999db0ff89a7bc656e866642d8c5e1deec27a7b82173daed71a6ffbfb649e19a

Sharing

Copy URL Twitter E-mail

General

Target

999db0ff89a7bc656e866642d8c5e1deec27a7b82173daed71a6ffbfb649e19a
Size

590KB
MD5

3dd09a1ca137ed69dde9f91de401afe0
SHA1

1029edb30233c39e34465fc46eaa807b4a79b929
SHA256

999db0ff89a7bc656e866642d8c5e1deec27a7b82173daed71a6ffbfb649e19a
SHA512

fc4484e0f7cfa5f07d57d3930040ff177ea396de6ed1b2cb7012b3b488779652c660bbcfb905df7220af7fd2be917f2a2b646518b3e57479a838730e2d1918c2
SSDEEP

12288:vHHj+r5pfpuuNiGU3idsokxVi7jkUrIHDgPglDoyM0woPgsDTbteeOrkIQJ:vHOp/rQUrHglDBMF7sYxDQJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
999db0ff89a7bc656e866642d8c5e1deec27a7b82173daed71a6ffbfb649e19a

Files

999db0ff89a7bc656e866642d8c5e1deec27a7b82173daed71a6ffbfb649e19a
.exe windows:6 windows x86 arch:x86

caadcdf7299a4e9ceb30549655e29c28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\projects\DNF_OTHER_CODE\Luncher\123\FrosticDF\Release\NewUI.pdb

Imports

kernel32

GetLastError
HeapFree
SetLastError
GetCurrentProcess
InitializeCriticalSectionEx
CreateFileW
GetCurrentDirectoryA
OpenProcess
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
FormatMessageW
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
CreateProcessA
WritePrivateProfileStringW
TerminateProcess
CreateToolhelp32Snapshot
GetPrivateProfileStringW
Process32NextW
Process32FirstW
WideCharToMultiByte
CreateDirectoryA
SetEndOfFile
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
ExitProcess
CreateThread
CloseHandle
Sleep
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileAttributesExW
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapQueryInformation
ReadConsoleW
GetConsoleMode
SetFilePointerEx
WriteFile
WriteConsoleW
GetFileType
GetStdHandle
GetSystemInfo
HeapValidate
GetModuleHandleExW
ReadFile
LoadLibraryExW
FreeLibrary
RtlUnwind
LocalFree
OutputDebugStringW
GetModuleFileNameW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
VirtualQuery
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateEventW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection

user32

MessageBoxW
wsprintfW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

shell32

ShellExecuteA

libcurl

curl_easy_cleanup
curl_easy_setopt
curl_slist_append
curl_easy_init
curl_easy_perform

ws2_32

WSAGetLastError
recv
inet_ntoa
connect
socket
send
inet_addr
WSAStartup
shutdown
gethostbyname
closesocket
htons

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear

xcgui

XExitXCGUI
XModalWnd_EndModal
XEdit_EnablePassword
XC_LoadLayout
XWnd_SetMinimumSize
XEle_RegEventC1
XProgBar_SetRange
XRunXCGUI
XEle_Redraw
XEle_Destroy
XModalWnd_EnableAutoClose
XModalWnd_DoModal
XEdit_AddText
XC_LoadResource
XC_GetObjectByName
XEdit_IsEmpty
XWnd_AdjustLayout
XEdit_SetText
XEdit_GetLength
XShapeText_SetText
XC_IsHXCGUI
XWnd_Redraw
XProgBar_SetPos
XWnd_RegEventC
XEdit_GetText
XInitXCGUI
XShape_Redraw
XWidget_Show
XBtn_IsCheck
XWnd_Show

Sections

.text
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.{=n
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caadcdf7299a4e9ceb30549655e29c28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

libcurl

ws2_32

ole32

oleaut32

xcgui

Sections

.text Size: 383KB - Virtual size: 383KB

.rdata Size: 143KB - Virtual size: 142KB

.data Size: 4KB - Virtual size: 12KB

.{=n Size: 2KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 383KB - Virtual size: 383KB

.rdata
Size: 143KB - Virtual size: 142KB

.data
Size: 4KB - Virtual size: 12KB

.{=n
Size: 2KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 36KB - Virtual size: 36KB