4177ba848bd33b4cebfe562791a3b221b34794d31c6eec9aef6dd558b2dff307N

Sharing

Copy URL

Twitter E-mail

General

Target

4177ba848bd33b4cebfe562791a3b221b34794d31c6eec9aef6dd558b2dff307N
Size

233KB
MD5

8fa9f0fd62c9bb297e2e761990cb2a50
SHA1

f2d596c7dbdba988d485c6b7dbbd0d625d5edc79
SHA256

4177ba848bd33b4cebfe562791a3b221b34794d31c6eec9aef6dd558b2dff307
SHA512

2f0b76470a424257c0c62aad7c9eec6b8d76177db056b81384eb572e6dd45c3e5a78ede5fc927c5bb895c4679c73b86cca2f2471b76065b5d2bbbcec7969d3bd
SSDEEP

6144:c7h5wk5lJ5OP4jCT6l1WwEAFegEv+2VUc:c7TBXoP4b9eg+nT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4177ba848bd33b4cebfe562791a3b221b34794d31c6eec9aef6dd558b2dff307N

Files

4177ba848bd33b4cebfe562791a3b221b34794d31c6eec9aef6dd558b2dff307N
.exe windows:6 windows x64 arch:x64

03ae7fb742f925d2d5df9d837a0efd29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

recdisc.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
CloseTrace
OpenProcessToken
RegCloseKey
RegCreateKeyExW
DuplicateToken
RegSetValueExW
RegQueryValueExW
CreateWellKnownSid
GetTokenInformation
CheckTokenMembership
EnableTrace
StartTraceW
ControlTraceW

kernel32

CreateThread
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
LoadLibraryExW
GetDiskFreeSpaceExW
GetDriveTypeW
MoveFileExW
DeviceIoControl
WakeAllConditionVariable
GetLogicalDriveStringsW
GetTempPathW
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
FormatMessageW
GetVolumeNameForVolumeMountPointW
GetFileMUIPath
lstrlenW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeConditionVariable
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
VerifyVersionInfoW
VerSetConditionMask
GetNativeSystemInfo
CloseHandle
TerminateProcess
SetErrorMode
GetCurrentProcess
GetCommandLineW
LocalFree
GetLastError
CreateDirectoryW
DeleteFileW
GetFileAttributesW
FreeLibrary
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter

user32

ChangeWindowMessageFilterEx
RegisterWindowMessageW
SetWindowLongPtrW
GetWindowLongPtrW
DialogBoxParamW
GetDlgItem
DestroyIcon
SendMessageW
GetSystemMetrics
GetWindowLongW
IsWindow
SetWindowTextW
ShowWindow
MessageBoxW
EndDialog
GetLastActivePopup
SetFocus
PostMessageW
EnableWindow
LoadIconW
LoadStringW

msvcrt

??_V@YAXPEAX@Z
??3@YAXPEAX@Z
??_U@YAPEAX_K@Z
_wcsnicmp
wcschr
_vsnwprintf
memmove
wcsstr
wcsrchr
_vscwprintf
iswspace
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
memcpy
memcmp
_snwscanf_s
_wcslwr
_wcsupr
wcsnlen
strncmp
_ultow_s
wcscpy_s
wcscat_s
wcstoul
swprintf_s
??2@YAPEAX_K@Z
_wcsicmp
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
memset
_amsg_exit

shell32

SHGetDesktopFolder
ord155
SHParseDisplayName
SHGetFileInfoW
CommandLineToArgvW

ole32

CoCreateInstance
CoCreateGuid
CoWaitForMultipleHandles
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
VariantClear
LoadRegTypeLi
DispCallFunc
SysFreeString

ntdll

RtlGetLastNtStatus
NtQuerySystemInformation
WinSqmAddToStream
RtlInitUnicodeString
RtlNtStatusToDosError
EtwTraceMessage
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationFile
NtAllocateUuids
NtResetEvent
LdrGetDllHandle
NtQueryInformationFile
NtClose
RtlAllocateHeap
NtOpenFile
RtlStringFromGUID
RtlFreeUnicodeString
RtlGUIDFromString
NtDeviceIoControlFile
NtWaitForSingleObject
NtCreateEvent
NtQueryKey
NtEnumerateKey
NtQueryAttributesFile
NtOpenKey
RtlCreateAcl
NtUnloadKey
RtlFreeSid
RtlSetDaclSecurityDescriptor
NtDeleteValueKey
NtLoadKey
NtOpenThreadToken
NtCreateKey
RtlLengthSecurityDescriptor
RtlAddAccessAllowedAceEx
NtOpenProcessToken
NtSetSecurityObject
NtQueryValueKey
NtSetValueKey
NtAdjustPrivilegesToken
NtDeleteKey
RtlAllocateAndInitializeSid
RtlLengthSid
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlInitAnsiString
NtOpenSymbolicLinkObject
LdrGetProcedureAddress
NtQuerySymbolicLinkObject
RtlFreeHeap

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ord345
ord344

spp

SxTracerShouldTrackFailure
SxTracerGetThreadContextRetail
SxTracerDebuggerBreak

shlwapi

StrRetToBufW
SHCreateStreamOnFileEx
SHCreateStreamOnFileW

reagent

WinReGetConfig

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nuowftj
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

03ae7fb742f925d2d5df9d837a0efd29

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

oleaut32

ntdll

comctl32

spp

shlwapi

reagent

Sections

.text Size: 156KB - Virtual size: 155KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 66KB - Virtual size: 65KB

.reloc Size: 2KB - Virtual size: 29KB

nuowftj Size: - Virtual size: 4KB

.text
Size: 156KB - Virtual size: 155KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 66KB - Virtual size: 65KB

.reloc
Size: 2KB - Virtual size: 29KB

nuowftj
Size: - Virtual size: 4KB