c7b4364eb36486233ffc72b044b0adfe1b8cd195d9a5505c8a28da1508764c8d

Sharing

Copy URL

Twitter E-mail

General

Target

c7b4364eb36486233ffc72b044b0adfe1b8cd195d9a5505c8a28da1508764c8d
Size

15.7MB
MD5

5ff7979d88a4c4344505260b394066db
SHA1

74b10b872d1397793316cbc86426f3d01c4af37b
SHA256

c7b4364eb36486233ffc72b044b0adfe1b8cd195d9a5505c8a28da1508764c8d
SHA512

c91285337bd295746467d3713d78c25f15127ae0c262895ba6469c486b1bfee0364e279caf168c09891aabb709cc335178bd7d77bcd2e7c0d4d8080269e1b52b
SSDEEP

196608:0fQ4Ltf2i1jKsB60Xpmb+XKrb4FLOyomFHKnPyF1LkcFrXLKPaSjj7bpU:m3tf2AjK66GEIFN1wcFr7KPaS/7VU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7b4364eb36486233ffc72b044b0adfe1b8cd195d9a5505c8a28da1508764c8d

Files

c7b4364eb36486233ffc72b044b0adfe1b8cd195d9a5505c8a28da1508764c8d
.exe windows x86

20c54b833a519008e160d0788a46e75d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsA
CreateDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemDirectoryA
MoveFileExA
TerminateProcess
lstrcmpA
Module32FirstW
Module32NextW
lstrcmpiW
GetVolumeInformationA
LocalFree
WTSGetActiveConsoleSessionId
GetVolumeInformationW
FindFirstFileW
FindNextFileW
SetErrorMode
FindClose
GetLogicalDriveStringsW
GetTickCount
lstrcmpW
GetFileAttributesExA
FindFirstFileA
OutputDebugStringA
DeviceIoControl
FindNextFileA
GetFullPathNameA
GetEnvironmentVariableA
GetLocalTime
RemoveDirectoryA
WaitForMultipleObjects
CreateMutexA
CreateProcessA
SizeofResource
FindResourceA
LockResource
LoadResource
GetFileAttributesW
GetStdHandle
GetFileInformationByHandle
GetCurrentDirectoryW
GetModuleHandleA
SetFileAttributesA
CopyFileA
GetDriveTypeA
MoveFileA
GetModuleFileNameA
TlsGetValue
SystemTimeToFileTime
TlsAlloc
FileTimeToSystemTime
FormatMessageW
Sleep
IsBadCodePtr
TlsSetValue
lstrcmpiA
CreateThread
TerminateThread
InitializeCriticalSection
LoadLibraryW
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
SetEndOfFile
WriteFile
GetFileAttributesA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetModuleHandleW
CreateFileA
SetFilePointer
ReadFile
IsBadReadPtr
FreeLibrary
GetProcAddress
GetNativeSystemInfo
LoadLibraryA
VirtualAlloc
VirtualFree
SetLastError
VirtualProtect
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetFileSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetDriveTypeW
CreatePipe
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
GetFileAttributesExW
SetFilePointerEx
GetConsoleCP
SetStdHandle
ExitThread
RtlUnwind
CreateTimerQueue
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
ConvertFiberToThread
GlobalMemoryStatus
DeleteFiber
GetModuleHandleExW
ReadConsoleW
OutputDebugStringW
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
CreateEventW
InitializeCriticalSectionAndSpinCount
EncodePointer
GetStringTypeW
ProcessIdToSessionId
QueryPerformanceCounter
GetModuleFileNameW
QueryPerformanceFrequency
GetNumberOfConsoleInputEvents
ReadConsoleInputW
SetConsoleMode
CreateFileW
GetExitCodeProcess
WideCharToMultiByte
CloseHandle
Process32FirstW
Process32NextW
GetLastError
MultiByteToWideChar
SetConsoleTextAttribute
FillConsoleOutputCharacterW
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
WriteConsoleW
WriteConsoleInputW
ReadConsoleA
ResetEvent
ReleaseSemaphore
InterlockedDecrement
GetComputerNameA
CheckRemoteDebuggerPresent
SearchPathA
InterlockedCompareExchange
InterlockedIncrement
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
FormatMessageA
LoadLibraryExW
ReadDirectoryChangesW
GetLongPathNameW
FlushFileBuffers
QueueUserWorkItem
GetConsoleMode
GetFileType
SetNamedPipeHandleState
UnregisterWait
CreateNamedPipeW
LocalAlloc
SwitchToThread
WaitNamedPipeW
ConnectNamedPipe
RegisterWaitForSingleObject
CreateEventA
PeekNamedPipe
SetHandleInformation
DuplicateHandle
GetStartupInfoW
GetEnvironmentVariableW
UnregisterWaitEx
InterlockedExchange
SetConsoleCtrlHandler
CancelIo
SetEvent
TryEnterCriticalSection
CreateSemaphoreA

user32

GetProcessWindowStation
GetUserObjectInformationW
wsprintfW
MessageBoxW

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
LookupAccountNameW
GetUserNameW
ConvertSidToStringSidW
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
RegisterEventSourceW
ReportEventA
DeregisterEventSource
RegOpenKeyA
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
SetFileSecurityA
RegEnumKeyExA
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
CreateProcessAsUserA
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegFlushKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
CryptGenRandom

shell32

SHGetFolderPathA

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoGetObject
CoInitializeSecurity
CoInitialize
CoUninitialize

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
VariantChangeType
VariantClear
SysFreeString
VariantInit

winhttp

WinHttpQueryDataAvailable
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpConnect

shlwapi

PathRemoveFileSpecA
SHDeleteValueA
PathFileExistsA
StrCmpIW
SHSetValueA
SHGetValueA

version

GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAGetLastError
WSASocketW
select
closesocket
WSAIoctl
setsockopt
ioctlsocket
FreeAddrInfoW
bind
htons
inet_addr
shutdown
getsockopt
socket
WSARecv
listen
WSASend
WSADuplicateSocketW
WSARecvFrom
WSAStartup
WSASetLastError
WSACleanup
send
recv

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 521KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mark
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.4QX
Size: 583KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20c54b833a519008e160d0788a46e75d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

winhttp

shlwapi

version

ws2_32

crypt32

wtsapi32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 521KB - Virtual size: 520KB

.data Size: 4.3MB - Virtual size: 4.4MB

.mark Size: 1024B - Virtual size: 560B

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.4QX Size: 583KB - Virtual size: 583KB

.reloc Size: 103KB - Virtual size: 103KB

.rsrc Size: 7.0MB - Virtual size: 7.0MB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 521KB - Virtual size: 520KB

.data
Size: 4.3MB - Virtual size: 4.4MB

.mark
Size: 1024B - Virtual size: 560B

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.4QX
Size: 583KB - Virtual size: 583KB

.reloc
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 7.0MB - Virtual size: 7.0MB