dfbf5f76bc2011572f15c44c87f99f982a46946f78dcad4f89572ebc56568263

Sharing

Copy URL Twitter E-mail

General

Target

dfbf5f76bc2011572f15c44c87f99f982a46946f78dcad4f89572ebc56568263
Size

119KB
MD5

c08633983a8b4aa38cec92920b1519bf
SHA1

8f6e15d6d30ae75923e5cdde856f0b073877eccf
SHA256

dfbf5f76bc2011572f15c44c87f99f982a46946f78dcad4f89572ebc56568263
SHA512

4a7b9065dc88c5b6dcd4f312f430130023ff7ec8de49f57add073e6bef6aaac0634bd6646708091c35a9a47cc74eaaa809b402e89a59ba241ab2eecda1d21147
SSDEEP

1536:qFd3BqMMAP11TlGddqdzIvzRozCEjjE1XhzWwZbiH4cb3sWjcdlNZ9+9:SdxqMV1Tmw4RoGKjEJZbiHN4lD9E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfbf5f76bc2011572f15c44c87f99f982a46946f78dcad4f89572ebc56568263

Files

dfbf5f76bc2011572f15c44c87f99f982a46946f78dcad4f89572ebc56568263
.exe windows x86

4ff93ebedb9921c3ac2bf814106f0cf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
DeleteCriticalSection
CloseHandle
LocalFree
GetCurrentProcess
GetFileType
GetCommandLineW
SetEvent
CreateEventW
CreateThread
OpenMutexW
TerminateProcess
DecodePointer
WriteConsoleW
SetStdHandle
ProcessIdToSessionId
Process32FirstW
HeapSize
GetLastError
RaiseException
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
OpenProcess
WriteFile
GetProcessHeap
OutputDebugStringW
WaitForSingleObject
HeapFree
HeapAlloc
LCMapStringW
GetStringTypeW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
HeapReAlloc
Sleep
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetProcAddress
GetModuleHandleExW
ExitProcess
RtlUnwind
IsProcessorFeaturePresent
EncodePointer
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
FlushFileBuffers

advapi32

LookupPrivilegeValueW
OpenProcessToken
SetTokenInformation
AdjustTokenPrivileges
ConvertSidToStringSidW
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
DeleteService
ControlService
QueryServiceStatus
OpenServiceW
ChangeServiceConfig2W
CloseServiceHandle
CreateServiceW
OpenSCManagerW
SetServiceStatus
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
DuplicateTokenEx
LookupAccountSidW
CreateProcessAsUserW
GetTokenInformation

shell32

CommandLineToArgvW

shlwapi

PathFileExistsW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ff93ebedb9921c3ac2bf814106f0cf4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

wtsapi32

userenv

secur32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB