30a413132a3fbd21976e5572527e0b00e7241e35da4e2c97acccd4ac505ffbecN

Sharing

Copy URL

Twitter E-mail

General

Target

30a413132a3fbd21976e5572527e0b00e7241e35da4e2c97acccd4ac505ffbecN
Size

189KB
MD5

45669e8bd7d9b2ec4177b3d4b5ac98c0
SHA1

d5354b20f21b5d6ef0a793f424a887b1bc5d6f9d
SHA256

30a413132a3fbd21976e5572527e0b00e7241e35da4e2c97acccd4ac505ffbec
SHA512

5a288354721c524e10e6f68232bbea58107e20b5794fd63b4b46292a2228eb4695dd9aad40aefed79f2f15ca19fa4778b2669bd4abac9da7c2ca53c604d17b8f
SSDEEP

3072:3LOwUI0faHhB+/hXGQlBVvCAuegPO8evTq2Va:31+aHhE8QlB0FegEv+2V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30a413132a3fbd21976e5572527e0b00e7241e35da4e2c97acccd4ac505ffbecN

Files

30a413132a3fbd21976e5572527e0b00e7241e35da4e2c97acccd4ac505ffbecN
.exe windows:10 windows x64 arch:x64

47bdd8b17b478f0e4cc473ed9e9f16e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

recdisc.pdb

Imports

user32

SetWindowTextW
ShowWindow
MessageBoxW
EndDialog
GetLastActivePopup
IsWindow
SetFocus
PostMessageW
EnableWindow
LoadIconW
ChangeWindowMessageFilterEx
RegisterWindowMessageW
SetWindowLongPtrW
GetWindowLongPtrW
DialogBoxParamW
GetDlgItem
DestroyIcon
SendMessageW
GetSystemMetrics
GetWindowLongW

msvcrt

_wcsnicmp
memcmp
memcpy
memmove
exit
_wcsicmp
free
malloc
_callnewh
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
iswspace
_vscwprintf
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
memset
wcschr
_vsnwprintf
wcsstr

oleaut32

DispCallFunc
SysFreeString
VariantClear
LoadRegTypeLi
SysAllocString
SysStringLen
SysAllocStringLen

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-file-l1-1-0

FindNextFileW
CreateDirectoryW
DeleteFileW
FindFirstFileW
GetVolumePathNameW
GetDriveTypeW
GetDiskFreeSpaceExW
CreateFileW
GetLogicalDriveStringsW
GetFileAttributesW
FindClose

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetErrorMode
SetLastError

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoWaitForMultipleHandles
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsGetValue
TlsFree
TlsAlloc
GetStartupInfoW
TlsSetValue
CreateThread
TerminateProcess
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
VerSetConditionMask

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitializeConditionVariable

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
LoadStringW
FreeLibrary

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-localization-l1-2-0

GetFileMUIPath
FormatMessageW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-security-base-l1-1-0

GetTokenInformation
CheckTokenMembership
CreateWellKnownSid
DuplicateToken

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetTempPathW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

shell32

SHGetDesktopFolder
CommandLineToArgvW
SHParseDisplayName
ord155
SHGetFileInfoW

shlwapi

StrRetToBufW
SHCreateStreamOnFileEx
SHCreateStreamOnFileW

ntdll

RtlNtStatusToDosError
EtwTraceMessage
RtlGetLastNtStatus
NtQuerySystemInformation
NtQueryInformationFile
NtSetInformationFile
WinSqmAddToStream

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
ord344
ord345

bcd

BcdGetElementData
BcdOpenSystemStore
BcdOpenObject

reagent

WinReGetConfig

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47bdd8b17b478f0e4cc473ed9e9f16e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

msvcrt

oleaut32

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

shell32

shlwapi

ntdll

comctl32

bcd

reagent

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 22KB - Virtual size: 24KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 66KB - Virtual size: 65KB

.reloc Size: 512B - Virtual size: 496B

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 22KB - Virtual size: 24KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 66KB - Virtual size: 65KB

.reloc
Size: 512B - Virtual size: 496B