ca2b722294e8746d2ce1f65ed68a26d51e72df626d3eb28a6110a7ed2f8137afN

Sharing

Copy URL

Twitter E-mail

General

Target

ca2b722294e8746d2ce1f65ed68a26d51e72df626d3eb28a6110a7ed2f8137afN
Size

2.7MB
MD5

a3e3b3eba564e29f98ec5e88d5160fc0
SHA1

60872686849b14679d167249af3c9d37325619ac
SHA256

ca2b722294e8746d2ce1f65ed68a26d51e72df626d3eb28a6110a7ed2f8137af
SHA512

bb32d063f574b7675a1672a1088a9c3bb6ff83965ffb5af311f548d405d15ee1c69d807acb92d0d6e31350ad2a14634c63f495c7e29d1070f007790a29379762
SSDEEP

49152:CCbRquA/m2yL5zTfFiV+XenmE3/zCDmg27RnWGj:HoquVjnm5D527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca2b722294e8746d2ce1f65ed68a26d51e72df626d3eb28a6110a7ed2f8137afN

Files

ca2b722294e8746d2ce1f65ed68a26d51e72df626d3eb28a6110a7ed2f8137afN
.exe windows:6 windows x64 arch:x64

754a865a9eebb214e7a6f31dbffc6594

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AppVCleaner.pdb

Imports

kernel32

DeleteFileW
RemoveDirectoryW
FindClose
MoveFileW
SetFileAttributesW
FindNextFileW
CopyFileW
GetDriveTypeW
CopyFileExW
GetTempFileNameW
GetComputerNameExW
SetLastError
GetLocalTime
MultiByteToWideChar
GetFileAttributesW
MoveFileExW
FindFirstFileW
DebugBreak
GetProcessHeap
HeapFree
HeapAlloc
DeleteCriticalSection
HeapSetInformation
DecodePointer
LockResource
GetLastError
RaiseException
InitializeCriticalSectionEx
SizeofResource
LoadResource
FindResourceW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
EncodePointer
OutputDebugStringW
IsDebuggerPresent
ResetEvent
SubmitThreadpoolWork
TerminateProcess
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
CloseThreadpool
SetThreadpoolThreadMinimum
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CreateThreadpool
CloseThreadpoolCleanupGroup
GetFinalPathNameByHandleW
DeviceIoControl
DuplicateHandle
CreateEventW
GetExitCodeProcess
SetEvent
WaitForSingleObject
CreateProcessW
GetCurrentThreadId
EnterCriticalSection
Wow64RevertWow64FsRedirection
LeaveCriticalSection
Wow64DisableWow64FsRedirection
InitializeCriticalSection
LoadLibraryA
LoadLibraryW
WideCharToMultiByte
GetVersionExW
GetNativeSystemInfo
ExpandEnvironmentStringsW
LocalFree
CloseHandle
GetShortPathNameW
GetProcAddress
GetLongPathNameW
GetCurrentDirectoryW
GetTempPathW
CreateFileW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentThread
GetModuleHandleW
GetCurrentProcess
SearchPathW
GetEnvironmentVariableW

user32

LoadStringW

advapi32

OpenThreadToken
GetTokenInformation
DuplicateToken
ConvertSidToStringSidW
RegDeleteKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
SetThreadToken
EventWrite
CreateProcessAsUserW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegOpenCurrentUser
EventUnregister
EventRegister
EventActivityIdControl
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken

shell32

SHGetKnownFolderPath
ord165

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoCreateGuid
CLSIDFromString
StringFromGUID2
CoUninitialize

appvpolicy

ord3

appvmanifest

ord3

msvcp120

?_Incref@facet@locale@std@@UEAAXXZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Xbad_function_call@std@@YAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??_7facet@locale@std@@6B@
_Wcscoll
_Wcsxfrm
??_7_Facet_base@std@@6B@
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_BADOFF@std@@3_JB
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
_Mbrtowc
?classic@locale@std@@SAAEBV12@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
??1_Container_base12@std@@QEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Facet_base@std@@UEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?exceptions@ios_base@std@@QEAAXH@Z

msvcr120

??3@YAXPEAX@Z
_stricmp
memmove
free
_purecall
_wtoi
towupper
swprintf_s
swscanf_s
_ultow_s
??8type_info@@QEBA_NAEBV0@@Z
__CxxFrameHandler3
strrchr
??2@YAPEAX_K@Z
_wcsicmp
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
memcpy
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBV01@@Z
wcscpy_s
_wcsnicmp
_wcslwr_s
_wcsupr_s
iswalpha
iswspace
iswdigit
iswctype
?terminate@@YAXXZ
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
strchr
wcsncmp
wcschr
realloc
_wsplitpath_s
ldiv
memcpy_s
_wmakepath_s
??_V@YAXPEAX@Z
rand
srand
_time64
??0exception@std@@QEAA@XZ
memset
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
_onexit
_XcptFilter
_amsg_exit
__wgetmainargs
_CxxThrowException
__RTDynamicCast
memcmp
__crtSetUnhandledExceptionFilter
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_commode
_fmode
__winitenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type

shlwapi

PathFileExistsW
PathFindExtensionW
PathCanonicalizeW
PathIsUNCW
SHCreateStreamOnFileEx

userenv

ExpandEnvironmentStringsForUserW
UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

ntdll

NtQueryKey

rpcrt4

RpcBindingFromStringBindingW
UuidCreate
NdrClientCall2
RpcMgmtIsServerListening
RpcStringFreeW
RpcBindingFree
RpcMgmtSetCancelTimeout
RpcBindingSetAuthInfoExW
RpcCancelThread
RpcStringBindingComposeW

msi

ord96
ord173
ord160
ord217
ord32
ord118
ord8
ord159
ord49

oleaut32

SysAllocString
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysFreeString

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 729KB - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

754a865a9eebb214e7a6f31dbffc6594

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

appvpolicy

appvmanifest

msvcp120

msvcr120

shlwapi

userenv

ntdll

rpcrt4

msi

oleaut32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 729KB - Virtual size: 728KB

.data Size: 49KB - Virtual size: 55KB

.pdata Size: 61KB - Virtual size: 60KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 729KB - Virtual size: 728KB

.data
Size: 49KB - Virtual size: 55KB

.pdata
Size: 61KB - Virtual size: 60KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 580KB - Virtual size: 584KB