22d90ad1a0e5220ec0772918fa6efdb54604bddab1d5f15156ead1acd5d7aa37[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

22d90ad1a0e5220ec0772918fa6efdb54604bddab1d5f15156ead1acd5d7aa37.exe
Size

869KB
MD5

234d5c09b797b3a775a74034cb1ea33e
SHA1

036037ca20faea5dbc323ab19e110e0ab5b96b1a
SHA256

22d90ad1a0e5220ec0772918fa6efdb54604bddab1d5f15156ead1acd5d7aa37
SHA512

715c36564621f290ee9c06567cda5db8f9d299ebb5f883852710acb7f5176c4bde8416f7ab30d2aabd767e8b398954a223a5ae4e6947bbc13d1c47cb2a8d8ccb
SSDEEP

12288:b6en3mNgypp2UEg32aDZQ08szUZYpuxHXAJ3:b6enW+yL2UEgGaDZgDqpe3AJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22d90ad1a0e5220ec0772918fa6efdb54604bddab1d5f15156ead1acd5d7aa37.exe

Files

22d90ad1a0e5220ec0772918fa6efdb54604bddab1d5f15156ead1acd5d7aa37.exe
.exe windows x64

be79e94f884f2ac27911d883dbd7d900

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcpyA
lstrcpyW
lstrcatW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetDriveTypeW
GetLogicalDrives
AreFileApisANSI
SetFileApisToOEM
SetFileApisToANSI
IsDebuggerPresent
GetErrorMode
GetThreadErrorMode
IsThreadAFiber
HeapAlloc
HeapFree
GetProcessHeap
CreateMutexW
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TerminateProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
TlsAlloc
SetPriorityClass
FlushProcessWriteBuffers
OpenProcess
GetCurrentProcessorNumber
GetSystemTimes
GetVersion
GetTickCount64
GetLargePageMinimum
CreateTimerQueue
CreateThreadpoolCleanupGroup
GetModuleFileNameW
ConvertFiberToThread
VirtualAlloc
GetSystemDEPPolicy
lstrcmpiW
lstrlenA
lstrlenW
WTSGetActiveConsoleSessionId
GetActiveProcessorGroupCount
GetMaximumProcessorGroupCount
UnregisterApplicationRecoveryCallback
UnregisterApplicationRestart
GetACP
GetOEMCP
GetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDefaultLCID
GetUserDefaultLCID
GetThreadUILanguage
FreeConsole
GetConsoleCP
GetConsoleOutputCP
GetConsoleWindow
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
WriteConsoleW
SetFilePointerEx
RaiseException
SetEndOfFile
FlushFileBuffers
ReadConsoleW
GetConsoleMode
HeapReAlloc
GetTickCount
ExitThread
CreateThread
WaitForSingleObject
SetErrorMode
GetLastError
CloseHandle
WriteFile
SetFilePointer
SetFileAttributesW
ReadFile
FindNextFileW
HeapSize
LCMapStringW
FindFirstFileW
FindClose
IsSystemResumeAutomatic
CreateFileW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetCPInfo
IsValidCodePage
FindFirstFileExW
GetFileType
GetModuleHandleExW
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
MultiByteToWideChar

user32

wsprintfW
CharUpperW
CharUpperBuffW
GetFocus
GetForegroundWindow
GetDesktopWindow
CloseClipboard

advapi32

RegDisablePredefinedCacheEx
CreateProcessAsUserW
OpenProcessToken
CryptAcquireContextW
CryptEncrypt
LookupAccountSidW
RevertToSelf
GetTokenInformation
DuplicateTokenEx

shell32

SHGetSpecialFolderPathW

mpr

WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW

shlwapi

StrStrW
PathFindFileNameW

crypt32

CryptImportPublicKeyInfo
CryptDecodeObjectEx
CryptStringToBinaryA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken

rstrtmgr

RmGetList
RmStartSession
RmShutdown
RmRestart
RmEndSession
RmRegisterResources

Sections

.text
Size: 787KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be79e94f884f2ac27911d883dbd7d900

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

mpr

shlwapi

crypt32

userenv

wtsapi32

rstrtmgr

Sections

.text Size: 787KB - Virtual size: 787KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 160B

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 787KB - Virtual size: 787KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 31KB - Virtual size: 30KB