669f72a6a1a6987fcf551ce2c18a14cd86c4a5130a16b3ff58234433b941bbbcN

Sharing

Copy URL

Twitter E-mail

General

Target

669f72a6a1a6987fcf551ce2c18a14cd86c4a5130a16b3ff58234433b941bbbcN
Size

613KB
MD5

2476b5c7144a07e14f7425fa04ad4520
SHA1

4133f1f4c5f4b527c0f70fced821e82c34088748
SHA256

669f72a6a1a6987fcf551ce2c18a14cd86c4a5130a16b3ff58234433b941bbbc
SHA512

2c2a4b5b1e0d795ca716fa91b45a6400e7c8a26be50a3568f35cfe32232992ad2aaf8d776414deb8f38404f2028d0a781c70e424c82e0bc25b33d2107726804c
SSDEEP

6144:T67ngMmfFYZG0bZWQscrDgx0kCzuiyuR9gpC1RjDksOoFOkciLktpq5Xgcinf+j:TdFYZG0VBvgEZSo5Xw+j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
669f72a6a1a6987fcf551ce2c18a14cd86c4a5130a16b3ff58234433b941bbbcN

Files

669f72a6a1a6987fcf551ce2c18a14cd86c4a5130a16b3ff58234433b941bbbcN
.exe windows:6 windows x86 arch:x86

a70555189f11faf36225ab4e28402c02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ShapeCollector.pdb

Imports

user32

DrawIcon
RegisterClassExW
BeginPaint
EndPaint
GetSysColorBrush
GetClientRect
DrawTextW
GetWindowLongW
SetWindowPos
GetSysColor
LoadCursorW
SetCursor
UpdateWindow
CreateWindowExW
GetDC
ReleaseDC
DestroyWindow
DefWindowProcW
PostThreadMessageW
ShowWindow
KillTimer
LoadImageW
PostMessageW
GetParent
InvalidateRect
RemovePropW
GetWindowRect
ActivateKeyboardLayout
GetKeyboardLayoutList
SetPropW
SetActiveWindow
SetForegroundWindow
GetSystemMetrics
AllowSetForegroundWindow
GetKeyboardLayout
UnregisterClassW
SetTimer
CallWindowProcW
PostQuitMessage
LoadStringW
SetWindowLongW
SendMessageW
SystemParametersInfoW
LoadIconW
DestroyIcon
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageA
PeekMessageW
EnableWindow
DispatchMessageA
CharUpperW
DispatchMessageW
TranslateMessage
GetMessageW
CharNextW
UnregisterClassA

msvcrt

?what@exception@@UBEPBDXZ
_purecall
__CxxFrameHandler3
memset
malloc
free
_controlfp
_errno
realloc
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
wcscpy_s
memcpy
??0exception@@QAE@XZ
isdigit
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_callnewh
__wgetmainargs
_cexit
swprintf_s
isalpha
wcschr
wcsstr
_ftol2_sse
ceil
wcscspn
memcpy_s
_wcsicmp
memmove_s
wcsncpy_s
wcscat_s
_wtoi
_vsnwprintf
__RTDynamicCast
_vscwprintf
vswprintf_s
iswspace
wcsspn

cryptsp

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW

ole32

CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromString
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoRevokeClassObject
StringFromGUID2
CoTaskMemFree
CoRegisterClassObject

comctl32

ord345
PropertySheetW

oleaut32

SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
VariantChangeType
SafeArrayCreateVector
SafeArrayDestroy
OleCreatePictureIndirect
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
SysFreeString

shell32

Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteExW

wer

WerReportSetParameter
WerReportAddFile
WerReportCloseHandle
WerReportSubmit
WerReportCreate

