81942d25e959dc542fd2123b0daf262827a4bd13c3fd48c650fae9b7ebf2d003

Sharing

Copy URL Twitter E-mail

General

Target

81942d25e959dc542fd2123b0daf262827a4bd13c3fd48c650fae9b7ebf2d003
Size

797KB
MD5

1f81c660d90d080c84129f8278d057d2
SHA1

6e49ebf6a1caf352900c954a4385d0666a853a7f
SHA256

81942d25e959dc542fd2123b0daf262827a4bd13c3fd48c650fae9b7ebf2d003
SHA512

a73245aa107061696bb5325d676af4ae94669318e44cbc9162468cde1e8fe00ab1cf69f480c72e9b4ab061b6f9b22e175730f72da1e23c5e828ad2756d338c53
SSDEEP

12288:Y6qvnyeLk9NpIwXb8fZIEsg6ek1/hw0hpJnNBC34O/s:Y3vnyeLgN1r8FCe4hwyxBd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81942d25e959dc542fd2123b0daf262827a4bd13c3fd48c650fae9b7ebf2d003

Files

81942d25e959dc542fd2123b0daf262827a4bd13c3fd48c650fae9b7ebf2d003
.exe windows:6 windows x64 arch:x64

d3f9bd72fb9ac9a6ed6e370b07671a02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RemoveDirectoryW
VirtualQuery
GetCurrentDirectoryW
GetTempPathW
GetTempFileNameW
TerminateThread
GetTickCount64
WriteConsoleW
GetStdHandle
Sleep
CreateEventW
ResetEvent
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcess
FindNextFileW
FindClose
GetNativeSystemInfo
SetEnvironmentVariableW
CreateProcessW
GetSystemDirectoryW
LoadLibraryW
InitializeCriticalSection
SetCurrentDirectoryW
CreateSemaphoreW
ReleaseSemaphore
VirtualFree
VirtualAlloc
OutputDebugStringW
LoadLibraryExW
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateDirectoryW
LCMapStringEx
GetStringTypeW
HeapSize
TerminateProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcessHeap
RaiseException
RtlPcToFileHeader
GetConsoleCP
GetModuleHandleExW
ExitProcess
ReadConsoleW
GetConsoleMode
GetStartupInfoW
InitOnceExecuteOnce
GetFileType
SetFilePointerEx
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
SetLastError
GetCPInfo
GetOEMCP
IsValidCodePage
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
HeapAlloc
HeapReAlloc
HeapFree
DecodePointer
EncodePointer
GetFileSizeEx
WriteFile
GetCommandLineW
ExpandEnvironmentStringsW
lstrcmpW
lstrcatW
lstrcpyW
lstrlenW
lstrcmpA
lstrlenA
GetCurrentThreadId
ReadFile
FreeLibrary
lstrcmpiW
GetModuleFileNameW
WaitForSingleObject
SetEvent
CreateThread
FindFirstFileW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
CreateFileW
GetModuleHandleW
CloseHandle
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
WideCharToMultiByte
MultiByteToWideChar
LocalFree
ExitThread

user32

EndDialog
CallWindowProcW
GetMessageW
DispatchMessageW
TranslateMessage
wsprintfW
DestroyWindow
MessageBoxW
DrawIconEx
ChangeWindowMessageFilter
DestroyIcon
DrawIcon
GetCursorPos
SetCursor
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
SendMessageW
GetClientRect
GetWindowLongPtrW
GetWindowTextW
DrawTextExW
DefWindowProcW
ShowWindow
SetWindowLongPtrW
SetWindowTextW
InvalidateRect
GetWindowRect
SetWindowsHookExW
UnhookWindowsHookEx
CreateWindowExW
LoadCursorW
RegisterClassExW
SystemParametersInfoW
SetWindowPos
DialogBoxIndirectParamW
GetSystemMetrics
LoadIconW
PostQuitMessage
FillRect
RedrawWindow
UpdateWindow
GetWindowTextLengthW
CallNextHookEx
MoveWindow
GetDC
ReleaseDC
GetDesktopWindow
GetWindowLongW
SetWindowLongW
GetSystemMenu
EnableMenuItem
SendMessageTimeoutW
PrivateExtractIconsW
GetIconInfo
GetClassNameW
EnumChildWindows
IsWindowEnabled
EnableWindow
SetDlgItemTextW

gdi32

SelectObject
SetBkMode
SetBkColor
SetTextColor
SetStretchBltMode
CreatePen
MoveToEx
LineTo
GetTextExtentPointW
GetObjectW
GetDIBits
CreateFontIndirectW
DeleteObject
CreateSolidBrush
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteTreeW
RegGetValueW
RegOpenKeyExW
RegSetValueExW

shell32

SHBrowseForFolderW
SHGetFolderLocation
ExtractIconExW
SHGetSpecialFolderLocation
SHChangeNotify
DragFinish
SHGetPathFromIDListW
ShellExecuteW
CommandLineToArgvW
DragQueryPoint
DragQueryFileW

ole32

CoCreateInstance

shlwapi

StrChrW
StrRChrW
StrStrW
StrStrIW
ord12

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHICONFromBitmap
GdipCreateBitmapFromScan0
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateBitmapFromStream

netapi32

NetWkstaGetInfo

comctl32

ImageList_ReplaceIcon
ord381
ImageList_Create
InitCommonControlsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wimgapi

WIMSplitFile
WIMCaptureImage
WIMUnmountImage
WIMMountImage
WIMUnregisterMessageCallback
WIMApplyImage
WIMSetBootImage
WIMSetImageInformation
WIMSetTemporaryPath
WIMExportImage
WIMLoadImage
WIMGetImageInformation
WIMRegisterMessageCallback
WIMSetReferenceFile
WIMCloseHandle
WIMGetAttributes
WIMCreateFile
WIMGetMountedImages
WIMRemountImage
WIMDeleteImage
WIMGetImageCount
WIMDeleteImageMounts
WIMGetMountedImageInfo

Sections

.text
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3f9bd72fb9ac9a6ed6e370b07671a02

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

gdiplus

netapi32

comctl32

version

wimgapi

Sections

.text Size: 311KB - Virtual size: 311KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 9KB - Virtual size: 431KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 300KB - Virtual size: 299KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 311KB - Virtual size: 311KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 9KB - Virtual size: 431KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 300KB - Virtual size: 299KB

.reloc
Size: 6KB - Virtual size: 6KB