90d451181cad2f602b56eba6bb3cc2aceadd9275cba627f9ce3618ab4e9d3d39N

Sharing

Copy URL Twitter E-mail

General

Target

90d451181cad2f602b56eba6bb3cc2aceadd9275cba627f9ce3618ab4e9d3d39N
Size

156KB
MD5

d0cb46581bcf317cbe330b71b0d5a090
SHA1

4a25b620ae4667578e687f245d42ba3ab1f51003
SHA256

90d451181cad2f602b56eba6bb3cc2aceadd9275cba627f9ce3618ab4e9d3d39
SHA512

b790723a4c2c6f034fc9aedd9fc0e7fe857478c788997d44a7214195623c083d1907bd0c5ecbb1449a5033fc7e84482cbb2f257238bce578c122420036a18a24
SSDEEP

3072:vNQmEPCWn/KT/UMxWXkltjQQlbidkv0CxR1H:1Wn/KTUMxWUltjQpi0C1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90d451181cad2f602b56eba6bb3cc2aceadd9275cba627f9ce3618ab4e9d3d39N

Files

90d451181cad2f602b56eba6bb3cc2aceadd9275cba627f9ce3618ab4e9d3d39N
.exe windows:4 windows x86 arch:x86

be036e9e799028fa84681a6bd5d685e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\snowcake\src\App\Release\Snowcake.pdb

Imports

shlwapi

SHDeleteKeyW
StrToIntW

imm32

ImmAssociateContext

comctl32

ord17

kernel32

LoadResource
FindResourceExW
GetLastError
CreateMutexW
SetLastError
CloseHandle
WaitForSingleObject
OpenMutexW
GetACP
ReadFile
FlushFileBuffers
HeapSize
GetCPInfo
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetStdHandle
HeapReAlloc
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualAlloc
VirtualProtect
WideCharToMultiByte
HeapAlloc
GetCalendarInfoW
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LockResource
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
GetCurrentProcess
TerminateProcess
GetProcAddress
MultiByteToWideChar
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExA
GetStartupInfoW
GetModuleHandleA
ExitProcess
GetTimeFormatW
SetTimeZoneInformation
CreateProcessW
GetModuleFileNameW
lstrcmpiW
lstrcmpW
CompareStringW
GetUserDefaultLCID
GetProfileIntW
GetProfileStringW
SetLocalTime
FormatMessageW
MulDiv
GetTimeZoneInformation
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LocalAlloc
LocalFree
GetUserDefaultLangID
GetLocalTime
GetDateFormatW
lstrcpynW
lstrlenW
SystemTimeToFileTime
FileTimeToSystemTime
GetLocaleInfoW
GetEnvironmentStrings
SizeofResource
SetFilePointer
GetOEMCP

user32

RegisterWindowMessageW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
CreateDialogParamW
PostQuitMessage
SetForegroundWindow
DestroyIcon
DestroyMenu
DialogBoxParamW
LoadIconW
LoadMenuW
GetSubMenu
LoadImageW
PtInRect
IsWindowVisible
TrackPopupMenu
GetMenuState
DestroyWindow
CheckMenuItem
GetDlgItemTextW
CallWindowProcW
EndDialog
SetCursor
GetWindowTextW
SetWindowTextW
MessageBoxW
CreateWindowExW
SetWindowPos
ShowWindow
IsWindowEnabled
DrawIconEx
GetWindowTextLengthW
EnableWindow
SetDlgItemTextW
GetFocus
SendDlgItemMessageW
GetDlgItem
GetWindowRect
ScreenToClient
MoveWindow
LoadStringW
GetDlgCtrlID
LoadCursorW
GetDC
ReleaseDC
InflateRect
OffsetRect
SetRect
KillTimer
SetTimer
GetClassInfoW
RegisterClassW
SetWindowLongW
DefWindowProcW
SetFocus
NotifyWinEvent
BeginPaint
GetSysColorBrush
FillRect
GetSysColor
DrawTextW
DrawFocusRect
CharUpperW
EndPaint
GetClientRect
InvalidateRect
GetWindowLongW
GetParent
SendMessageW
GetCursorPos

gdi32

GetStockObject
SetROP2
Polygon
SetBkMode
ExtTextOutW
Rectangle
GetCharWidth32W
GetTextExtentPointW
GetTextColor
SetLayout
TextOutW
GetBkColor
SetTextColor
SetBkColor
DeleteObject
LineTo
GetDeviceCaps
MoveToEx
CreatePen
CreateSolidBrush
SelectObject

advapi32

RegEnumKeyW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
RegSetValueExW

shell32

Shell_NotifyIconW

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

be036e9e799028fa84681a6bd5d685e2

Headers

File Characteristics

PDB Paths

Imports

shlwapi

imm32

comctl32

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 52KB - Virtual size: 52KB