fef7b5df28973ecf8e8ceffa8777498a36f3a7ca1b4720b23d0df18c53628c40

Sharing

Copy URL Twitter E-mail

General

Target

fef7b5df28973ecf8e8ceffa8777498a36f3a7ca1b4720b23d0df18c53628c40
Size

392KB
MD5

917c94dafe0d2a13c8a4a22d82972353
SHA1

ccfaf50709aba12431bdb0a5a1d892264d9713f1
SHA256

fef7b5df28973ecf8e8ceffa8777498a36f3a7ca1b4720b23d0df18c53628c40
SHA512

2e127c9678f0ca1fed2d003fd94732ce3e67e89f923a0e0b7f3aa7e36c29353de28fe39fbc94d69c2368e8c5ca43a868ee350bc893d734e096ce7ee62e5e6355
SSDEEP

6144:f2+rV9Mm0e3Qw4mIiXhFHykq595DOuL4YmLFh+UJOW:u+p9MmF3QriXhFH1QDOuLrCFIUJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fef7b5df28973ecf8e8ceffa8777498a36f3a7ca1b4720b23d0df18c53628c40

Files

fef7b5df28973ecf8e8ceffa8777498a36f3a7ca1b4720b23d0df18c53628c40
.exe windows x64

d54a895fff2b52347a776c03b711a7a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualProtect
VirtualQuery
GetCurrentProcessId
CreatePipe
GetStartupInfoW
lstrcpyW
CreateProcessW
CloseHandle
GetLastError
ReadFile
ExitProcess
VirtualAlloc
GetCurrentProcess
GetCurrentThreadId
CreateFileW
SetFilePointerEx
GetFileSizeEx
WriteConsoleW
HeapQueryInformation
HeapReAlloc
HeapFree
GetStringTypeW
GetModuleHandleA
OutputDebugStringW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileAttributesExW
GetExitCodeProcess
WaitForSingleObject
WideCharToMultiByte
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
LocalAlloc
LoadLibraryA
GetModuleHandleW
GetProcAddress
SetStdHandle
LoadLibraryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
SetLastError
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlPcToFileHeader
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapSize
HeapValidate
GetSystemInfo
CompareStringW
LCMapStringW

user32

CreateMenu
DestroyMenu
wsprintfW
DispatchMessageW
TranslateMessage
GetMessageW
TrackPopupMenuEx
AppendMenuA
SetMenuInfo
SetWinEventHook
SetWindowsHookExW
CreateWindowExA
RegisterClassExA
CallNextHookEx
UnregisterClassW
SetKeyboardState
GetKeyboardState
SetWindowLongPtrW
RegisterClassW
InternalGetWindowText
SetClassLongPtrW
SendMessageW
DrawIconEx
SetWindowLongPtrA
SetWindowLongW
DestroyWindow
CreateWindowExW
CreatePopupMenu
RegisterClassExW
GetMenuBarInfo
PostQuitMessage
DefWindowProcW

gdi32

GetBitmapBits
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBitmapBits

winspool.drv

AddPrinterDriverExW
EnumPrinterDriversW

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d54a895fff2b52347a776c03b711a7a2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

Sections

.text Size: 275KB - Virtual size: 275KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 3KB - Virtual size: 11KB

.pdata Size: 13KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 275KB - Virtual size: 275KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 3KB - Virtual size: 11KB

.pdata
Size: 13KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB