15c85d13ac09e78d0c99bd2946d9393e5820a29a415a74a87ea4582bbe512bb0

Sharing

Copy URL

Twitter E-mail

General

Target

15c85d13ac09e78d0c99bd2946d9393e5820a29a415a74a87ea4582bbe512bb0
Size

443KB
MD5

ad140573209cac393fbf559d9883c36e
SHA1

11b6f5fe3df2015517897818ccfbfbb8ec659a8b
SHA256

15c85d13ac09e78d0c99bd2946d9393e5820a29a415a74a87ea4582bbe512bb0
SHA512

3f9e9128386d365bd20a0cbb05edf5de807b780de31847b86e1316648cad46a54f1ac08b9a7edf605827adb59f85b1baca5f33934cf6ec5972258871e5083ab0
SSDEEP

6144:Tfe+TLia68rff6bMnpipSRhKhwsymSuPtXF8pzjgeY4UgDDC:jfTLialTSbMYpSRhKhwXmH11yz7Y4U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15c85d13ac09e78d0c99bd2946d9393e5820a29a415a74a87ea4582bbe512bb0

Files

15c85d13ac09e78d0c99bd2946d9393e5820a29a415a74a87ea4582bbe512bb0
.exe windows x64

a7a7263b6607205874904c3e19e221cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathAppendW
StrStrIW

ws2_32

WSAGetLastError
setsockopt
sendto
htons
recvfrom
socket
WSAStartup
inet_pton
closesocket
WSACleanup

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQueryInformationProcess
RtlPcToFileHeader
RtlUnwindEx
RtlGetVersion

kernel32

HeapSize
GetTimeZoneInformation
GetTickCount64
K32GetProcessMemoryInfo
GetDiskFreeSpaceExW
LockResource
HeapReAlloc
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
HeapDestroy
DeleteCriticalSection
ReadProcessMemory
GetProcessHeap
GlobalMemoryStatusEx
K32GetPerformanceInfo
GetProcessTimes
OpenThread
DebugBreakProcess
GetCommandLineW
CreateDirectoryW
EnterCriticalSection
OutputDebugStringA
LeaveCriticalSection
InitializeCriticalSection
GetTempPathW
WaitForSingleObject
GetCurrentThreadId
CreateEventW
GetFileAttributesExW
OutputDebugStringW
TerminateThread
GetLocalTime
GetCurrentProcessId
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTime
SetLastError
WTSGetActiveConsoleSessionId
GetSystemDirectoryW
CreateMutexW
ReleaseMutex
GetTickCount
TerminateProcess
GetProcAddress
GetModuleHandleW
OpenProcess
ReadFile
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
FlushFileBuffers
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
InitializeCriticalSectionEx
K32GetModuleFileNameExW
HeapFree
SizeofResource
CreateProcessW
DebugActiveProcess
CloseHandle
DeleteFileW
SetEvent
GetLastError
DuplicateHandle
DebugActiveProcessStop
CreateFileW
FindClose
GetModuleFileNameW
WriteFile
GetCurrentProcess
FindNextFileW
GetFullPathNameW
FindFirstFileW
FreeEnvironmentStringsW
SetEnvironmentVariableW
ReadConsoleW
WriteConsoleW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
FreeLibrary
GetSystemDefaultLangID
EncodePointer
TlsAlloc
GetCPInfo
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetStdHandle
ExitProcess
SetStdHandle
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
QueryPerformanceCounter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
TlsGetValue

user32

wsprintfW

advapi32

CryptEncrypt
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptDestroyKey
CryptAcquireContextW
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
OpenProcessToken

shell32

SHGetFolderPathW

dbghelp

MiniDumpWriteDump

wtsapi32

WTSQueryUserToken

dbgeng

DebugCreate

Sections

.text
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7a7263b6607205874904c3e19e221cb

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

ntdll

kernel32

user32

advapi32

shell32

dbghelp

wtsapi32

dbgeng

Sections

.text Size: 277KB - Virtual size: 277KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 14KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 277KB - Virtual size: 277KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 14KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB