4db4915d46de46da1b3b0cfed1a0f99a86402412a6449c6504338472d20f4647

Sharing

Copy URL Twitter E-mail

General

Target

4db4915d46de46da1b3b0cfed1a0f99a86402412a6449c6504338472d20f4647
Size

5.8MB
MD5

d8c945571bed406b12d36a3cd9060aad
SHA1

850e1d43acc3b648165f1b7e9de0dd890d895ef1
SHA256

4db4915d46de46da1b3b0cfed1a0f99a86402412a6449c6504338472d20f4647
SHA512

ab3ace59d8fb07b8a172f534341f482531bbef10e0f20d7e74cf8a4c047d4dbfc987700de070bde2e3cd842aeae19e8db6cf3e55812a6c118f699bce78203c5c
SSDEEP

49152:uie+ymNUKY7OzvOPRNzqL49xcUMXULTbsIcqtpmMCxgDtpUcPXLjwhqq1s8obbTE:yKzgmLgcqtoFpOzxTKtAj3m+YHEj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4db4915d46de46da1b3b0cfed1a0f99a86402412a6449c6504338472d20f4647

Files

4db4915d46de46da1b3b0cfed1a0f99a86402412a6449c6504338472d20f4647
.exe windows:6 windows x64 arch:x64

0d03ef5c9f799030a740227b9e5e7a96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\YYY\Y\_int\CQ2\debug\x64\debuger\CQ2.pdb

Imports

kernel32

GlobalFree
MulDiv
DebugBreak
InitializeCriticalSection
GetTickCount
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
FreeLibrary
GetProcAddress
LoadLibraryW
GetUserDefaultLCID
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
ReadFile
RemoveDirectoryW
CreatePipe
PeekNamedPipe
WaitForSingleObject
GetCurrentProcess
GetExitCodeProcess
CreateProcessW
GetSystemInfo
GetVersionExW
VirtualQuery
GlobalFlags
LocalFree
FormatMessageW
CopyFileW
IsBadReadPtr
IsBadWritePtr
SetSystemPowerState
MultiByteToWideChar
WideCharToMultiByte
GenerateConsoleCtrlEvent
GetQueuedCompletionStatus
SetEvent
ResetEvent
CreateThread
SetThreadPriority
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
SetLocalTime
FileTimeToSystemTime
LoadLibraryExW
lstrcmpiW
lstrcpynW
GlobalUnlock
FlushFileBuffers
GetStringTypeW
SetStdHandle
HeapQueryInformation
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileSizeEx
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetCurrentThread
SetConsoleCtrlHandler
HeapValidate
GetCommandLineA
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GlobalSize
GlobalReAlloc
GlobalAlloc
TryEnterCriticalSection
OutputDebugStringW
GetProcessHandleCount
OpenProcess
TerminateProcess
DecodePointer
GetCurrentProcessId
GetLocalTime
WriteFile
GetModuleHandleW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
CreateEventW
GetModuleFileNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GlobalLock
GetTempPathW
IsBadStringPtrW
Sleep
CloseHandle
CreateFileW
IsBadStringPtrA
ExitProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionEx
HeapDestroy
SetLastError
GetLastError
RaiseException
SetEndOfFile
RtlUnwind

user32

UnregisterClassW
DefWindowProcW
DestroyWindow
PostMessageW
EnumChildWindows
MessageBoxW
GetMessageW
GetDC
GetWindowDC
ReleaseDC
GetClientRect
GetWindowRect
LoadStringW
SendMessageW
RegisterClassW
TranslateMessage
CreateWindowExW
GetActiveWindow
SetTimer
SetPropW
GetPropW
RemovePropW
GetWindowLongPtrW
GetSystemMetrics
GetDesktopWindow
GetParent
LoadCursorW
LoadIconW
LoadImageW
CopyImage
ExitWindowsEx
AttachThreadInput
GetClassNameW
DispatchMessageW
GetClassInfoW
PeekMessageW
WaitForInputIdle
CharNextW
wsprintfW
GetKeyState
GetMonitorInfoW
MonitorFromWindow
EnumDisplaySettingsW
GetWindowThreadProcessId
EnumWindows
SetForegroundWindow
SetActiveWindow
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
MoveWindow

gdi32

GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
SetDIBColorTable
CreateDIBSection
GdiAlphaBlend
SetStretchBltMode
StretchBlt
SelectPalette
SelectObject
RealizePalette
GetSystemPaletteEntries
GetDIBits
GetDeviceCaps
DeleteObject
DeleteDC
CreatePalette
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetStockObject

advapi32

RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegQueryValueW

shell32

ShellExecuteW
DragAcceptFiles
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoCreateInstance
IIDFromString
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleRun
CLSIDFromProgID
CLSIDFromString

oleaut32

GetActiveObject
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
OleCreatePictureIndirect
SysFreeString
SysAllocString
SysStringLen
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantClear
VariantCopy
VariantCopyInd
VariantChangeType
VarCmp
LHashValOfNameSys
LoadTypeLi
RegisterTypeLi
OleCreateFontIndirect

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
InitCommonControlsEx

ws2_32

WSACleanup
WSAStartup

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipSetCompositingMode
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipCreateBitmapFromFile

Exports

Exports

?get_active_implementation@simdutf@@YAAEAV?$atomic_ptr@$$CBVimplementation@simdutf@@@internal@1@XZ
?get_available_implementations@simdutf@@YAAEBVavailable_implementation_list@internal@1@XZ

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 742KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d03ef5c9f799030a740227b9e5e7a96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

gdiplus

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 742KB - Virtual size: 741KB

.data Size: 10KB - Virtual size: 28KB

.pdata Size: 93KB - Virtual size: 92KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 742KB - Virtual size: 741KB

.data
Size: 10KB - Virtual size: 28KB

.pdata
Size: 93KB - Virtual size: 92KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 11KB - Virtual size: 10KB