCaps
CreateFontA

comdlg32

PrintDlgW
ChooseColorW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
IsTextUnicode

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 770KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 759KB - Virtual size: 758KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4dbf491d0acb3a8f0cdfa8dc1b42d2f9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

shell32

dbghelp

version

crypt32

wintrust

sensapi

winmm

wininet

kernel32

user32

gdi32

comdlg32

advapi32

ole32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 770KB - Virtual size: 770KB

.data Size: 42KB - Virtual size: 122KB

.pdata Size: 70KB - Virtual size: 69KB

.rsrc Size: 759KB - Virtual size: 758KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 770KB - Virtual size: 770KB

.data
Size: 42KB - Virtual size: 122KB

.pdata
Size: 70KB - Virtual size: 69KB

.rsrc
Size: 759KB - Virtual size: 758KB

.reloc
Size: 13KB - Virtual size: 12KB