9ba64425177536d4660b03ed24a4d9ddfd4fec8da4b5134a6e1c7675be462e78

Sharing

Copy URL Twitter E-mail

General

Target

9ba64425177536d4660b03ed24a4d9ddfd4fec8da4b5134a6e1c7675be462e78
Size

361KB
MD5

e825d030a288674bd828ba70489aa135
SHA1

af2e5e6710fc870c47da70727b06e2e3d31a3e3c
SHA256

9ba64425177536d4660b03ed24a4d9ddfd4fec8da4b5134a6e1c7675be462e78
SHA512

caa3c8c01b075f5052c779f04df004fa88dbf3f721499e3ee0e4c0f6c6fcb6f4bb148f86ba2de26457872f0c34536455f6e13e197179856188e4d598bca73b3c
SSDEEP

6144:QE42dMyyr63wTbSWnDOPv0P0h4e4cUFMHNwTEl7:QE0ykSieJbHgy7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ba64425177536d4660b03ed24a4d9ddfd4fec8da4b5134a6e1c7675be462e78

Files

9ba64425177536d4660b03ed24a4d9ddfd4fec8da4b5134a6e1c7675be462e78
.exe windows x86

3fe703beb33da30b7b48478e194c2366

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
CreateThread
GetModuleHandleA
ReadFile
SetDllDirectoryA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetLastError
GetFileAttributesA
CreateFileA
GetFileSize
FindFirstFileA
LoadLibraryExA
FindNextFileA
InitializeCriticalSection
FindClose
WaitForSingleObject
CreateProcessA
CreateEventA

msvcp140

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

libcef

cef_string_utf8_to_utf16
cef_string_utf16_to_utf8
cef_string_utf16_clear
cef_string_utf16_set
cef_command_line_create
cef_string_map_alloc
cef_string_map_free
cef_string_userfree_utf16_free
cef_api_hash
cef_string_list_alloc
cef_string_list_free
cef_v8value_create_string
cef_v8value_create_object
cef_v8value_create_function
cef_string_utf8_clear
cef_enable_highdpi_support
cef_string_utf16_cmp
cef_post_task
cef_v8context_get_entered_context
cef_process_message_create
cef_string_multimap_key
cef_string_list_append
cef_string_multimap_value
cef_string_map_append
cef_string_list_value
cef_string_list_size
cef_string_map_size
cef_string_multimap_size
cef_string_map_value
cef_string_map_key
cef_string_multimap_append
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_list_clear
cef_execute_process

vcruntime140

memcpy
memchr
__CxxFrameHandler3
__std_type_info_compare
_except_handler4_common
memmove
_purecall
__std_terminate
__vcrt_InitializeCriticalSectionEx
memset
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_exception_copy
__std_exception_destroy
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_c_exit
_cexit
__p___argv
__p___argc
_controlfp_s
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
terminate
_initialize_onexit_table
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_crt_atexit

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
malloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

logext140

Logging

user32

GetWindowThreadProcessId
SendMessageA

Sections

.text
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fe703beb33da30b7b48478e194c2366

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

libcef

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

logext140

user32

Sections

.text Size: 275KB - Virtual size: 274KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 3KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 275KB - Virtual size: 274KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 3KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 17KB - Virtual size: 17KB