file | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file
Size

5.8MB
MD5

e7d5201947829fd265a0356771fbeb63
SHA1

6c90b89aad04f38c584fcee1d47fed9cd79f8ef1
SHA256

b32daf27aa392d26bdf5faafbaae6b21cd6c918d461ff59f548a73d447a96dd9
SHA512

e3442ecebdb29ea722142f9a1a533b8fe6297b9e6923cf290cc3850287a864059bb17709ee03ce134f36d5e333a36a9c37345507a7f9fbd007ca8fbf89abce31
SSDEEP

98304:yfUTMfcltw7HaqKN2A2lO8azKowdWr6z3h4q1KIqoS4aMTlcMmbFLOAkGkzdnEVk:2UiEsGE/r1R4q8IqoSP4cMmbFLOyomFI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file

Files

file
.exe windows:6 windows x86 arch:x86

2648953fbc395f33054fd012a21220c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\cpp\git7\Release Static\RibbonGadgets.pdb

Imports

kernel32

IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetStringTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
RaiseException
OutputDebugStringW
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleOutputCP
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
CreateFileW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetConsoleMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LocalUnlock
LocalLock
GetWindowsDirectoryA
SearchPathA
GetProfileIntA
SetErrorMode
SystemTimeToTzSpecificLocalTime
SetFileAttributesA
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetTempPathA
FindResourceExW
GetACP
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
FileTimeToSystemTime
GetAtomNameA
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileA
GetTempFileNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GetTickCount64
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetVersionExA
GetStringTypeExA
GetThreadLocale
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
GetCurrentProcess
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
VerifyVersionInfoA
VerSetConditionMask
GetTickCount
GetCurrentDirectoryA
lstrcpyA
GlobalReAlloc
InitializeCriticalSectionAndSpinCount
GetFileSize
GetFileAttributesA
CreateFileA
VirtualProtect
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
WaitForSingleObject
SetEvent
CloseHandle
lstrcmpA
GetModuleFileNameA
GetCurrentProcessId
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryA
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
MultiByteToWideChar
CopyFileA
FormatMessageA
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
SetLastError
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
DecodePointer
GetModuleHandleA
ExitProcess
Sleep
DebugBreak
FindResourceA
MulDiv
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
QueryPerformanceFrequency
LoadResource
WriteConsoleW

user32

IsClipboardFormatAvailable
TrackMouseEvent
LoadMenuW
IsZoomed
DrawIconEx
DrawFocusRect
GetSysColorBrush
SetWindowRgn
GetSystemMetrics
DrawFrameControl
DrawEdge
CopyImage
LoadImageW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MapDialogRect
GetAsyncKeyState
TranslateMessage
GetMessageA
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
LoadImageA
DestroyIcon
IntersectRect
SetCursor
InsertMenuItemA
DestroyMenu
CreatePopupMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
ReleaseCapture
BringWindowToTop
DrawStateA
GetCursorPos
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
IsDialogMessageA
SetWindowTextA
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetSystemMenu
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
EqualRect
CopyRect
MapWindowPoints
MessageBoxA
AdjustWindowRectEx
GetWindowRect
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
EnumDisplayMonitors
ScrollWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetDlgCtrlID
GetDlgItem
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
SetClassLongA
GetUpdateRect
FrameRect
EnableWindow
SendMessageA
PostMessageA
SetTimer
KillTimer
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
DeleteMenu
GetMenuItemInfoA
SetMenuDefaultItem
SetRect
LoadCursorA
CharUpperA
EnableScrollBar
SystemParametersInfoA
NotifyWinEvent
UpdateLayeredWindow
SetCapture
UnionRect
MonitorFromPoint
GetDoubleClickTime
LockWindowUpdate
SetParent
ModifyMenuA
WindowFromPoint
DestroyAcceleratorTable
MessageBeep
SetLayeredWindowAttributes
GetLastActivePopup
RedrawWindow
IsRectEmpty
FillRect
InflateRect
OffsetRect
UpdateWindow
InvalidateRect
GetClientRect
SetRectEmpty
GetParent
GetSysColor
UnregisterClassA
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
SetFocus
SetScrollPos
GetScrollPos
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
GetWindow
PostQuitMessage
ShowOwnedPopups
RegisterClipboardFormatA
InvertRect
LoadCursorW
HideCaret
GetTabbedTextExtentW
GetWindowRgn
CreateMenu
GetTabbedTextExtentA
WindowFromDC
MapVirtualKeyExA
SetWindowContextHelpId
GetDCEx
DrawIcon
DestroyCursor
InvalidateRgn
CharNextA
EnumChildWindows
InSendMessage
SendNotifyMessageA
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
CharUpperBuffA
MonitorFromRect
SubtractRect
GetComboBoxInfo
GetNextDlgGroupItem
CopyAcceleratorTableA
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
CopyIcon
GetIconInfo
SetCursorPos
MapVirtualKeyA
GetKeyNameTextA
GetMenuDefaultItem
GetDialogBaseUnits
RealChildWindowFromPoint
WaitMessage
SetScrollRange
PostThreadMessageA
IsCharLowerA