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW
UuidFromStringW

gdi32

CreateFontIndirectW
GetTextExtentPoint32W
TextOutW
CreatePen
SelectObject
RoundRect
GetStockObject
GdiGradientFill
MoveToEx
LineTo
CreateFontW
GetTextMetricsW
SetBkMode
SetTextColor
DeleteObject
GetDeviceCaps

dui70

?SetLayout@Element@DirectUI@@QAEJPAVLayout@2@@Z
?Add@Element@DirectUI@@QAEJPAV12@@Z
?SetAccState@Element@DirectUI@@QAEJH@Z
?Create@Button@DirectUI@@SGJPAVElement@2@PAKPAPAV32@@Z
?SetClass@Element@DirectUI@@QAEJPBG@Z
?SetActive@Element@DirectUI@@QAEJH@Z
?Release@Element@DirectUI@@QAGKXZ
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?GetSelected@Element@DirectUI@@QAE_NXZ
?Create@FlowLayout@DirectUI@@SGJ_NIIIPAPAVLayout@2@@Z
?GetMaxLength@Edit@DirectUI@@QAEHXZ
?SetDataEntry@PText@DirectUI@@QAEXPAUIDataEntry@2@@Z
?SetFontFace@Element@DirectUI@@QAEJPBG@Z
?SetDirection@Element@DirectUI@@QAEJH@Z
?SetAccDesc@Element@DirectUI@@QAEJPBG@Z
?SetAccName@Element@DirectUI@@QAEJPBG@Z
?OnWizFinish@TaskPage@DirectUI@@MAEJXZ
?Click@Button@DirectUI@@SG?AVUID@@XZ
?GetID@Element@DirectUI@@QAEGXZ
?Create@Element@DirectUI@@SGJIPAV12@PAKPAPAV12@@Z
?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z
?SetMaxLength@Edit@DirectUI@@QAEJH@Z
?GetClass@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?GetParent@Element@DirectUI@@QAEPAV12@XZ
?GetElement@TaskPage@DirectUI@@IAEPAVElement@2@XZ
?GetIndex@Element@DirectUI@@QAEHXZ
?OnKillActive@TaskPage@DirectUI@@MAEJXZ
??0TaskPage@DirectUI@@QAE@XZ
?SetSelected@Element@DirectUI@@QAEJ_N@Z
?OnMessage@TaskPage@DirectUI@@MAE_NIIJPAJ@Z
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?SetContentString@Element@DirectUI@@QAEJPBG@Z
StrToID
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?GetContentString@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?Release@Value@DirectUI@@QAEXXZ
?DUICreatePropertySheetPage@TaskPage@DirectUI@@QAEJPAUHINSTANCE__@@@Z
?DestroyCP@TaskPage@DirectUI@@EAEXXZ
?CreateParserCP@TaskPage@DirectUI@@EAEJPAPAVDUIXmlParser@2@@Z
?SetNotifyHandler@CCBase@DirectUI@@QAEXP6GHIIJPAJPAX@Z1@Z
?SetWidth@Element@DirectUI@@QAEJH@Z
?CreateDUICP@TaskPage@DirectUI@@EAEJPAVHWNDElement@2@PAUHWND__@@1PAPAVElement@2@PAPAVDUIXmlParser@2@@Z
?OnReset@TaskPage@DirectUI@@MAEJXZ
?InitPropSheetPage@TaskPage@DirectUI@@MAEXPAU_PROPSHEETPAGEW@@@Z
?LoadPage@TaskPage@DirectUI@@MAEJPAVHWNDElement@2@PAUHINSTANCE__@@PAPAVElement@2@PAPAVDUIXmlParser@2@@Z
?LoadParser@TaskPage@DirectUI@@MAEJPAPAVDUIXmlParser@2@@Z
?OnListenedInput@TaskPage@DirectUI@@MAEXPAVElement@2@PAUInputEvent@2@@Z
?OnListenedPropertyChanged@TaskPage@DirectUI@@MAEXPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z
?OnListenedPropertyChanging@TaskPage@DirectUI@@MAE_NPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z
?OnListenerDetach@TaskPage@DirectUI@@MAEXPAVElement@2@@Z
?OnListenerAttach@TaskPage@DirectUI@@MAEXPAVElement@2@@Z
??1TaskPage@DirectUI@@UAE@XZ
??1IDataEntry@DirectUI@@UAE@XZ
??0IDataEntry@DirectUI@@QAE@XZ
?Register@HWNDHost@DirectUI@@SGJXZ
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
?Register@ClassInfoBase@DirectUI@@QAEJXZ
??1CritSecLock@DirectUI@@QAE@XZ
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
?Initialize@HWNDHost@DirectUI@@QAEJIIPAVElement@2@PAK@Z
?Destroy@Element@DirectUI@@QAEJ_N@Z
?GetLayoutPos@Element@DirectUI@@QAEHXZ
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
??1HWNDHost@DirectUI@@UAE@XZ
??1ClassInfoBase@DirectUI@@UAE@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
??0ClassInfoBase@DirectUI@@QAE@XZ
?GetClassInfoPtr@HWNDHost@DirectUI@@SGPAUIClassInfo@2@XZ
?OnEvent@Element@DirectUI@@UAEXPAUEvent@2@@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?EraseBkgnd@HWNDHost@DirectUI@@MAE_NPAUHDC__@@PAJ@Z
?SetWindowDirection@HWNDHost@DirectUI@@UAEXPAUHWND__@@@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UAEXIPBUtagSTYLESTRUCT@@@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
InitProcessPriv
UnInitProcessPriv
InitThread
UnInitThread
?PropSheet_SendMessage@TaskPage@DirectUI@@IAEJIIJ@Z
?GetParentHWND@TaskPage@DirectUI@@QAEPAUHWND__@@XZ
??BTaskPage@DirectUI@@QAEPAU_PSP@@XZ
??0HWNDHost@DirectUI@@QAE@XZ
?IsRTLReading@Element@DirectUI@@UAE_NXZ
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@HWNDHost@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?OnInput@HWNDHost@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnDestroy@HWNDHost@DirectUI@@UAEXXZ
?Paint@HWNDHost@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?OnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?OnUnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UAE_NXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UAEJPAPAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?GetHWND@HWNDHost@DirectUI@@UAEPAUHWND__@@XZ
?OnNotify@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnMessage@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnSysChar@HWNDHost@DirectUI@@UAE_NG@Z

ntdll

EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwLogTraceEvent
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwUnregisterTraceGuids

kernel32

WaitForMultipleObjects
GetTempFileNameW
WriteFile
CreateFileW
GetTempPathW
GetFileAttributesW
FoldStringW
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
HeapFree
GetProcessHeap
HeapAlloc
CreateProcessW
GetUserDefaultUILanguage
SetLastError
FreeResource
ResetEvent
HeapSetInformation
RegisterApplicationRestart
GetLocaleInfoW
SetLocaleInfoW
GlobalFree
LocalFree
GetCommandLineW
LoadLibraryExW
CreateEventW
CreateThread
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WaitForSingleObject
CloseHandle
ExpandEnvironmentStringsW
LoadLibraryW
FreeLibrary
OutputDebugStringA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
lstrcmpiW
lstrlenW
GetLastError
MultiByteToWideChar
InterlockedExchange
SetEvent
HeapDestroy
HeapReAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetModuleHandleW
GetProcAddress

msvcp60

??0out_of_range@std@@QAE@ABV01@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??_D?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??0logic_error@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

api-ms-win-core-localregistry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegGetValueW

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a70555189f11faf36225ab4e28402c02

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

msvcrt

cryptsp

ole32

comctl32

oleaut32

shell32

wer

rpcrt4

gdi32

dui70

ntdll

kernel32

msvcp60

api-ms-win-core-localregistry-l1-1-0

Sections

.text Size: 196KB - Virtual size: 196KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 371KB - Virtual size: 370KB

.reloc Size: 41KB - Virtual size: 42KB

.text
Size: 196KB - Virtual size: 196KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 371KB - Virtual size: 370KB

.reloc
Size: 41KB - Virtual size: 42KB