79f8f43ce6785b9d93377287349a1701aea2488dc787e349ccf8ae25d100709e

Sharing

Copy URL

Twitter E-mail

General

Target

79f8f43ce6785b9d93377287349a1701aea2488dc787e349ccf8ae25d100709e
Size

3.0MB
MD5

2e27bcc3455cf7178abec90977d9e44c
SHA1

7f4a3ba9b922a7a8473518f3b5495966215f43e9
SHA256

79f8f43ce6785b9d93377287349a1701aea2488dc787e349ccf8ae25d100709e
SHA512

53b8220898c102d88cee76144b3a9bd2a474bfaf8e0c2b045d264d2d3344499b3d35a6c0892c8b41553854a70d65546a27f8bcefd4790625c7bd59f73bc0aa3e
SSDEEP

49152:bz9HglGESUI3qXtsnX+8mRSwd+NHfA+wn8v0YSdV+Jbwz:lHglizOWwd+Nq8v0Yi1z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79f8f43ce6785b9d93377287349a1701aea2488dc787e349ccf8ae25d100709e

Files

79f8f43ce6785b9d93377287349a1701aea2488dc787e349ccf8ae25d100709e
.exe windows:5 windows x86 arch:x86

49c1e3476d3e20a587599bf699efe212

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\UltraShred\ultrashred_main\Release\UltraShred.pdb

Imports

kernel32

FlushFileBuffers
GetTickCount
GetVolumeInformationW
GetDiskFreeSpaceExW
QueryDosDeviceW
GetDriveTypeW
DeviceIoControl
GetWindowsDirectoryW
GetLogicalDriveStringsW
VirtualProtect
GetCurrentProcessId
IsBadReadPtr
SetUnhandledExceptionFilter
GetStartupInfoW
CreateProcessW
WaitForMultipleObjects
GetStringTypeW
EncodePointer
SwitchToThread
MoveFileExW
GetTempFileNameW
GetFileSizeEx
CreateFileW
RemoveDirectoryW
FindClose
FindNextFileW
GetFullPathNameW
FindFirstFileW
ResumeThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
lstrlenA
WideCharToMultiByte
WritePrivateProfileStringW
ExpandEnvironmentStringsW
InitializeCriticalSection
SetErrorMode
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
DecodePointer
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
FreeResource
GetPrivateProfileStringW
QueryPerformanceFrequency
QueryPerformanceCounter
SetWaitableTimer
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
WriteConsoleW
CancelWaitableTimer
ResetEvent
GetCurrentThread
GetThreadIOPendingFlag
RaiseException
WriteFile
GetLastError
DeleteCriticalSection
GetCurrentProcess
DuplicateHandle
SetFilePointer
InterlockedCompareExchange
CreateEventW
CreateWaitableTimerW
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
SetEvent
lstrlenW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
GetFileType
GetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
TryEnterCriticalSection
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
UnlockFileEx
GetFileAttributesW
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
FlushViewOfFile
CreateFileA
LoadLibraryA
GetVersionExA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
SystemTimeToFileTime
GetSystemTime
FormatMessageA
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObjectEx
LoadResource
LockResource
SetEndOfFile
GetTempPathW
OutputDebugStringA
GlobalFree
GetVersion
lstrcpynW
GetACP
ExitProcess
GetPrivateProfileIntW
GetModuleHandleExW
CreateFileMappingW
GetLocalTime
ReadFile
GetFileSize
lstrcmpA
GetVersionExW
GetSystemWindowsDirectoryW
Sleep
LoadLibraryExA
VirtualFree
VirtualAlloc
InitializeCriticalSectionAndSpinCount
DeleteFileW
SizeofResource
CloseHandle
WaitForSingleObject
CreateMutexW
ReleaseMutex
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
TlsAlloc
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
FormatMessageW

