56d2d05988b6c23232b013b38c49b7a9143c6649d81321e542d19ae46f4a4204[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

56d2d05988b6c23232b013b38c49b7a9143c6649d81321e542d19ae46f4a4204.exe
Size

1.6MB
MD5

e4e927c949b4f820dcee4dd82083a4e4
SHA1

e4b1bb4057a2017e1b67009f2fea1a226365a628
SHA256

56d2d05988b6c23232b013b38c49b7a9143c6649d81321e542d19ae46f4a4204
SHA512

498ad6882040747bcf297e62e39680ee0c394c27e39f0c19fd7c2ac1419a5a6339f56568006556192bec14f5d59988be0904391419951aac8b5011bc5aa1c84f
SSDEEP

24576:Fgl2UKhxmBAoDMNDKueUtM+mEQ5ZuiOH8ZauQrHF2wXvzfh07VHYSL7hia4abGuK:kZDMYuxM+mEQWcZauSHDX90hJphTG7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56d2d05988b6c23232b013b38c49b7a9143c6649d81321e542d19ae46f4a4204.exe

Files

56d2d05988b6c23232b013b38c49b7a9143c6649d81321e542d19ae46f4a4204.exe
.exe windows x64

e81f704fa93960b9035ac4b7e38d305e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

UuidCreate

ws2_32

WSAStartup
getaddrinfo
freeaddrinfo
WSAGetLastError
recv
connect
socket
closesocket
shutdown
GetNameInfoW
send

iphlpapi

GetAdaptersAddresses
GetBestInterfaceEx

shlwapi

StrStrW
StrRStrIW
StrRChrA
PathFindFileNameW

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSetOption

userenv

CreateEnvironmentBlock

secur32

GetUserNameExW

kernel32

GetUILanguageInfo
UnregisterApplicationRecoveryCallback
ReadConsoleOutputAttribute
VirtualQueryEx
QueryIdleProcessorCycleTime
GetErrorMode
FreeConsole
GetStringScripts
VirtualQuery
AddSecureMemoryCacheCallback
SetConsoleWindowInfo
FreeResource
IsBadStringPtrW
SetEnvironmentStringsA
GetThreadUILanguage
FatalAppExitA
GetWindowsDirectoryA
ResetWriteWatch
SetConsoleCursorInfo
GetSystemDirectoryA
GetTimeFormatEx
LocalHandle
EnumTimeFormatsEx
GetDateFormatW
GetProcessHeap
HeapFree
GetCurrentProcess
TerminateProcess
ExitThread
GetLastError
SetLastError
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
GetCurrentProcessId
GetComputerNameExW
CreateFileA
CloseHandle
GetModuleHandleA
GetProcAddress
GetVersionExW
GetCurrentThreadId
OpenThread
WaitForSingleObject
CreateThread
Sleep
TerminateThread
ResumeThread
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
Process32NextW
LocalFree
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesW
FindFirstFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindClose
CreateDirectoryW
CreateFileW
GetFileSize
ReadFile
SleepEx
WriteFile
OpenProcess
HeapAlloc
CreatePipe
SetHandleInformation
Wow64DisableWow64FsRedirection
CreateProcessW
Wow64RevertWow64FsRedirection
GetProcessId
QueryFullProcessImageNameW
FormatMessageA
CreateRemoteThread
Wow64SetThreadContext
Wow64GetThreadContext
GetThreadContext
SetThreadContext
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
LoadLibraryA
InitializeCriticalSection
EnterCriticalSection
GetGeoInfoW
DeleteCriticalSection
FindNextFileA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ConvertDefaultLocale
TryEnterCriticalSection
InitOnceExecuteOnce
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileType
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetConsoleMode
SetFilePointerEx
SetStdHandle
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
FlushFileBuffers
GetConsoleCP
HeapSize
WriteConsoleW
GetSystemDefaultUILanguage
GetSystemTime
SetConsoleScreenBufferInfoEx
GetModuleFileNameW
SetConsoleScreenBufferSize
GetSystemInfo
GetNumaProcessorNode
ZombifyActCtx
SignalObjectAndWait
BackupRead
CreateWaitableTimerA
GetCurrencyFormatA
OpenPrivateNamespaceA
CancelSynchronousIo
GetThreadPreferredUILanguages
SuspendThread
VirtualProtect
CreateMutexA
ReleaseMutex
DuplicateHandle
GetDllDirectoryW
InitializeCriticalSectionEx
RequestDeviceWakeup
CreateEventA
ResetEvent
SetEvent
AcquireSRWLockShared
ReleaseSRWLockShared
DisconnectNamedPipe
LocalAlloc
CreateNamedPipeA
CancelIoEx
GetOverlappedResult
ConnectNamedPipe
LeaveCriticalSection

