dfb6b6a92a90cd6181db3071e804377a86421da015133e0500e6b76af0ebc66d

Sharing

Copy URL Twitter E-mail

General

Target

dfb6b6a92a90cd6181db3071e804377a86421da015133e0500e6b76af0ebc66d
Size

190KB
MD5

f3acccc4620db85dc9925d7067f4958c
SHA1

aad72d5d36c16da3b6009bb0eeec3ee9f2bb41ff
SHA256

dfb6b6a92a90cd6181db3071e804377a86421da015133e0500e6b76af0ebc66d
SHA512

01307f4e524e22e1f5101b20ecce4700d210dde5eedf934c2e3ce65e6a2d4e892c835977b39f668f54d66f19a4fb985914f9ab2bb04de824a189419c29e620f4
SSDEEP

3072:LDostc2QZaEGhiF+WDH69pq9FlnV0eBi6bxVoRjutaXIFiuOuOUWsxh:LDltclZaU7DIpqB1uXI4uM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfb6b6a92a90cd6181db3071e804377a86421da015133e0500e6b76af0ebc66d

Files

dfb6b6a92a90cd6181db3071e804377a86421da015133e0500e6b76af0ebc66d
.exe windows x64

de9f8407921ba960d954bff023aefcb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
GetCurrentProcess
VirtualAlloc
WaitForDebugEvent
TerminateProcess
InitializeProcThreadAttributeList
CreateFileW
ContinueDebugEvent
MultiByteToWideChar
UpdateProcThreadAttribute
LoadLibraryA
DeleteProcThreadAttributeList
HeapAlloc
GetProcAddress
GetProcessHeap
CreateProcessW
SetFilePointerEx
WriteConsoleW
HeapSize
LocalFree
CloseHandle
GetLastError
CreateEventW
LocalAlloc
WaitForSingleObject
HeapReAlloc
SetLastError
GetConsoleMode
GetConsoleOutputCP
GetFileSizeEx
GetFileType
FlushFileBuffers
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
LCMapStringW
CompareStringW
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
FindClose
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetStdHandle
WriteFile

advapi32

CreateWellKnownSid

ole32

CoInitializeEx

oleaut32

SysAllocString
SysFreeString

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
memset
NtClose
NtQueryInformationProcess
__C_specific_handler
strrchr
NtDuplicateObject
strchr
RtlCreateHeap

rpcrt4

RpcBindingSetAuthInfoExW
RpcAsyncInitializeHandle
RpcRaiseException
RpcStringBindingComposeW
RpcBindingFree
RpcAsyncCompleteCall
RpcStringFreeW
RpcBindingFromStringBindingW
NdrAsyncClientCall

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de9f8407921ba960d954bff023aefcb1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

ntdll

rpcrt4

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 3KB - Virtual size: 2KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 172B

.rsrc Size: 65KB - Virtual size: 64KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 3KB - Virtual size: 2KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 172B

.rsrc
Size: 65KB - Virtual size: 64KB

.reloc
Size: 2KB - Virtual size: 1KB