79f1e5a2463dd6fb92de65c2b84f568f874e24daca41eebd95bb527bfee7d716

Sharing

Copy URL Twitter E-mail

General

Target

79f1e5a2463dd6fb92de65c2b84f568f874e24daca41eebd95bb527bfee7d716
Size

169KB
MD5

8ac0875fe26d6dd54464bfcb1bbbfd36
SHA1

77a0cf4de658297f365738997ab63d719da692a4
SHA256

79f1e5a2463dd6fb92de65c2b84f568f874e24daca41eebd95bb527bfee7d716
SHA512

73d6356b72679fa4aec63fd5ef4087f4068b3b24c81943c3a23a549ff559eeaf1439f519551d2be4dd27fb3ba4cf42cabdfa21404e3aee8a19bf0b6460fe854e
SSDEEP

3072:6ky7Csceek13Gf/MbAfi97Z9wKDVc17840aFUujd9T4pK6ixp72rs:pykeek1m/MUfi9HwKq17840aFBT4ZiHz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79f1e5a2463dd6fb92de65c2b84f568f874e24daca41eebd95bb527bfee7d716

Files

79f1e5a2463dd6fb92de65c2b84f568f874e24daca41eebd95bb527bfee7d716
.exe windows:6 windows x86 arch:x86

261628e85908cef646e3a7472336d423

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ConvertInkStore.pdb

Imports

user32

UnregisterClassA
RegisterPowerSettingNotification
PostQuitMessage
UnregisterPowerSettingNotification
DestroyWindow
GetKeyboardLayoutList
OffsetRect
MsgWaitForMultipleObjects
IsRectEmpty
GetSystemMetrics
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CallWindowProcW
GetWindowLongW
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostThreadMessageW
LoadCursorW
GetClassInfoExW
SendMessageW
PostMessageW
SetWindowLongW

msvcrt

_exit
free
_CxxThrowException
swprintf_s
wcstol
wcschr
_wcstoi64
_ui64tow_s
_i64tow_s
_wtoi64
_itow_s
_ftol2
_wfopen
_wstat64
fread
fclose
_vsnwprintf
memcpy
memcpy_s
memmove_s
_controlfp
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
wcsrchr
_cexit
__wgetmainargs
_resetstkoflw
_callnewh
calloc
wcsncpy_s
malloc
_wtoi
??0exception@@QAE@XZ
_itow
__CxxFrameHandler3
_purecall
memset
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z

ntdll

EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwLogTraceEvent
EtwGetTraceEnableFlags

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileW
CreateDirectoryA
SetFileAttributesA
FindFirstFileW
DeleteFileW
GetFileAttributesW
GetFileInformationByHandle
GetTempFileNameW
CreateFileW
SetFileAttributesW
CreateDirectoryW
WriteFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap

api-ms-win-core-interlocked-l1-1-0

InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
GetModuleHandleW
FreeLibrary
SizeofResource
LoadResource
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExA

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegGetValueW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualAlloc
VirtualFree

api-ms-win-core-misc-l1-1-0

Sleep
lstrlenW
lstrcmpiW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
SetThreadPriority
GetCurrentThread
GetCurrentThreadId
CreateThread
OpenProcessToken
OpenThreadToken
GetStartupInfoW
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexW
CreateEventW
SetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetSystemTime

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorOwner
AddAce
InitializeAcl
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetTokenInformation
InitializeSecurityDescriptor
GetLengthSid
IsValidSid
CopySid
GetAclInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
GetSidSubAuthority
InitializeSid
GetSidLengthRequired

esent

JetBeginTransaction
JetTerm
JetEndSession
JetCloseDatabase
JetCloseTable
JetRollback
JetGetDatabaseInfoA
JetPrepareUpdate
JetSetColumns
JetUpdate
JetRetrieveColumn
JetCreateInstanceA
JetSetSystemParameterA
JetInit
JetBeginSessionA
JetAttachDatabaseA
JetCommitTransaction
JetMove
JetDelete
JetSeek
JetMakeKey
JetSetCurrentIndex2A
JetGetTableColumnInfoA
JetOpenTableA
JetOpenDatabaseA
JetRetrieveColumns

imm32

ImmDisableIME
ImmDisableTextFrameService

ole32

CoCreateInstance
StringFromGUID2
StringFromCLSID
CLSIDFromString
CoInitializeSecurity
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoUninitialize

oleaut32

SysStringLen
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
VarUI4FromStr
SafeArrayDestroy
SafeArrayCreateVector
SysStringByteLen
VarBstrCmp
SysAllocStringByteLen
VarBstrFromI8
VarBstrCat
SysFreeString

shlwapi

PathAppendW
PathAddBackslashA
PathAddBackslashW
PathAppendA

rpcrt4

UuidCreateSequential
UuidHash

kernel32

FindResourceW
DelayLoadFailureHook
LoadLibraryW
WaitForMultipleObjects
MoveFileExW
GetTempPathW
MoveFileA
LoadLibraryA
FlushInstructionCache

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

261628e85908cef646e3a7472336d423

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

msvcrt

ntdll

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

esent

imm32

ole32

oleaut32

shlwapi

rpcrt4

kernel32

Sections

.text Size: 129KB - Virtual size: 129KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 35KB - Virtual size: 36KB

.text
Size: 129KB - Virtual size: 129KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 35KB - Virtual size: 36KB