gdi32

CreatePen
CreatePatternBrush
CreateRectRgn
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutA
ExtTextOutA
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
CreateHatchBrush
CreateCompatibleBitmap
CombineRgn
GetDIBits
PatBlt
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32A
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsA
CreateRoundRectRgn
CreatePalette
GetPaletteEntries
Rectangle
GetMapMode
SetRectRgn
DPtoLP
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
StartPage
EndPage
SetAbortProc
GetCharWidthA
StretchDIBits
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
GetCurrentObject
GetNearestPaletteIndex
GetSystemPaletteEntries
GetViewportOrgEx
LPtoDP
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
FillRgn
GetBoundsRect
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextExtentPointA
GetTextExtentPoint32W
GetTextFaceA
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
CreateDIBPatternBrushPt
CreateCompatibleDC
CreateBitmap
BitBlt
CreateDCA
CopyMetaFileA
DeleteDC
CreateSolidBrush
AbortDoc
EndDoc
StartDocA
GetDeviceCaps
CreateFontA
CreateFontIndirectA
ScaleWindowExtEx
RoundRect
GetObjectA

msimg32

AlphaBlend
TransparentBlt

winspool.drv

GetJobA
DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumValueA
RegEnumKeyExA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegSetValueA
RegCloseKey

shell32

DragFinish
ShellExecuteExA
SHAppBarMessage
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ExtractIconA
SHAddToRecentDocs
ShellExecuteA
SHGetDesktopFolder
DragQueryFileA

shlwapi

PathFindExtensionA
PathIsUNCA
PathRemoveExtensionA
PathRemoveFileSpecW
StrFormatKBSizeA
PathFindFileNameA
PathStripToRootA

uxtheme

OpenThemeData
CloseThemeData
IsAppThemed
GetThemePartSize
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeParentBackground
GetThemeSysColor
GetWindowTheme
DrawThemeText
IsThemeBackgroundPartiallyTransparent

ole32

GetHGlobalFromILockBytes
WriteClassStm
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleRegEnumVerbs
OleRegGetMiscStatus
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CreateFileMoniker
CreateILockBytesOnHGlobal
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfile
OleCreate
OleCreateFromData
OleLockRunning
OleSetMenuDescriptor
CoDisconnectObject
StringFromGUID2
PropVariantCopy
CLSIDFromProgID
CLSIDFromString
CreateGenericComposite
OleCreateLinkFromData
OleCreateStaticFromData
OleInitialize
CoFreeUnusedLibraries
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
OleRun
CreateDataAdviseHolder
CreateOleAdviseHolder
OleQueryCreateFromData
OleQueryLinkFromData
CoGetMalloc
OleUninitialize
OleIsRunning
CreateItemMoniker
GetRunningObjectTable

oleaut32

LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SysAllocString
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
OleCreateFontIndirect
SysStringLen
SysAllocStringByteLen
VariantChangeType
VariantClear
SysAllocStringLen
VariantInit
SafeArrayGetLBound
SysFreeString
SysStringByteLen

oledlg

ord8

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 546KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2648953fbc395f33054fd012a21220c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

oleacc

imm32

winmm

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 546KB - Virtual size: 545KB

.data Size: 33KB - Virtual size: 52KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 546KB - Virtual size: 545KB

.data
Size: 33KB - Virtual size: 52KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB