4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12.exe
Size

4.0MB
MD5

1b97f1c8a03b0f4a6132d8960bc66737
SHA1

76c0ff36342891ee632ce856d03af6957d9614e3
SHA256

4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12
SHA512

04cec2c5d7aa4bcc506c427d245f94bf704019d7749bc35706726722fa6c455c75da79c342dbe05c5805f86322a08edb27679194f024285fee0f79d73ec6ff39
SSDEEP

49152:r2r2M/8Y+1zE3usDbOnwsHrYDUFsjVeYBCwyNP4lb3aDVRe+9v2wNNHbEUPTs:O2hdEMX5Re+VHEU7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12.exe

Files

4aeb348bd9cdcc8ec42396d66114c1e9945388f71103ccc5e8f042d43c7a8e12.exe
.exe windows x64

3e34c7cf8ebcd83928951070ad6b559c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetExitCodeProcess
GetCurrentThreadId
LocalFree
VirtualQueryEx
GetFileInformationByHandle
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
GetProcessIoCounters
GetSystemTimes
RtlVirtualUnwind
ReadProcessMemory
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
GetCurrentProcessId
GetTickCount64
IsDebuggerPresent
UnhandledExceptionFilter
GlobalMemoryStatusEx
InitializeSListHead
GetLogicalDrives
GetDiskFreeSpaceExW
HeapAlloc
GetLastError
HeapFree
GetProcessHeap
CreateFileW
GetSystemInfo
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentProcess
DuplicateHandle
SetUnhandledExceptionFilter
GetModuleHandleA
GetProcAddress
GetComputerNameExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetHandleInformation
GetProcessTimes
OpenProcess
CloseHandle
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
CreateThread
WriteConsoleW
MultiByteToWideChar
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetFileAttributesW
CreateProcessW
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
GetWindowsDirectoryW
SetFileCompletionNotificationModes
GetSystemDirectoryW
Sleep
WaitForMultipleObjects
CreateNamedPipeW
GetFullPathNameW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
ExitProcess
GetCommandLineW
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
CreateEventW
CancelIo
GetConsoleMode
GetModuleFileNameW
GetModuleHandleW
FormatMessageW
IsProcessorFeaturePresent

shell32

CommandLineToArgvW
SHGetFolderPathW

advapi32

RegOpenKeyExW
RegQueryValueExW
GetUserNameW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
SystemFunction036
RegCloseKey
IsValidSid
GetLengthSid
CopySid

user32

GetSystemMetrics

ntdll

RtlNtStatusToDosError
NtCreateFile
NtQuerySystemInformation
NtDeviceIoControlFile
NtCancelIoFileEx
NtQueryInformationProcess
RtlGetVersion

psapi

GetPerformanceInfo
GetModuleFileNameExW

pdh

PdhCollectQueryData
PdhOpenQueryA
PdhRemoveCounter
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhCloseQuery

powrprof

CallNtPowerInformation

iphlpapi

GetIfEntry2
GetIfTable2
FreeMibTable
GetAdaptersAddresses

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantClear

netapi32

NetUserGetInfo
NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

secur32

LsaGetLogonSessionData
LsaEnumerateLogonSessions
AcceptSecurityContext
LsaFreeReturnBuffer
EncryptMessage
InitializeSecurityContextW
AcquireCredentialsHandleA
FreeCredentialsHandle
QueryContextAttributesW
DeleteSecurityContext
ApplyControlToken
DecryptMessage
FreeContextBuffer

bcrypt

BCryptGenRandom

ws2_32

getpeername
WSASocketW
bind
ioctlsocket
getsockname
getsockopt
shutdown
connect
recv
send
WSASend
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
closesocket
getaddrinfo

crypt32

CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertDuplicateStore
CertCloseStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertFreeCertificateChain
CertFreeCertificateContext

vcruntime140

__current_exception
__CxxFrameHandler3
memcpy
memset
__current_exception_context
memmove
memcmp
_CxxThrowException
__C_specific_handler

api-ms-win-crt-math-l1-1-0

ceil
__setusermatherr

api-ms-win-crt-string-l1-1-0

wcslen

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

__p___argc
terminate
_crt_atexit
_exit
exit
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_initterm
__p___argv
_cexit
_get_initial_narrow_environment
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e34c7cf8ebcd83928951070ad6b559c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

advapi32

user32

ntdll

psapi

pdh

powrprof

iphlpapi

ole32

oleaut32

netapi32

secur32

bcrypt

ws2_32

crypt32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 163KB - Virtual size: 162KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 163KB - Virtual size: 162KB

.reloc
Size: 21KB - Virtual size: 21KB