b8a5f4698554e515e29c12baf52412712b60f1a41bccd2bfea792d6ced23aa28[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b8a5f4698554e515e29c12baf52412712b60f1a41bccd2bfea792d6ced23aa28.exe
Size

7.0MB
MD5

f1c21a69ed9f85e12d58ef0f5ac5c9b1
SHA1

c1e9829e149c08987ae77c606b8ba00a79c8bbb2
SHA256

b8a5f4698554e515e29c12baf52412712b60f1a41bccd2bfea792d6ced23aa28
SHA512

2ba1d4e614aac606c6fd220a328d6008b6c77abf8181fcb6c470d0f055ea15e92c66885f7a903f3754ce522eb595a7ba012be087243da9e5b76ce3a7d99d18a0
SSDEEP

24576:orq+1Wd1aL0P9gQ7ESzgD0WiCxOtpzQaSr4+r:U89gEzgVpOtpzQaSr4+r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8a5f4698554e515e29c12baf52412712b60f1a41bccd2bfea792d6ced23aa28.exe

Files

b8a5f4698554e515e29c12baf52412712b60f1a41bccd2bfea792d6ced23aa28.exe
.exe windows x86

2cbc5b636b75aecad35c6984b287682c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoInitializeSecurity

ntdll

NtQuerySystemInformation
RtlCaptureContext
RtlUnwind

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

advapi32

LookupAccountSidW
GetTokenInformation
OpenProcessToken
GetNamedSecurityInfoW
SystemFunction036
AccessCheck
MapGenericMask
RevertToSelf
OpenThreadToken
ImpersonateSelf
GetSidIdentifierAuthority
IsValidSid

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2

kernel32

GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
HeapSize
GetConsoleOutputCP
CloseHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObject
GetExitCodeProcess
GetProcessHeap
HeapFree
GetLastError
HeapAlloc
OpenProcess
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetCurrentProcessId
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
GetDiskFreeSpaceExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateFileW
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetSystemInfo
SleepConditionVariableSRW
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
LocalFree
GetCurrentThread
lstrlenW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
ReleaseSRWLockShared
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetProcAddress
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
TerminateProcess
WaitForMultipleObjects
GetOverlappedResult
WakeAllConditionVariable
WakeConditionVariable
TlsAlloc
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
DecodePointer
GetFinalPathNameByHandleW
CreateEventW
ReadFile
CancelIo
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
CreateThread
GetTempPathW
GetConsoleMode
WriteConsoleW
SetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
WriteFile
LoadLibraryExW
FreeLibrary
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups

oleaut32

SysFreeString
VariantClear
SysAllocString

pdh

PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhAddEnglishCounterW

powrprof

CallNtPowerInformation

psapi

GetPerformanceInfo
GetModuleFileNameExW

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

shell32

SHGetKnownFolderPath
ShellExecuteExW

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cbc5b636b75aecad35c6984b287682c

Headers

DLL Characteristics

File Characteristics

Imports

ole32

ntdll

bcrypt

advapi32

iphlpapi

kernel32

netapi32

oleaut32

pdh

powrprof

psapi

secur32

shell32

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 144KB - Virtual size: 144KB

.data Size: 5KB - Virtual size: 8KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 144KB - Virtual size: 144KB

.data
Size: 5KB - Virtual size: 8KB

.reloc
Size: 18KB - Virtual size: 18KB