c89da024dd947ea0fe831593c20b19851d239d5eea189a77110a85e5fd8254bc

Sharing

Copy URL Twitter E-mail

General

Target

c89da024dd947ea0fe831593c20b19851d239d5eea189a77110a85e5fd8254bc
Size

604KB
MD5

c56967976dac093cc5d2a1070cf84697
SHA1

8ec5a753138cbf2247e75b16bc3afe7af459fde9
SHA256

c89da024dd947ea0fe831593c20b19851d239d5eea189a77110a85e5fd8254bc
SHA512

b01cadfce87d1e67b4ed40ffda318110099799bbe1dbdcbdef0b253145b7a9245e982d7a3a1796f14ed2a9c0ab9fe9b28215b85f9136f59975115ae56de655f1
SSDEEP

12288:r5gQnTwhAErqbKrU48OET7Rmfhph0lhSMXlihwgSCPrwSp:dnCmbKrU48NT7Rmfjh0lhSMXlMwgNPrw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c89da024dd947ea0fe831593c20b19851d239d5eea189a77110a85e5fd8254bc

Files

c89da024dd947ea0fe831593c20b19851d239d5eea189a77110a85e5fd8254bc
.dll windows:6 windows x64 arch:x64

1a6afb97d97add985a5ffe924b3e65a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Documents\OpenGlass-dcomp-windhawk-glow-1.2.1\Build\x64\Release\OpenGlass.pdb

Imports

kernel32

WideCharToMultiByte
DebugBreak
LoadLibraryExW
IsDebuggerPresent
GetCurrentProcess
UnmapViewOfFile
SetThreadDescription
WriteFile
GetModuleFileNameW
CreateNamedPipeW
K32GetModuleFileNameExW
CreateFile2
DuplicateHandle
DisconnectNamedPipe
OpenProcess
ProcessIdToSessionId
Sleep
GetCurrentThread
LoadLibraryW
LocalFree
WaitNamedPipeW
ConnectNamedPipe
FlushFileBuffers
CloseThreadpoolWork
FreeLibraryAndExitThread
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
MultiByteToWideChar
DisableThreadLibraryCalls
EnterCriticalSection
ReleaseMutex
GetSystemPowerStatus
VirtualProtect
FreeLibrary
CreateDirectoryW
CreateThread
SetUnhandledExceptionFilter
GetEnvironmentVariableW
GetSystemDirectoryW
K32GetModuleInformation
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
InitializeSListHead
RtlUnwindEx
EncodePointer
InterlockedPushEntrySList
CreateMutexExW
GetCurrentThreadId
CreateFileW
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetFileSizeEx
GetProcAddress
HeapAlloc
FindResourceW
LoadResource
CloseHandle
OpenSemaphoreW
LockResource
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
LoadLibraryA
FreeResource
SizeofResource
GetModuleFileNameA
ReadFile
LeaveCriticalSection

user32

RegisterPowerSettingNotification
InvalidateRect
InternalGetWindowText
UnregisterPowerSettingNotification
DestroyIcon
GetAsyncKeyState
FindWindowW
IsWindow
SetProcessDpiAwarenessContext
LoadIconW
MonitorFromWindow
GetMonitorInfoW
IsRectEmpty
IsZoomed
GetWindowRgn
LoadStringW
SetWindowTextW
SendMessageW
SetWindowLongPtrW
ShowWindowAsync
MonitorFromPoint
GetKeyState
ChangeWindowMessageFilterEx
SetThreadDpiAwarenessContext
EqualRect

gdi32

CreateRectRgnIndirect
EqualRgn
OffsetRgn
GetCurrentObject
GetRegionData
DeleteObject
CombineRgn
GetRgnBox
GetTextColor
GetObjectW
CreateRectRgn
CreateDIBSection

advapi32

RegOpenKeyExW
DuplicateTokenEx
RegGetValueW
FreeSid
ImpersonateLoggedOnUser
SetEntriesInAclW
AllocateAndInitializeSid
RegOpenCurrentUser
RegCloseKey
RevertToSelf
SetSecurityDescriptorDacl
CheckTokenMembership
InitializeSecurityDescriptor

shell32

CommandLineToArgvW
SetCurrentProcessExplicitAppUserModelID

ole32

CoInitializeEx
CoCreateFreeThreadedMarshaler
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

GetErrorInfo
SetErrorInfo
VariantInit
SysFreeString
SysAllocString
VariantClear
SysStringLen

dbghelp

SymSetSearchPathW
SymGetOptions
SymGetSymbolFileW
SymCleanup
SymSetOptions
SymLoadModuleExW
SymInitialize
SymUnloadModule64
SymRegisterCallbackW64
SymEnumSymbols
UnDecorateSymbolName
MiniDumpWriteDump
ImageDirectoryEntryToData

wtsapi32

WTSUnRegisterSessionNotification
WTSQueryUserToken
WTSRegisterSessionNotification

shlwapi

ord12
PathFileExistsW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

comctl32

ord344
ord345

dwmapi

DwmSetWindowAttribute
DwmFlush

uxtheme

GetCurrentThemeName
DrawThemeTextEx
CloseThemeData

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-memory-l1-1-6

MapViewOfFile3

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
DeleteCriticalSection

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

RaiseException

ucrtbase

__current_exception_context
__std_type_info_destroy_list
_CreateFrameInfo
_IsExceptionObjectToBeDestroyed
_FindAndUnlinkFrame
__processing_throw
__std_type_info_compare
__FrameUnwindFilter
__DestructExceptionObject
__TypeMatch
_local_unwind
floor
__NLG_Return2
__NLG_Dispatch2
abort
_wcsicmp
iswspace
_invalid_parameter_noinfo
__stdio_common_vswprintf
_errno
round
_invalid_parameter_noinfo_noreturn
wcscpy_s
strcpy_s
free
malloc
_stricmp
_wtoll
__stdio_common_vswprintf_s
_localtime64_s
wcsftime
__AdjustPointer
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
__current_exception
_CxxThrowException
memset
memcpy
memmove
wcsstr
__C_specific_handler
_purecall
__std_exception_copy
__std_exception_destroy
memcmp
ceilf
roundf

Exports

Exports

InstallApp
Main
ShutdownService
StartupService
UninstallApp

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a6afb97d97add985a5ffe924b3e65a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

wtsapi32

shlwapi

api-ms-win-core-path-l1-1-0

comctl32

dwmapi

uxtheme

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-core-memory-l1-1-6

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

ucrtbase

Exports

Exports

Sections

.text Size: 223KB - Virtual size: 222KB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 22KB - Virtual size: 26KB

.pdata Size: 10KB - Virtual size: 10KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 131KB - Virtual size: 131KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 223KB - Virtual size: 222KB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 22KB - Virtual size: 26KB

.pdata
Size: 10KB - Virtual size: 10KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 131KB - Virtual size: 131KB

.reloc
Size: 4KB - Virtual size: 3KB