8844ae408ec84a1019e7d43d550d268e58d4a14be14b1db53f734b48b31ccc03

Sharing

Copy URL

Twitter E-mail

General

Target

8844ae408ec84a1019e7d43d550d268e58d4a14be14b1db53f734b48b31ccc03
Size

161KB
MD5

f28f1a16e0f63ee0aa2d3f2b8047a8ea
SHA1

eb207fd55b1668ecdcad5812a2e3b5aa1062453a
SHA256

8844ae408ec84a1019e7d43d550d268e58d4a14be14b1db53f734b48b31ccc03
SHA512

6e4410f2abda84b625ac60766d7f334a54bb1c878403a40a740f9e00cd92adefb117ac29a239ad13fff057688fd09d053a5c4e02c5aee5223db622305ae26521
SSDEEP

3072:Mkt/hoF+5H1Q0KZ5ovCWCwfSXZ6CUNJpxOnFQmnoXhjQyVzKPuy3EKub:5/hoFQaWC8aPiJHOnFQQqh0yVzKVm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8844ae408ec84a1019e7d43d550d268e58d4a14be14b1db53f734b48b31ccc03

Files

8844ae408ec84a1019e7d43d550d268e58d4a14be14b1db53f734b48b31ccc03
.exe windows x64

c7062fca11499c82425de84fad6079c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSize
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
Process32NextW
LockResource
Process32FirstW
HeapReAlloc
CloseHandle
CreateThread
LoadResource
FindResourceW
HeapAlloc
GetProcAddress
GetTempPathW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
GetTickCount
LoadLibraryExW
GetACP
LoadLibraryW
LocalFree
ExitProcess
ExitThread
VirtualFree
CompareStringOrdinal
LoadLibraryExA
GetFinalPathNameByHandleW
SizeofResource
HeapFree
FindStringOrdinal
WTSGetActiveConsoleSessionId

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

advapi32

RegEnumValueW
ConvertSidToStringSidW
RegDeleteValueW
LookupAccountNameW
RegOpenKeyExW
RegDeleteKeyValueW
RegQueryInfoKeyW
RegCloseKey
RegGetValueW

ntdll

NtQueryDirectoryFile
NtShutdownSystem
memcpy
RtlAdjustPrivilege
RtlCompareUnicodeString
NtDeleteKey
NtOpenProcessToken
NtQueryVirtualMemory
NtSetIoCompletion
NtCreateSection
_wcsicmp
RtlRandomEx
swprintf_s
sprintf_s
NtQueryInformationProcess
NtDeleteFile
NtQueryInformationToken
strncpy
NtClose
memset
NtCreateEvent
NtCreateKey
NtWaitForSingleObject
NtOpenFile
NtLoadDriver
NtQuerySystemInformation
NtTerminateThread
NtCreateIoCompletion

wintrust

WinVerifyTrust

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7062fca11499c82425de84fad6079c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

wintrust

wtsapi32

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 26KB

.pdata Size: 1024B - Virtual size: 840B

.rsrc Size: 87KB - Virtual size: 87KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 26KB

.pdata
Size: 1024B - Virtual size: 840B

.rsrc
Size: 87KB - Virtual size: 87KB