f7d12f875680cdebeac4d6b8996ba266fce052a859bb949825c6b8d147f23a41

Resubmissions

17/02/2023, 04:38

230217-e9vsgsdg62 7

17/02/2023, 04:09

230217-eq5tcadb9v 7

Sharing

Copy URL Twitter E-mail

General

Target

f7d12f875680cdebeac4d6b8996ba266fce052a859bb949825c6b8d147f23a41
Size

7.1MB
MD5

7d3c80e580dfc192aed378b3a08c8605
SHA1

690cb9e444b78b9d9e2ad83f56171bff9748c327
SHA256

f7d12f875680cdebeac4d6b8996ba266fce052a859bb949825c6b8d147f23a41
SHA512

72388742b261d1de05137ccf159114ba889b24e24160feeb125e5e0da44a4ca1ca18268273a2403661d58c0221585535ace732e88fd7876598c4991a46c88843
SSDEEP

98304:XUII3cxz9E1wSTscXVhfbVxhrB5K+us7D/a7ELbVZlkIjZWt7DXqJXr9xMnKFuB2:Ys9m15hhTHhBDtZWVY79xMn632T

Score

1^/10

Malware Config

Signatures

Files

f7d12f875680cdebeac4d6b8996ba266fce052a859bb949825c6b8d147f23a41
.exe windows x64

10abd90c224cc4218c72bcd252462e25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtDeviceIoControlFile
RtlLookupFunctionEntry
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
RtlVirtualUnwind
RtlCaptureContext

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayDestroy
VariantClear
SysFreeString
SysAllocStringLen
SafeArrayGetUBound

kernel32

SetHandleInformation
GetFileInformationByHandle
ReleaseSRWLockExclusive
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
GetSystemTimeAsFileTime
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFilePointerEx
GetFileInformationByHandleEx
GetFullPathNameW
FindNextFileW
CreateDirectoryW
FindFirstFileW
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
FileTimeToSystemTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
WriteFileEx
GetQueuedCompletionStatusEx
CreateIoCompletionPort
CreateEventW
CancelIo
SystemTimeToTzSpecificLocalTime
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentDirectoryW
CopyFileExW
SleepConditionVariableSRW
WakeConditionVariable
PostQueuedCompletionStatus
SystemTimeToFileTime
GetExitCodeProcess
WaitForSingleObject
GetTimeZoneInformation
AddVectoredExceptionHandler
ReadFileEx
SleepEx
GetOverlappedResult
SetThreadStackGuarantee
WaitForMultipleObjects
WakeAllConditionVariable
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
HeapReAlloc
GetSystemInfo
GetFinalPathNameByHandleW
GetLastError
SwitchToThread
GetProcessHeap
SetLastError
HeapAlloc
SetFileCompletionNotificationModes
AcquireSRWLockExclusive
FindClose
CloseHandle
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
FormatMessageW
ReadFile
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
HeapAlloc
RtlUnwindEx
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptUnprotectData
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCloseStore
CertDuplicateCertificateContext
CertDuplicateStore
CertDuplicateCertificateChain
CertOpenStore
CertEnumCertificatesInStore

ole32

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

advapi32

CheckTokenMembership
FreeSid
RegQueryValueExW
RegOpenKeyExW
AllocateAndInitializeSid
RegCloseKey

user32

GetMonitorInfoW
EnumDisplayMonitors
EnumDisplaySettingsExW
CharUpperBuffW

gdi32

CreateCompatibleDC
DeleteObject
CreateDCW
GetObjectW
GetDIBits
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
GetDeviceCaps
SetStretchBltMode

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

ws2_32

WSASend
WSAIoctl
getsockname
WSAGetLastError
getpeername
getsockopt
connect
ioctlsocket
bind
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
send
shutdown
closesocket
WSASocketW

secur32

AcquireCredentialsHandleA
FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
AcceptSecurityContext
ApplyControlToken
DecryptMessage
QueryContextAttributesW
InitializeSecurityContextW

vcruntime140

memcmp
__current_exception_context
__current_exception
__C_specific_handler
strrchr
memmove
memcpy
memset
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

strlen
strcmp
strncmp
strcspn

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-heap-l1-1-0

_msize
realloc
malloc
_set_new_mode
free

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-math-l1-1-0

log
__setusermatherr
_dclass

api-ms-win-crt-runtime-l1-1-0

_endthreadex
_seh_filter_exe
_beginthreadex
_initialize_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_register_onexit_function
_set_app_type
_initterm_e
exit
_exit
terminate
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.1(7
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.4fu
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LP-
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

10abd90c224cc4218c72bcd252462e25

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

oleaut32

kernel32

crypt32

ole32

advapi32

user32

gdi32

bcrypt

ws2_32

secur32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 2.3MB

.rdata Size: - Virtual size: 753KB

.data Size: - Virtual size: 29KB

.pdata Size: - Virtual size: 56KB

.1(7 Size: - Virtual size: 3.1MB

.4fu Size: 4KB - Virtual size: 4KB

.LP- Size: 7.0MB - Virtual size: 7.0MB

.reloc Size: 512B - Virtual size: 204B

.rsrc Size: 117KB - Virtual size: 117KB

.text
Size: - Virtual size: 2.3MB

.rdata
Size: - Virtual size: 753KB

.data
Size: - Virtual size: 29KB

.pdata
Size: - Virtual size: 56KB

.1(7
Size: - Virtual size: 3.1MB

.4fu
Size: 4KB - Virtual size: 4KB

.LP-
Size: 7.0MB - Virtual size: 7.0MB

.reloc
Size: 512B - Virtual size: 204B

.rsrc
Size: 117KB - Virtual size: 117KB