fe1ff50ec148351496dc2c6f0b92d4beab4ac827360dfa7cf1df706fc83402b8

Sharing

Copy URL Twitter E-mail

General

Target

fe1ff50ec148351496dc2c6f0b92d4beab4ac827360dfa7cf1df706fc83402b8
Size

261KB
MD5

8d1072948dd179b1481b3e005abceba6
SHA1

aa884a28c3da8dc3d0912d0f6f5ac74bc9d11719
SHA256

fe1ff50ec148351496dc2c6f0b92d4beab4ac827360dfa7cf1df706fc83402b8
SHA512

75718c31a8c30203bb99c8f06049d32c389c28aef1c320e887e888814db84610251b0e1bc049dab7e4c3484c208d633e4584acd51224aceb494287784ea75fcc
SSDEEP

6144:9yxcIyznxkM1ttx2gYVAjclDygHUpvi2t/woI9L:9HIyz7bLYlDygHUJi2p9I9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe1ff50ec148351496dc2c6f0b92d4beab4ac827360dfa7cf1df706fc83402b8

Files

fe1ff50ec148351496dc2c6f0b92d4beab4ac827360dfa7cf1df706fc83402b8
.exe windows x64

cbd1a40e11c602fc7db70b3446b4cb8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTempPathW
HeapSize
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
Process32NextW
LockResource
Process32FirstW
HeapReAlloc
CloseHandle
CreateThread
LoadResource
FindResourceW
HeapAlloc
GetProcAddress
CompareStringOrdinal
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
GetTickCount
LoadLibraryExW
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
GetACP
LoadLibraryW
SubmitThreadpoolWork
LocalFree
ExitProcess
CreateThreadpoolWork
ExitThread
LoadLibraryExA
GetFinalPathNameByHandleW
VirtualFree
HeapFree
FindStringOrdinal
WTSGetActiveConsoleSessionId
SizeofResource

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

advapi32

ConvertSidToStringSidW
RegDeleteValueW
RegEnumValueW
LookupAccountNameW
RegGetValueW
RegOpenKeyExW
RegDeleteKeyValueW
RegQueryInfoKeyW
RegCloseKey

ntdll

memcpy
NtQueryDirectoryFile
memset
NtShutdownSystem
RtlCompareUnicodeString
NtDeleteKey
NtOpenProcessToken
NtQueryVirtualMemory
NtSetIoCompletion
NtCreateSection
_wcsicmp
RtlRandomEx
swprintf_s
NtQueryInformationProcess
NtDeleteFile
NtQueryInformationToken
strncpy
NtClose
RtlAdjustPrivilege
NtCreateEvent
NtCreateKey
NtWaitForSingleObject
NtOpenFile
NtLoadDriver
NtQuerySystemInformation
NtTerminateThread
NtCreateIoCompletion

wintrust

WinVerifyTrust

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbd1a40e11c602fc7db70b3446b4cb8d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

wintrust

wtsapi32

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 26KB

.pdata Size: 1024B - Virtual size: 840B

.rsrc Size: 188KB - Virtual size: 187KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 26KB

.pdata
Size: 1024B - Virtual size: 840B

.rsrc
Size: 188KB - Virtual size: 187KB