69876ccb6cc9e4fdadde03f437064329166e3799a66575de3f52d93ca87b2831

Sharing

Copy URL

Twitter E-mail

General

Target

69876ccb6cc9e4fdadde03f437064329166e3799a66575de3f52d93ca87b2831
Size

3.5MB
MD5

2e53c627f8246a03608774dc5f82ca5e
SHA1

e1b7de10bb804092b9788a48b5f9eb3283f58b90
SHA256

69876ccb6cc9e4fdadde03f437064329166e3799a66575de3f52d93ca87b2831
SHA512

63dcdbc78f17a75908cb3d784e579f30071c440ed27dbeee1fac352958abe987daf53dfa85fb8e72b6698ba1ee9f50dea82ef72076a62f8dc590b245f62191c9
SSDEEP

98304:uasaEiXKLmvgPq1CjckxnseLJl9KdAPEFUA2V:kseLL9KYV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69876ccb6cc9e4fdadde03f437064329166e3799a66575de3f52d93ca87b2831

Files

69876ccb6cc9e4fdadde03f437064329166e3799a66575de3f52d93ca87b2831
.exe windows x86

1873908a321c61586d6e5789d91754ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTime
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleA
SetConsoleMode
CancelIo
WaitNamedPipeA
CreateFileA
CreateEventA
SetHandleInformation
GetOverlappedResult
CompareFileTime
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetEnvironmentVariableA
SleepEx
InitializeCriticalSection
SetEndOfFile
FindFirstFileExW
GetProcessHeap
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
MoveFileExW
GetFileAttributesExW
GetTimeZoneInformation
SetStdHandle
GetFullPathNameW
ReadConsoleW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
ExitProcess
GetModuleHandleExW
ExitThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
RtlUnwind
WriteConsoleW
LoadLibraryExW
FreeLibraryAndExitThread
CreateThread
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
WaitForSingleObjectEx
GetStringTypeW
FormatMessageW
GetThreadTimes
GetCurrentThread
SetLastError
GetEnvironmentVariableW
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
GetCommandLineW
HeapFree
GetCurrentProcessId
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
SetFileTime
SetFilePointer
QueryPerformanceCounter
GetSystemTimeAsFileTime
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryW
ReadFile
FindFirstFileW
FindNextFileW
WriteFile
FindClose
CreateFileW
GetFileAttributesW
DeleteFileW
CloseHandle
GetCurrentDirectoryW
TerminateProcess
WaitForSingleObject
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcess
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
WaitForMultipleObjects
CreateEventW
SetEvent
ResetEvent
GetCurrentThreadId
Sleep
GetModuleHandleW
LocalFileTimeToFileTime
FileTimeToSystemTime
QueryPerformanceFrequency

user32

GetUserObjectInformationW
GetProcessWindowStation
FindWindowA
MessageBoxW
SendMessageW
wsprintfW

shell32

ShellExecuteW

ws2_32

shutdown
getnameinfo
gethostname
sendto
recvfrom
ioctlsocket
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send

crypt32

CertGetCertificateContextProperty
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext

wldap32

ord79
ord142
ord167
ord127
ord133
ord26
ord117
ord41
ord208
ord147
ord301
ord27
ord216
ord14
ord46
ord219
ord145

advapi32

CryptGetProvParam
RegCloseKey
CryptReleaseContext
CryptGenRandom
RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegQueryValueExW
SystemFunction036
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
RegCreateKeyExW
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1873908a321c61586d6e5789d91754ba

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

crypt32

wldap32

advapi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 566KB - Virtual size: 566KB

.data Size: 22KB - Virtual size: 45KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 82KB - Virtual size: 82KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 566KB - Virtual size: 566KB

.data
Size: 22KB - Virtual size: 45KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 82KB - Virtual size: 82KB