764a964ab9efffc2ec3625b62ae6d0fedab076e8f79513877db41b4699a39d30

Sharing

Copy URL

Twitter E-mail

General

Target

764a964ab9efffc2ec3625b62ae6d0fedab076e8f79513877db41b4699a39d30
Size

449KB
MD5

7eb501e8240ff1a0fa1bcf1c32dac522
SHA1

d5a62d1b30c7c5dd9d8f35d7038eea6bb7fa160c
SHA256

764a964ab9efffc2ec3625b62ae6d0fedab076e8f79513877db41b4699a39d30
SHA512

aff845acf5f9c61b9cf28d9c1c56f3907e3ed584a63fea972f9ec946931b13516eba8956293606588b1db22cc4bddba93e4e82b0edd7b0dc75d0f7b08046c173
SSDEEP

12288:dByDA7Uvb5n8phWpbIYL+jbnASKU5OEUcO:dByDA7KJih0L0nAjUsC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
764a964ab9efffc2ec3625b62ae6d0fedab076e8f79513877db41b4699a39d30

Files

764a964ab9efffc2ec3625b62ae6d0fedab076e8f79513877db41b4699a39d30
.exe windows x64

8776ddc69766a26541adea760da50834

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetUserNameW

crypt32

CertCloseStore
CertFindChainInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenSystemStoreW
CertVerifyCertificateChainPolicy

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CloseHandle
CopyFileW
CreateDirectoryW
CreateFileA
CreateFileW
CreateHardLinkW
CreatePipe
CreateProcessW
CreateSymbolicLinkW
CreateThread
DebugBreak
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GenerateConsoleCtrlEvent
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesW
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
GlobalAlloc
GlobalFree
GlobalMemoryStatus
InitializeConditionVariable
InitializeCriticalSection
InitializeSRWLock
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleMode
SetConsoleOutputCP
SetFilePointer
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SuspendThread
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeConditionVariable
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

__doserrno
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_beginthreadex
_cexit
_chmod
_chsize
_close
_endthreadex
_errno
_execve
_execvp
_fdopen
_filelengthi64
_fileno
_fmode
_get_osfhandle
_getpid
_gmtime64
_initterm
_localtime64
_lseeki64
_onexit
_putenv
_read
_stat64
_time64
_utime64
_vsnprintf
_waccess
_wchdir
_wcmdln
_wfopen
_wfreopen
_wgetcwd
_wgetenv
_wopen
_wremove
_wrename
_write
_write
_wstat64
_wsystem
abort
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fprintf
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
islower
isspace
isupper
malloc
rewind
setbuf
signal
strerror
strlen
strncmp
vfprintf
wprintf

ntdll

NtTestAlert
_itoa
atoi
atol
memcmp
memcpy
memmove
memset
qsort
vsprintf
wcslen

secur32

InitSecurityInterfaceW

user32

MessageBoxA
wsprintfW

ws2_32

WSAConnectByNameW
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
htons
inet_ntop
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 194KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8776ddc69766a26541adea760da50834

Headers

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

ntdll

secur32

user32

ws2_32

Sections

.text Size: 141KB - Virtual size: 140KB

.data Size: 19KB - Virtual size: 19KB

.rdata Size: 271KB - Virtual size: 271KB

.pdata Size: 3KB - Virtual size: 2KB

.xdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 194KB

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.text
Size: 141KB - Virtual size: 140KB

.data
Size: 19KB - Virtual size: 19KB

.rdata
Size: 271KB - Virtual size: 271KB

.pdata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 194KB

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B