614A57F531C9974D71F0A8AA6B8F309D[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

614A57F531C9974D71F0A8AA6B8F309D.exe
Size

3.6MB
MD5

614a57f531c9974d71f0a8aa6b8f309d
SHA1

da2151de16fbcf52c00cd4c0a71b5b948656259d
SHA256

99f42c6830b8bb20f86e58154492ce1fe2baf579f5aaa300dc767e40b3242c6d
SHA512

07a3afd6ce00ca4b6ea026ff3c1c609361449008e4cf53f05e88370df2e79cd384edc16f321e2e95e169b6fef0d22092987ab8fbf01fab71e51999c8964e9fae
SSDEEP

49152:vPCio0vSgjGKr/vBKbdexKDi8kV+Jxim6P+x:nbqgj/r/q2+rimbx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
614A57F531C9974D71F0A8AA6B8F309D.exe

Files

614A57F531C9974D71F0A8AA6B8F309D.exe
.exe windows x64

7ece47d65941b3e72bb0a2006de482fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
CreateDirectoryW
GetCurrentProcess
GetUserDefaultUILanguage
GetTimeZoneInformation
GetProcAddress
GetModuleHandleW
CopyFileW
QueryFullProcessImageNameW
GetComputerNameA
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetCurrentDirectoryW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
ReadConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetStdHandle
RtlUnwind
LoadLibraryExW
UnmapViewOfFile
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFileAttributesExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
WriteConsoleW
RtlPcToFileHeader
RtlUnwindEx
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
SleepEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
MoveFileExA
SetLastError
LoadLibraryA
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
InitializeSListHead
InitializeCriticalSectionEx
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent

user32

EnumWindows
GetKeyboardLayout
SwitchToThisWindow
PostMessageW
GetClassNameW
FindWindowW
GetWindowTextW

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
CheckTokenMembership
FreeSid
RegSetValueExW
RegCreateKeyExW
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetKnownFolderPath

ole32

CoTaskMemFree

urlmon

ObtainUserAgentString

ws2_32

getpeername
gethostname
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
ioctlsocket
sendto

crypt32

PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx

wldap32

ord30
ord200
ord301
ord35
ord33
ord32
ord27
ord26
ord22
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord79
ord41

bcrypt

BCryptGenerateSymmetricKey
BCryptCreateHash
BCryptGenRandom
BCryptFinishHash
BCryptDestroyKey
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptDestroyHash
BCryptSetProperty

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ece47d65941b3e72bb0a2006de482fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

urlmon

ws2_32

crypt32

wldap32

bcrypt

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 265KB - Virtual size: 265KB

.data Size: 1.8MB - Virtual size: 1.8MB

.pdata Size: 63KB - Virtual size: 62KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 265KB - Virtual size: 265KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.pdata
Size: 63KB - Virtual size: 62KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 6KB - Virtual size: 6KB