fd0b9f09770685ed6f40ecabcd31bc467fa22801164b52fdc638334009b7c06f

Sharing

Copy URL

Twitter E-mail

General

Target

fd0b9f09770685ed6f40ecabcd31bc467fa22801164b52fdc638334009b7c06f
Size

367KB
MD5

3cbea05bf7a1affb821e379b1966d89c
SHA1

95f90554fb2ef20a64be9f6e81ff35c353392093
SHA256

fd0b9f09770685ed6f40ecabcd31bc467fa22801164b52fdc638334009b7c06f
SHA512

aa5b6e920ecae76a59a8f4afd6ab5e49e35478d1cfd2c03e6a4a8efab78c4556a37de5d8ab2401ef02c5de2cdc6da1ae56094fb5316f309212dda9cee4815f8d
SSDEEP

6144:dysu2PiMxOhV979ISqYp/0/vHDZPakPaeVAEtPhRybA6G:dDHqRqkAvjZbPa7E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd0b9f09770685ed6f40ecabcd31bc467fa22801164b52fdc638334009b7c06f

Files

fd0b9f09770685ed6f40ecabcd31bc467fa22801164b52fdc638334009b7c06f
.exe windows x64

6f8f4c15462c7017c5ede7dcae9c5f4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

AcquireCredentialsHandleW
QuerySecurityContextToken
AcceptSecurityContext

kernel32

GetModuleHandleW
GetProcAddress
WideCharToMultiByte
WTSGetActiveConsoleSessionId
GetLastError
GetCurrentProcess
CreateThread
CreateFileW
Sleep
GetLogicalProcessorInformation
HeapReAlloc
HeapSize
WriteConsoleW
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
CloseHandle
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
DecodePointer
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
GetStdHandle
WriteFile
MultiByteToWideChar
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
GetFileType
GetStringTypeW

advapi32

CreateProcessWithTokenW
SystemFunction036
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountSidW
CopySid
GetLengthSid
GetTokenInformation
CreateProcessAsUserW

ole32

CoTaskMemAlloc
CLSIDFromString
StgCreateDocfileOnILockBytes
CoGetInstanceFromIStorage
CoInitialize
CreateILockBytesOnHGlobal

ws2_32

freeaddrinfo
setsockopt
shutdown
recv
send
closesocket
bind
WSAGetLastError
socket
WSACleanup
getaddrinfo
WSAStartup
accept
select
listen
__WSAFDIsSet
connect

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f8f4c15462c7017c5ede7dcae9c5f4b

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ole32

ws2_32

Sections

.text Size: 243KB - Virtual size: 242KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 9KB - Virtual size: 14KB

.pdata Size: 16KB - Virtual size: 15KB

.gfids Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 243KB - Virtual size: 242KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 9KB - Virtual size: 14KB

.pdata
Size: 16KB - Virtual size: 15KB

.gfids
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB