f50c03e8baa0c36d0837b44d40f537203de7186a2bb45f617e941d1d8b263f03

Sharing

Copy URL

Twitter E-mail

General

Target

f50c03e8baa0c36d0837b44d40f537203de7186a2bb45f617e941d1d8b263f03
Size

2.9MB
MD5

c8767282d6688bb581f19df794c6c9ad
SHA1

d6f2b6b55f5e8e3245e2facb3122325216df441d
SHA256

f50c03e8baa0c36d0837b44d40f537203de7186a2bb45f617e941d1d8b263f03
SHA512

2300e54f2d4515c05840de96dc64e972ca7c3afbeae8afdc2292f319705c03abbe5e7bae92819dfe79ee22e10e90d50ebb89c518e496c6b10b69fbed9a5d8008
SSDEEP

49152:81zAwjaqt5c2LTBPqDs65Ux2kO6ue3Ar1hk1J4r1l6XD4djoZ9txriPXBK:1/x5Ux7MqJmSXyG9Xi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f50c03e8baa0c36d0837b44d40f537203de7186a2bb45f617e941d1d8b263f03

Files

f50c03e8baa0c36d0837b44d40f537203de7186a2bb45f617e941d1d8b263f03
.exe windows x64

27596a22c84234fb3be45d2300f1de59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameA
LoadLibraryExA
FindClose
FindFirstFileA
lstrcpynA
lstrcatA
GetCurrentProcessId
GetSystemTime
GetLocalTime
lstrcpyA
CreateFileA
CloseHandle
DeviceIoControl
GetVersionExA
lstrcmpiA
lstrlenA
TerminateProcess
OpenProcess
GetFileSize
ReadFile
SetFilePointer
GetVersion
GetTickCount
LoadResource
LockResource
SizeofResource
FindResourceA
WriteFile
WaitForSingleObject
CreateProcessA
GetTempPathA
GetDiskFreeSpaceA
GetDriveTypeA
SetErrorMode
ReleaseSemaphore
GetSystemDirectoryA
FreeLibrary
GlobalAlloc
GlobalUnlock
LocalLock
LocalFree
CreateSemaphoreA
GetLogicalDriveStringsA
GetPrivateProfileStringA
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
RaiseException
DecodePointer
IsBadReadPtr
LoadLibraryA
GetProcAddress
EncodePointer
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleA
IsDebuggerPresent
IsProcessorFeaturePresent
RtlPcToFileHeader
DuplicateHandle
GetCommandLineA
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetConsoleMode
ReadConsoleW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetFileType
GetExitCodeProcess
CreatePipe
GetModuleFileNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
SetStdHandle
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
CompareStringW
LCMapStringW
GetStringTypeW
GetFileAttributesExW
OutputDebugStringW
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
SetEndOfFile
LoadLibraryW
GlobalMemoryStatus
GetVersionExW
VirtualProtectEx
VirtualFree
VirtualAlloc
GetSystemInfo
GetSystemTimeAsFileTime
GetCurrentProcess

user32

GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
wsprintfA
LoadCursorA
SetCursor
MessageBoxA
MessageBoxW

advapi32

RegOpenKeyExA
ReportEventW
DeregisterEventSource
RegCloseKey
RegEnumKeyExA
RegisterEventSourceW

netapi32

Netbios

Sections

.text
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27596a22c84234fb3be45d2300f1de59

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

Sections

.text Size: 403KB - Virtual size: 402KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 1.1MB - Virtual size: 1.2MB

.pdata Size: 22KB - Virtual size: 21KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 403KB - Virtual size: 402KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 1.1MB - Virtual size: 1.2MB

.pdata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 13KB - Virtual size: 12KB