user32

GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
CharNextW
GetSysColor
GetClassNameW
GetDlgItem
IsWindow
SendMessageW
GetWindow
SetFocus
MoveWindow
IsChild
EndPaint
BeginPaint
FindWindowExW
GetWindowDC
RemovePropW
ReleaseCapture
HideCaret
GetIconInfo
DrawIconEx
DestroyIcon
SetRect
DrawTextW
CharPrevW
OffsetRect
ScreenToClient
GetFocus
SetCapture
FillRect
GetClientRect
InvalidateRgn
CallWindowProcW
FindWindowW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
InflateRect
SetCursor
wvsprintfW
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
SetWindowRgn
SystemParametersInfoW
LoadImageW
GetSystemMetrics
DispatchMessageW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
UnregisterClassW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
ShowCaret
EnableWindow
RegisterClassW
wsprintfW
PtInRect
IsRectEmpty
UnionRect
SetForegroundWindow
IntersectRect
MapWindowPoints
SetCaretPos
GetCaretBlinkTime
CopyRect
GetWindowRect
CreateCaret
BringWindowToTop
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
CharLowerA
CharLowerW
SetPropW
GetTopWindow
GetPropW
EndDialog
EnumThreadWindows
ShowWindow
IsIconic
PostQuitMessage
ShowWindowAsync
PostMessageW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
UpdateLayeredWindow
IsWindowVisible
IsZoomed
GetKeyState
SetTimer
KillTimer
GetUpdateRect
GetCursorPos

gdi32

Rectangle
SaveDC
GetTextMetricsW
SetWindowOrgEx
CreateRoundRectRgn
CombineRgn
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
SetDIBColorTable
TextOutW
ExtTextOutW
CreateDCW
GetDIBits
SetDIBitsToDevice
GetTextExtentPoint32W
CreatePen
CreateFontIndirectW
GetDeviceCaps
GetObjectW
GetStockObject
DeleteDC
BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
RestoreDC

comdlg32

GetOpenFileNameW

advapi32

RegQueryInfoKeyW
GetTokenInformation
RegQueryValueExW
GetUserNameW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegCreateKeyW

shell32

ShellExecuteW
ord680
ord165
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoInitializeSecurity
CoUninitialize
CoInitialize
OleUninitialize
CoTaskMemRealloc
CoGetClassObject
CoCreateGuid

oleaut32

VarBstrCmp
SysAllocStringLen
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
LoadTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi

shlwapi

StrStrIA
StrCmpIW
StrToIntW
StrToInt64ExW
ord213
ord214
PathFindFileNameW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathCombineW
wnsprintfW
StrStrIW
SHDeleteValueW
SHGetValueW
PathIsDirectoryW
StrCmpNIW
StrToIntA
StrTrimA

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

secur32

GetUserNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winhttp

WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpSetOption
WinHttpSetCredentials

msi

ord195

iphlpapi

GetAdaptersInfo

wininet

InternetCrackUrlW
InternetGetCookieExW

gdiplus

GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipCreateTexture
GdipClosePathFigure
GdipDrawLineI
GdipFillEllipseI
GdipDrawPath
GdipGraphicsClear
GdipSetInterpolationMode
GdipGetImageWidth
GdipBitmapUnlockBits
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipFree
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipDrawEllipseI
ord1
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRectI
GdipDrawImagePointsI
GdipDrawRectangleI
GdipFillPath
GdipCreatePath

msimg32

GradientFill
AlphaBlend

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 764KB - Virtual size: 763KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 159KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

49c1e3476d3e20a587599bf699efe212

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

secur32

version

winhttp

msi

iphlpapi

wininet

gdiplus

msimg32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 333KB - Virtual size: 333KB

.data Size: 42KB - Virtual size: 52KB

.rsrc Size: 764KB - Virtual size: 763KB

.reloc Size: 159KB - Virtual size: 160KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 333KB - Virtual size: 333KB

.data
Size: 42KB - Virtual size: 52KB

.rsrc
Size: 764KB - Virtual size: 763KB

.reloc
Size: 159KB - Virtual size: 160KB