b178fdc92ae8a9df9ab5ea0450b5766256130dcddf5b171911c84c1844defd7a[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

b178fdc92ae8a9df9ab5ea0450b5766256130dcddf5b171911c84c1844defd7a.7z
Size

1.3MB
MD5

3bd23bd47a9f288c1db28ceb91167d6c
SHA1

70568a3879018896d2d22220a9d4f3b757b917c6
SHA256

931db124289048e9adbebaf3905c06fb64282f529229bd615a9ada54fd8ad82f
SHA512

2a5606055238287925b916df3837418f4c65ca895a895c091126472797e41707d4395046e9420085ebc2752a9fc454ecc52be438ac0f52127cb780292a847663
SSDEEP

24576:1GpXk6HGjzPHRmmb4kWSgZdD17BnP/F1LvqLv2M0AN2ua7Ts1:Me6HQzPxmyb0ZdD1BnPdxqCM08oT0

Score

1^/10

Malware Config

Signatures

Files

b178fdc92ae8a9df9ab5ea0450b5766256130dcddf5b171911c84c1844defd7a.7z
.7z

Password: infected
b178fdc92ae8a9df9ab5ea0450b5766256130dcddf5b171911c84c1844defd7a
.exe windows x64

Password: infected

0b7d7ae51c8dcd6ef5a6385bb5d74693

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtCreateFile
NtDeviceIoControlFile
NtCancelIoFileEx
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlNtStatusToDosError

kernel32

GetModuleHandleA
GetProcAddress
GetCurrentThread
WriteConsoleW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFilePointerEx
GetFileInformationByHandle
ReleaseSRWLockShared
FindNextFileW
CreateDirectoryW
FindClose
SetFileInformationByHandle
FindFirstFileW
SetFileCompletionNotificationModes
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateIoCompletionPort
GetCurrentProcessId
GetQueuedCompletionStatusEx
CreateNamedPipeW
CreateThread
WriteFileEx
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
AcquireSRWLockShared
DeleteFileW
SetFileAttributesW
CreateSymbolicLinkW
CreateHardLinkW
SetFileTime
SetConsoleMode
WakeConditionVariable
PostQueuedCompletionStatus
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
GetConsoleMode
SwitchToThread
GetSystemInfo
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
AcquireSRWLockExclusive
lstrlenW
ReleaseSRWLockExclusive
GetStdHandle
HeapReAlloc
HeapFree
SetHandleInformation
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetFileInformationByHandleEx
GetCommandLineW
GetExitCodeProcess
WaitForSingleObject
SleepEx
ReadFileEx
GetOverlappedResult
WaitForMultipleObjects
WakeAllConditionVariable
CloseHandle
GetLastError
GetFinalPathNameByHandleW
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetFullPathNameW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ws2_32

getsockopt
connect
ioctlsocket
WSACleanup
WSASend
closesocket
bind
getsockname
WSAGetLastError
getpeername
setsockopt
getaddrinfo
freeaddrinfo
recv
send
shutdown
WSAIoctl
WSAStartup
WSASocketW

advapi32

RegQueryValueExW
RegOpenKeyExW
SystemFunction036
RegCloseKey

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

vcruntime140

memmove
__C_specific_handler
__current_exception
__current_exception_context
memcpy
memset
__CxxFrameHandler3
memcmp

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-utility-l1-1-0

_rotl64

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
calloc

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
exit
_exit
_seh_filter_exe
_initterm_e
__p___argc
_initialize_narrow_environment
__p___argv
_register_onexit_function
_crt_atexit
_get_initial_narrow_environment
_cexit
_c_exit
terminate
_register_thread_local_exe_atexit_callback
_initterm
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

0b7d7ae51c8dcd6ef5a6385bb5d74693

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

shell32

ole32

ws2_32

advapi32

bcrypt

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 59KB - Virtual size: 59KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 59KB - Virtual size: 59KB

.reloc
Size: 27KB - Virtual size: 27KB