fb86ecce6058af10ec748932c279008f3be250ff4062149e0c74437c5fa1e901

Sharing

Copy URL Twitter E-mail

General

Target

fb86ecce6058af10ec748932c279008f3be250ff4062149e0c74437c5fa1e901
Size

837KB
MD5

b5159f146d0f2a08025644fdedef1b8f
SHA1

444457af02f572da3263e0e07a48ac9a86689c85
SHA256

fb86ecce6058af10ec748932c279008f3be250ff4062149e0c74437c5fa1e901
SHA512

591dc794b5983ded6a8575dc7e99c2405a425a0cfadfe920efd46982dde33d092902e6dd6afe07d1977c548b66de7d07e52d632018873f6407644263bdede38f
SSDEEP

24576:KSwiQoJtvr8UVB6by69Ade70GvQlS8Sa3LNj8yqF:46B+O6LWSKLVpq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb86ecce6058af10ec748932c279008f3be250ff4062149e0c74437c5fa1e901

Files

fb86ecce6058af10ec748932c279008f3be250ff4062149e0c74437c5fa1e901
.exe windows x86

dfa4c649a2742527552fa7065dfcff68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
LoadResource
SizeofResource
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
LoadLibraryW
GetEnvironmentVariableW
VirtualQuery
GetCurrentThreadId
QueryDosDeviceW
GetUserDefaultLangID
CreateMutexW
HeapAlloc
GetProcessHeap
GetCurrentProcessId
LocalFree
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FatalAppExitA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetErrorMode
GetLastError
RaiseException
DecodePointer
WriteConsoleW
ReadConsoleW
FlushFileBuffers
GetLogicalDriveStringsW
OpenProcess
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetTimeZoneInformation
GetStringTypeW
GetVersionExW
LockResource
GetSystemInfo
WaitForSingleObject
ResumeThread
SetEvent
Sleep
ResetEvent
CreateEventW
OpenEventW
SearchPathW
GetDriveTypeW
GetFileAttributesW
LoadLibraryA
ExpandEnvironmentStringsW
GetDiskFreeSpaceW
GetVolumeInformationW
FindFirstFileW
CreateFileW
GetLongPathNameW
GetFileAttributesExW
GetShortPathNameW
TryEnterCriticalSection
InitializeCriticalSection
InterlockedExchangeAdd
HeapFree
SetEnvironmentVariableA
GlobalAlloc
GlobalFree
FindClose
FindNextFileW
lstrlenW
lstrcatW
lstrcpyW
GetFileSizeEx
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
DeleteFileW
GetFullPathNameW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
SetFileTime
GetSystemDirectoryW
CopyFileW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
SetCurrentDirectoryW
RemoveDirectoryW
GetWindowsDirectoryW
SetFileAttributesW
GetFileSize
GetFileTime
WideCharToMultiByte
GetACP
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTime
LocalFileTimeToFileTime
GetCurrentProcess
CreateProcessW
GetExitCodeProcess
OpenMutexW
ReleaseMutex
FormatMessageW
DeviceIoControl
IsDebuggerPresent
OutputDebugStringW
EncodePointer
RtlUnwind
IsProcessorFeaturePresent
GetCommandLineW
HeapReAlloc
CreateThread
ExitThread
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
SetLastError
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
CreateSemaphoreW
GetStdHandle
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetCPInfo

user32

UnregisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
PostThreadMessageW

advapi32

FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetLengthSid

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
SysFreeString

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfa4c649a2742527552fa7065dfcff68

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 668KB - Virtual size: 667KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 668KB - Virtual size: 667KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 30KB - Virtual size: 29KB