521b3d14401c1b734b045e1891c3ca6376a275faeb19b2b7963f57643ba295c2

Sharing

Copy URL Twitter E-mail

General

Target

521b3d14401c1b734b045e1891c3ca6376a275faeb19b2b7963f57643ba295c2
Size

488KB
MD5

85cc15105270f821d5121885b9d6065d
SHA1

3b03501b9dc521fd56f5b0a65c783f4908d4ccf5
SHA256

521b3d14401c1b734b045e1891c3ca6376a275faeb19b2b7963f57643ba295c2
SHA512

c22d5f59adbbed7e18f15394a86a8598d0aad722a04b8c0c19f337f83d089783b93457e568e0f587ab28564d65cf22ad5928f9bf35ff27d55b16897c1ea51fc8
SSDEEP

12288:eedkf/elUZy+Uszph0lhSMXliNXCPrwSp:xkf/eIy+Uslh0lhSMXlYSPrw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
521b3d14401c1b734b045e1891c3ca6376a275faeb19b2b7963f57643ba295c2

Files

521b3d14401c1b734b045e1891c3ca6376a275faeb19b2b7963f57643ba295c2
.dll windows:6 windows x64 arch:x64

04540b4e594cbd8de6db4d23967e659e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Downloads\OpenGlass-1.2-legacy-patch-1\Build\x64\Release\OpenGlass.pdb

Imports

kernel32

ReadFile
SizeofResource
GetFileSizeEx
CreateFileW
FreeResource
LockResource
LoadResource
FindResourceW
SetThreadDescription
WriteFile
GetModuleFileNameW
CreateNamedPipeW
K32GetModuleFileNameExW
CreateFile2
DuplicateHandle
DisconnectNamedPipe
OpenProcess
ProcessIdToSessionId
Sleep
GetCurrentThread
LoadLibraryW
LocalFree
FreeLibrary
WaitNamedPipeW
ConnectNamedPipe
FlushFileBuffers
LoadLibraryExW
MultiByteToWideChar
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
GetSystemPowerStatus
VirtualProtect
LoadLibraryA
CreateDirectoryW
FreeLibraryAndExitThread
CreateThread
SetUnhandledExceptionFilter
GetEnvironmentVariableW
GetSystemDirectoryW
K32GetModuleInformation
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
GetCurrentProcess
IsBadReadPtr
IsDebuggerPresent
DebugBreak
WideCharToMultiByte
GetModuleHandleW
GetProcessHeap
GetModuleFileNameA
GetCurrentProcessId
CreateMutexExW
UnmapViewOfFile
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
EncodePointer
RtlUnwindEx
InitializeSListHead
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
WakeConditionVariable
HeapFree
CreateSemaphoreExW
InitializeConditionVariable
InitializeCriticalSectionEx
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
InitializeSRWLock
IsProcessorFeaturePresent
RaiseException
QueryPerformanceCounter

user32

LoadStringW
SetProcessDpiAwarenessContext
IsRectEmpty
SetWindowLongPtrW
SendMessageW
SetWindowTextW
GetAsyncKeyState
DestroyIcon
UnregisterPowerSettingNotification
InternalGetWindowText
SetThreadDpiAwarenessContext
LoadIconW
FindWindowW
ChangeWindowMessageFilterEx
RegisterPowerSettingNotification
InvalidateRect
IsWindow
ShowWindowAsync

gdi32

CreateRectRgnIndirect
CreateDIBSection
GetTextColor
GetCurrentObject
CreateRectRgn
DeleteObject
CombineRgn
GetRgnBox
GetObjectW

advapi32

RegOpenCurrentUser
DuplicateTokenEx
RegOpenKeyExW
InitializeSecurityDescriptor
CheckTokenMembership
SetSecurityDescriptorDacl
RevertToSelf
RegCloseKey
RegGetValueW
AllocateAndInitializeSid
SetEntriesInAclW
ImpersonateLoggedOnUser
FreeSid

shell32

SetCurrentProcessExplicitAppUserModelID
CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler

oleaut32

GetErrorInfo
SetErrorInfo
SysStringLen
VariantClear
SysAllocString
SysFreeString
VariantInit

dbghelp

SymGetOptions
SymEnumSymbols
UnDecorateSymbolName
SymUnloadModule64
SymGetSymbolFileW
SymLoadModuleExW
SymSetOptions
SymCleanup
MiniDumpWriteDump
ImageDirectoryEntryToData
SymInitialize
SymRegisterCallbackW64
SymSetSearchPathW

wtsapi32

WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

shlwapi

ord12
PathFileExistsW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

comctl32

ord345
ord344

dwmapi

DwmSetWindowAttribute
DwmFlush

uxtheme

CloseThemeData
GetCurrentThemeName
DrawThemeTextEx

api-ms-win-core-memory-l1-1-6

MapViewOfFile3

ucrtbase

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_localtime64_s
__stdio_common_vswprintf_s
_wtoll
_stricmp
_wcsicmp
strcpy_s
wcscpy_s
fminf
fmaxf
_invalid_parameter_noinfo_noreturn
_errno
__stdio_common_vswprintf
_invalid_parameter_noinfo
iswspace
abort
__NLG_Dispatch2
ceilf
_local_unwind
__TypeMatch
__DestructExceptionObject
__FrameUnwindFilter
__std_type_info_compare
__processing_throw
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_CreateFrameInfo
__std_type_info_destroy_list
__current_exception_context
memmove
__AdjustPointer
__current_exception
_CxxThrowException
__C_specific_handler
memset
memcpy
wcsstr
_purecall
__std_exception_copy
__std_exception_destroy
terminate
malloc
free
__NLG_Return2
wcsftime
memcmp
floor

Exports

Exports

InstallApp
Main
ShutdownService
StartupService
UninstallApp

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04540b4e594cbd8de6db4d23967e659e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

wtsapi32

shlwapi

api-ms-win-core-path-l1-1-0

comctl32

dwmapi

uxtheme

api-ms-win-core-memory-l1-1-6

ucrtbase

Exports

Exports

Sections

.text Size: 157KB - Virtual size: 157KB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 11KB - Virtual size: 15KB

.pdata Size: 7KB - Virtual size: 7KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 127KB - Virtual size: 126KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 157KB - Virtual size: 157KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 11KB - Virtual size: 15KB

.pdata
Size: 7KB - Virtual size: 7KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 2KB - Virtual size: 2KB