user32

GetDC
EnumDisplaySettingsW
SetWindowLongPtrW
DrawStateA
CharLowerW
ChangeMenuA
WindowFromPoint
SetUserObjectSecurity
GetGUIThreadInfo
DefFrameProcA
EqualRect
GetThreadDesktop
GetMonitorInfoW
GetClassInfoExW
GetInputState
ShowCursor
RegisterDeviceNotificationA
ScreenToClient
CharPrevA
IsWindowUnicode
EndMenu
IsDialogMessageW
SetWinEventHook
LockSetForegroundWindow
GetUserObjectSecurity
GetClassLongPtrA
keybd_event
MoveWindow
InflateRect
MessageBeep
LoadMenuW
ClipCursor
SetProcessWindowStation
InvertRect
GetCaretPos
MapWindowPoints
GetNextDlgTabItem
GetPhysicalCursorPos
CloseWindowStation
GetWindowContextHelpId
CancelShutdown
SetProcessDefaultLayout
IsCharUpperW
DragDetect
NotifyWinEvent
CharNextExA
GetWindow
GetDialogBaseUnits
LoadMenuA
CharUpperBuffA
UnregisterDeviceNotification
WindowFromDC
EnumPropsExA
CopyImage
GetParent
GetWindowTextA
CheckMenuRadioItem
SoundSentry
MapDialogRect
DrawMenuBar
GetCursorPos
wsprintfW
RegisterDeviceNotificationW
DisableProcessWindowsGhosting
DrawIconEx

gdi32

ModifyWorldTransform
CreateRoundRectRgn
PolylineTo
Chord
GetTextExtentPoint32A
GdiComment
ResetDCW
CreateDIBPatternBrushPt
CreatePolyPolygonRgn
SetMapperFlags
SetICMProfileW
CreatePatternBrush
SetRectRgn
GetCharABCWidthsI
GetTextExtentPoint32W
DeleteMetaFile
PolyDraw
GetEnhMetaFileDescriptionW
GetCurrentPositionEx
GetCharWidthI
SetPixel
CreateICA
GetTextMetricsA
ExtEscape
UnrealizeObject
GdiAlphaBlend
ChoosePixelFormat
GetGraphicsMode
GetROP2
Polyline
GetTextExtentPointI
RoundRect
GetWinMetaFileBits

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
PrivilegeCheck
GetUserNameW
OpenProcessToken
LogonUserW
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessAsUserW
CreateProcessWithTokenW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountSidW
DuplicateTokenEx
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
AdjustTokenPrivileges

shell32

ord179
ExtractIconExW
SHGetLocalizedName
SHGetStockIconInfo
AssocCreateForClasses
SHFreeNameMappings
SHFileOperationW
CommandLineToArgvW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e81f704fa93960b9035ac4b7e38d305e

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

ws2_32

iphlpapi

shlwapi

winhttp

userenv

secur32

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 241KB - Virtual size: 240KB

.data Size: 6KB - Virtual size: 27KB

.pdata Size: 59KB - Virtual size: 59KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 241KB - Virtual size: 240KB

.data
Size: 6KB - Virtual size: 27KB

.pdata
Size: 59KB - Virtual size: 59KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB