4531c5e90a7b3c1338818951eb897bd45f0f3d8114ee50225af5b07a45f32a19

Sharing

Copy URL Twitter E-mail

General

Target

4531c5e90a7b3c1338818951eb897bd45f0f3d8114ee50225af5b07a45f32a19
Size

380KB
MD5

5c6b8fa8c49ba12d06459fd1080f7c42
SHA1

778f70a176bc54950cdf035c42ce8a739cdb175b
SHA256

4531c5e90a7b3c1338818951eb897bd45f0f3d8114ee50225af5b07a45f32a19
SHA512

eb90c81263af9dacabb7ced9043222b8294b2b581b3e03d573611228a8f69c71f2617f68ced0992ebbd5c6f2184d0893a5c9f72f4142b61b87bae3ae916f6420
SSDEEP

768:n73Supd5Y+BCye2JGONNROG8Lz0n4jlgqWOZPSlPpeZ2dk5sjLqeL:n73SYYcCyYON3OhO4jfWap4Ka

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4531c5e90a7b3c1338818951eb897bd45f0f3d8114ee50225af5b07a45f32a19

Files

4531c5e90a7b3c1338818951eb897bd45f0f3d8114ee50225af5b07a45f32a19
.exe windows x64

cb1ac16ae7d379cb71c0e31717f78860

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateThread
CloseHandle
CreateEventW
GetLastError
GetSystemDirectoryW
GetCurrentThread
CreateNamedPipeW
ConnectNamedPipe
GetComputerNameW
WaitForSingleObject
GetCurrentProcess
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount64
EncodePointer

advapi32

LookupPrivilegeNameW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateNamedPipeClient
DuplicateTokenEx
SetTokenInformation
InitializeSecurityDescriptor
CreateProcessAsUserW
GetTokenInformation
OpenThreadToken
OpenProcessToken

msvcr110

_calloc_crt
__dllonexit
__C_specific_handler
wprintf
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_unlock
_initterm
__winitenv
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
_lock
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_purecall
_initterm_e
_vsnwprintf
memcpy
__CxxFrameHandler3
_CxxThrowException
fflush
__iob_func
malloc
free
wcstoul
memmove
_wcsicmp
_onexit
memset

msvcp110

?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z

rpcrt4

NdrClientCall2
RpcBindingFromStringBindingW
UuidToStringW
RpcStringFreeW
UuidCreate
RpcBindingFree
RpcStringBindingComposeW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb1ac16ae7d379cb71c0e31717f78860

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcr110

msvcp110

rpcrt4

userenv

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 720B

.rsrc Size: 356KB - Virtual size: 356KB

.reloc Size: 1024B - Virtual size: 816B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 720B

.rsrc
Size: 356KB - Virtual size: 356KB

.reloc
Size: 1024B - Virtual size: 816B