dr_drop_L_Cryp_Mem[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

dr_drop_L_Cryp_Mem.exe
Size

6.7MB
MD5

d9ec1112453f05e7aedc4219abb7d032
SHA1

f5444e58f9c9d6381443c1157f9fe0c1bfb36cbe
SHA256

878dac750a0717184095b18885aab76da813c897482ea10154393988d122855b
SHA512

98921f0a2ca4fb381552c2ac25ca291219419875782464b5a93a8c943b484a11a0d6f5007460a5f0977e0449688c135e66e75baf970fda1b0d6dac0167a3e86d
SSDEEP

196608:OkJzG+AC+tJsqYcqE4kSyJAiz3wDRt1BHEg:ieRzRXdE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

dr_drop_L_Cryp_Mem.exe

resource
dr_drop_L_Cryp_Mem.exe

Files

dr_drop_L_Cryp_Mem.exe
.exe windows:5 windows x86 arch:x86

3ecc3178b6ceb6ae782684ecba2b9fa4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\home\luntbuild\work\app-winrd\products\winrd\bin\release\Player.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeW

kernel32

InterlockedExchange
ReleaseMutex
CreateMutexW
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
LocalFree
GetModuleFileNameW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
UnmapViewOfFile
SetErrorMode
Sleep
lstrcpyW
CompareStringW
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
ResumeThread
GetThreadContext
SetThreadContext
LoadLibraryW
DisableThreadLibraryCalls
GetTickCount
CreateThread
CreateMutexA
LockResource
FindResourceExW
GetFileSize
ReadFile
CreateFileW
GetCurrentDirectoryW
CompareFileTime
ResetEvent
GetProcAddress
GetModuleHandleA
GetCurrentDirectoryA
CreateSemaphoreW
ReleaseSemaphore
GetDiskFreeSpaceA
CreateEventA
CreateSemaphoreA
MoveFileW
GetDriveTypeW
FileTimeToLocalFileTime
CreatePipe
FindClose
SuspendThread
WideCharToMultiByte
FreeLibrary
AllocConsole
GetCurrentThread
LocalAlloc
GetVersionExW
GetSystemInfo
MoveFileExW
SetThreadPriority
CreateNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
OutputDebugStringA
GetProcessTimes
TerminateThread
CreateRemoteThread
GetExitCodeThread
GetSystemDirectoryA
OpenProcess
CreateFileMappingA
CreateProcessA
GetSystemTime
FormatMessageA
GetFullPathNameW
GetFullPathNameA
GetTempPathW
GetTempPathA
DeleteFileW
GetFileAttributesA
UnlockFile
LockFileEx
LockFile
AreFileApisANSI
GetVersionExA
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
GetLocaleInfoW
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapCreate
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FatalAppExitA
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetACP
TlsFree
GetStringTypeW
LCMapStringW
LCMapStringA
CreateDirectoryA
GetFileAttributesW
GetTimeZoneInformation
GetStartupInfoW
GetCPInfo
GetSystemTimeAsFileTime
DeleteFileA
ExitProcess
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
GetLastError
GetModuleHandleW
SetEvent
CreateEventW
GetExitCodeProcess
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
SystemTimeToFileTime
FileTimeToSystemTime
GetLocaleInfoA
GetLocalTime
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
OutputDebugStringW
DebugBreak
lstrlenW
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
RaiseException
FindFirstFileW
FindNextFileW
CreateDirectoryW
GetFileInformationByHandle
PeekNamedPipe
SetCurrentDirectoryA
GetDriveTypeA
DuplicateHandle

user32

SetWindowsHookExW
EqualRect
GetWindowRgn
IntersectRect
SetParent
UpdateLayeredWindow
SetRect
SetWindowRgn
CharLowerW
CharUpperW
GetMenuItemCount
GetWindowThreadProcessId
GetClientRect
IsIconic
UnhookWindowsHookEx
GetWindowRect
IsWindow
ShowWindow
MoveWindow
GetMonitorInfoW
MonitorFromWindow
UnregisterClassA
InvalidateRect
SetCursor
LoadCursorW
MessageBoxW
BeginPaint
EndPaint
wvsprintfW
CharNextW
DefWindowProcW
SetWindowLongW
GetWindowLongW
CallWindowProcW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
PostMessageW
SystemParametersInfoW
SetFocus
wsprintfW
CallNextHookEx
SendMessageW
IsZoomed
RegisterClassW
EnableWindow
SetDlgItemTextW
GetParent
GetDlgItem
SetWindowPos
MapWindowPoints
GetWindow
DialogBoxParamW
EndDialog
GetSysColor
GetCursorPos
PostThreadMessageW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetLayeredWindowAttributes
MonitorFromPoint
LoadBitmapW
GetDC
DrawTextW
GetKeyState
EnumDisplaySettingsExW
EnumDisplayDevicesW
GetFocus
ShowCursor
SetTimer
KillTimer
LoadIconW
SetWindowTextW
IsWindowVisible
LoadStringW
GetSystemMetrics
CheckRadioButton
GetDlgItemTextW
GetActiveWindow
InSendMessage
DrawMenuBar
IsMenu
FillRect
SendMessageA
SetMenuItemInfoW
ReleaseCapture
PtInRect
SetCapture
GetDlgCtrlID
ReleaseDC
GetWindowPlacement
PostQuitMessage
ClientToScreen
SetActiveWindow
FlashWindow
BringWindowToTop
FindWindowW
ScreenToClient
UpdateWindow
ReplyMessage
GetWindowTextW
EnumThreadWindows
EnumChildWindows
SetRectEmpty
CreateDialogParamW
RegisterWindowMessageW
SetForegroundWindow
CreatePopupMenu
TrackPopupMenu
CopyRect
DrawFocusRect
OffsetRect
IsWindowEnabled
GetWindowTextLengthW
GetClassNameW
GetCapture
SetMenuDefaultItem
GetMenuItemID
GetSubMenu
DestroyMenu
LoadMenuW
EnableMenuItem
CheckMenuItem
AppendMenuW

gdi32

DeleteObject
DeleteDC
CombineRgn
ExtCreateRegion
BitBlt
CreateDIBSection
GetObjectW
CreateCompatibleDC
CreateSolidBrush
CreateFontIndirectW
SetTextColor
SetBkMode
GetStockObject
CreateCompatibleBitmap
CreateRoundRectRgn
SetBkColor
GetDeviceCaps
GetRgnBox
CreateRectRgn
SelectObject

advapi32

OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey

shell32

ShellExecuteW
SHGetPathFromIDListW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderLocation

ole32

OleCreate
OleSetContainedObject
OleDraw
CoCreateGuid
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
OleInitialize
OleUninitialize
CoTaskMemAlloc
StringFromGUID2
CoInitialize

oleaut32

VariantChangeType
VariantInit
CreateErrorInfo
VariantClear
VariantCopy
SafeArrayDestroy
VarUI4FromStr
SafeArrayAccessData
SafeArrayCreateVector
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
SysFreeString
SetErrorInfo
GetErrorInfo
SafeArrayUnaccessData
SysAllocString

shlwapi

SHSetValueW
PathFileExistsW
PathFileExistsA

comctl32

InitCommonControlsEx
ImageList_LoadImageW
_TrackMouseEvent
ImageList_Destroy

gdiplus

GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipAlloc
GdipFree
GdipGraphicsClear
GdipGetClipBoundsI
GdipSetClipRectI
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipGetFontStyle
GdipGetFamily
GdipDrawLineI
GdiplusStartup
GdipGetLogFontW
GdipMeasureString
GdipFillPath
GdipDrawPath
GdipSetPenColor
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRect
GdipAddPathArcI
GdipAddPathLineI
GdipCreateCachedBitmap
GdipDeletePath
GdipCreatePath
GdipClonePath
GdipSetSolidFillColor
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipFillRectangleI
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteStringFormat
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDrawString
GdipDeleteCachedBitmap
GdipCreateBitmapFromScan0
GdipFillRectangle
GdipSetCompositingQuality
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDisposeImage
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipDrawCachedBitmap
GdipDeleteFont
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipGetFontSize
GdipSetImageAttributesColorKeys

wininet

InternetAttemptConnect
InternetGetConnectedStateExW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.itext
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ecc3178b6ceb6ae782684ecba2b9fa4

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

iphlpapi

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 418KB - Virtual size: 418KB

.data Size: 40KB - Virtual size: 1.6MB

.rsrc Size: 139KB - Virtual size: 139KB

.itext Size: 3.2MB - Virtual size: 3.2MB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 418KB - Virtual size: 418KB

.data
Size: 40KB - Virtual size: 1.6MB

.rsrc
Size: 139KB - Virtual size: 139KB

.itext
Size: 3.2MB - Virtual size: 3.2MB