fd64525fad766c38e720e510d9e7f0936053608caf9a880e651bbb5d838932b5[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

fd64525fad766c38e720e510d9e7f0936053608caf9a880e651bbb5d838932b5.exe
Size

11.6MB
MD5

2beb0dabb4855ed80bb8d9d67150e344
SHA1

822e735b4f16a783f5ccd83010c45f5177543eba
SHA256

fd64525fad766c38e720e510d9e7f0936053608caf9a880e651bbb5d838932b5
SHA512

0d9e5882343abaae5452bc99691c3b816d75dcbfb9fb1558c63cd23461c6a10f4bc777e4fc3fbf1a3edb745e3dcb8c39e8031f1043a250508308be471f80eb94
SSDEEP

98304:dRPdWJ1S7TvZ2ER0Vn//BJPSL2aiGS8BHx9bH6RfkedcTke8fC7OpR1c:e1SRuViZiU9ErC5wbZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd64525fad766c38e720e510d9e7f0936053608caf9a880e651bbb5d838932b5.exe

Files

fd64525fad766c38e720e510d9e7f0936053608caf9a880e651bbb5d838932b5.exe
.exe windows:6 windows x64 arch:x64

9131c3e460d27233ecf0b7ed80df79df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nextchat.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

ntdll

RtlUnwindEx
NtWriteFile
RtlGetNtVersionNumbers
NtCancelIoFileEx
NtReadFile
RtlPcToFileHeader
RtlVirtualUnwind
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

RaiseException
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
ReleaseSRWLockExclusive
CloseHandle
GetCurrentThreadId
GetModuleHandleW
LCIDToLocaleName
GetUserDefaultUILanguage
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
EncodePointer
AcquireSRWLockExclusive
LoadLibraryW
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
TlsGetValue
GetFullPathNameW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
ExitProcess
SetEnvironmentVariableW
CancelIo
CreateEventW
CopyFileExW
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
GetFileInformationByHandleEx
TlsSetValue
CreateFileW
MultiByteToWideChar
LoadLibraryExW
WideCharToMultiByte
GlobalFree
FindClose
FindNextFileW
GetEnvironmentVariableW
GlobalAlloc
ReleaseMutex
GetModuleHandleA
GetFileInformationByHandle
GetConsoleMode
SetFileAttributesW
MoveFileExW
HeapReAlloc
QueryPerformanceFrequency
TerminateProcess
GetSystemDirectoryW
GetExitCodeProcess
SleepEx
WriteFileEx
GlobalUnlock
GlobalSize
GlobalLock
GetStdHandle
SetFilePointerEx
Sleep
DuplicateHandle
FormatMessageW
GetCurrentProcess
WaitForSingleObject
HeapAlloc
SetFileInformationByHandle
FreeLibrary
GetProcAddress
LoadLibraryA
HeapFree
GetLastError
GetProcessHeap
GetCommandLineW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetFileTime
GetCurrentThread
lstrlenW
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
SetFileCompletionNotificationModes
GetSystemInfo
GetOverlappedResult
ReadFile
TlsFree
GetQueuedCompletionStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
GetCurrentProcessId
SetHandleInformation

user32

GetDC
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetForegroundWindow
EmptyClipboard
SetClipboardData
CloseClipboard
ShowCursor
DispatchMessageA
GetMessageA
AdjustWindowRectEx
RegisterWindowMessageA
CreateIcon
PostQuitMessage
AppendMenuW
CreateMenu
SetMenuItemInfoW
CheckMenuItem
GetMenu
SetWindowLongW
SendMessageW
EnableMenuItem
GetSystemMenu
ShowWindow
GetWindowRect
VkKeyScanW
GetAsyncKeyState
GetKeyboardState
GetRawInputData
SystemParametersInfoA
DestroyAcceleratorTable
CreateAcceleratorTableW
SendInput
SetForegroundWindow
RegisterClassExW
SetWindowDisplayAffinity
ToUnicodeEx
GetKeyState
MapVirtualKeyExW
GetWindowTextW
GetWindowTextLengthW
GetKeyboardLayout
SetWindowTextW
SetCapture
SetWindowLongPtrW
MonitorFromPoint
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
EnumDisplayMonitors
EnumChildWindows
RegisterClipboardFormatW
IsProcessDPIAware
GetWindowLongPtrW
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
IsWindowVisible
SetCursorPos
ReleaseCapture
IsIconic
GetActiveWindow
SetMenu
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
MapVirtualKeyW
GetUpdateRect
ValidateRect
SetCursor
LoadCursorW
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
CloseTouchInputHandle
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
ClientToScreen
GetClientRect
GetWindowLongW
ScreenToClient
FlashWindowEx
DefWindowProcW
RedrawWindow
PostThreadMessageW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
ClipCursor
DestroyWindow
GetClipCursor
DestroyIcon

comctl32

RemoveWindowSubclass
SetWindowSubclass
TaskDialogIndirect
DefSubclassProc

ole32

RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
OleInitialize
CoTaskMemFree

shell32

DragQueryFileW
SHCreateItemFromParsingName
SHGetKnownFolderPath
SHAppBarMessage
DragFinish
ShellExecuteW

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SetErrorInfo
SysStringLen
SysFreeString
GetErrorInfo

uxtheme

SetWindowTheme

advapi32

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW
SystemFunction036

bcrypt

BCryptGenRandom

ws2_32

getsockopt
WSACleanup
closesocket
getaddrinfo
freeaddrinfo
WSAStartup
getsockname
getpeername
WSAGetLastError
WSASocketW
bind
connect
ioctlsocket
WSAIoctl
setsockopt
WSASend
send
recv
shutdown

secur32

AcceptSecurityContext
QueryContextAttributesW
EncryptMessage
FreeContextBuffer
InitializeSecurityContextW
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext
DecryptMessage
ApplyControlToken

crypt32

CertCloseStore
CertDuplicateStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertAddCertificateContextToStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore

api-ms-win-crt-math-l1-1-0

round
floor
__setusermatherr
trunc

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__p___argc
_set_app_type
_seh_filter_exe
__p___argv
terminate
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
abort
_crt_atexit
_initterm_e

api-ms-win-crt-string-l1-1-0

wcslen
strcpy_s
_wcsicmp
wcsncmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
malloc
_callnewh
free

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9131c3e460d27233ecf0b7ed80df79df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ntdll

kernel32

user32

comctl32

ole32

shell32

gdi32

dwmapi

oleaut32

uxtheme

advapi32

bcrypt

ws2_32

secur32

crypt32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 5.6MB - Virtual size: 5.6MB

.data Size: 13KB - Virtual size: 16KB

.pdata Size: 313KB - Virtual size: 313KB

.rsrc Size: 55KB - Virtual size: 55KB

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 5.6MB - Virtual size: 5.6MB

.data
Size: 13KB - Virtual size: 16KB

.pdata
Size: 313KB - Virtual size: 313KB

.rsrc
Size: 55KB - Virtual size: 55KB

.reloc
Size: 49KB - Virtual size: 49KB