fee1083c77ebd6773eb19a223acd8a9d7f6cca21e4a1034ed5438005a92f487e

Sharing

Copy URL Twitter E-mail

General

Target

fee1083c77ebd6773eb19a223acd8a9d7f6cca21e4a1034ed5438005a92f487e
Size

271KB
MD5

8fcc97b9b32d315b32999be2206b74dc
SHA1

0493a9a98a202d2c97b1df9b57f644887dfc7dcd
SHA256

fee1083c77ebd6773eb19a223acd8a9d7f6cca21e4a1034ed5438005a92f487e
SHA512

e3583bcb03c6fcfb0b628996cf4aefa3ce36bc777b57f46e76cd15e5c06b74cf9dd4b37612587424901fc18785b9084c45d23a1a36150f3ea75c46f7f254729b
SSDEEP

6144:3stvBlGF43DMW8+e7xJBnyGbpokIiNX7zLFMkhnTa:3oBlGF43oW8/jBnyG3I47z5h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fee1083c77ebd6773eb19a223acd8a9d7f6cca21e4a1034ed5438005a92f487e

Files

fee1083c77ebd6773eb19a223acd8a9d7f6cca21e4a1034ed5438005a92f487e
.exe windows x64

ed39822279c50a21295f07f48994c242

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeGetTime

ntdll

NtTerminateProcess
RtlInitString
RtlCompareString
RtlUnicodeStringToAnsiString
NtWriteVirtualMemory
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
NtMapViewOfSection
NtQuerySection
NtOpenSection
NtUnmapViewOfSection
NtQuerySystemInformation
RtlCompareUnicodeString
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
NtReadVirtualMemory
RtlNtStatusToDosError
RtlInitUnicodeString
NtQueryInformationProcess
NtCreateSection

ws2_32

htons
recv
connect
socket
send
inet_pton
shutdown
select
closesocket
__WSAFDIsSet
WSACleanup
WSAStartup

iphlpapi

GetAdaptersInfo

kernel32

LockResource
CreatePipe
GetFileSizeEx
OpenThread
SetThreadContext
GetThreadContext
SuspendThread
Wow64GetThreadContext
Wow64SetThreadContext
VirtualProtect
FormatMessageA
LocalFree
OutputDebugStringA
LoadLibraryW
VirtualQueryEx
VirtualQuery
MultiByteToWideChar
GetCurrentProcessId
ExitProcess
FindResourceW
LoadResource
VirtualAllocEx
ReadFile
FindFirstFileA
VirtualFree
WriteFile
VirtualAlloc
FindNextFileA
lstrlenA
FindClose
GetLastError
CreateFileA
CloseHandle
GetLocalTime
GetFileSize
CreateDirectoryA
GetFileTime
GetVolumeInformationW
CreateDirectoryW
GetModuleFileNameA
RemoveVectoredExceptionHandler
GetCurrentProcess
lstrlenW
GetModuleFileNameW
GetCurrentDirectoryA
GetModuleHandleA
OpenProcess
CopyFileA
GetSystemDirectoryA
WritePrivateProfileStringA
AddVectoredExceptionHandler
GetProcAddress
ReadProcessMemory
GetModuleHandleW
GetPrivateProfileStringA
GetTickCount
FindFirstFileW
FindNextFileW
TerminateProcess
QueryFullProcessImageNameA
CreateToolhelp32Snapshot
Sleep
Process32NextW
TerminateThread
Process32FirstW
CreateThread
FileTimeToLocalFileTime
SystemTimeToFileTime
CreateProcessA
GetProcessTimes
GetExitCodeProcess
GetCurrentThreadId
SizeofResource
WriteProcessMemory
SetLastError
WaitForSingleObject
CreateFileW
ResumeThread
LoadLibraryA

user32

LoadMenuW
GetMessageW
PostThreadMessageW
GetWindowTextW
SetWindowPos
GetWindow
GetWindowLongW
SetWindowLongW
TrackPopupMenu
GetSubMenu
IsWindowVisible
CallNextHookEx
SwitchToThisWindow
SendMessageA
FlashWindowEx
GetCursorPos
DefWindowProcW
DestroyWindow
SetWindowLongPtrW
CreateDialogParamW
EndDialog
DispatchMessageW
TranslateMessage
DialogBoxParamW
ExitWindowsEx
EnumWindows
MessageBoxA
GetWindowLongPtrW
SendMessageW
MessageBoxW
GetWindowThreadProcessId
SetDlgItemTextA
SetDlgItemTextW
GetDlgItemTextA
EnableWindow
CheckDlgButton
KillTimer
GetDlgItem
SetCursor
LoadCursorW
IsDlgButtonChecked
MapWindowPoints
GetDlgCtrlID
RedrawWindow
SetTimer
GetWindowRect
PostMessageW
LoadIconW
MoveWindow
GetDlgItemTextW
SetWindowTextA
GetWindowTextA
IsHungAppWindow
IsWindow
ShowWindow
GetClassNameA
GetSystemMetrics

gdi32

SetBkMode
SetTextColor
CreateFontW
GetStockObject
CreateSolidBrush

advapi32

RegSetKeyValueA
RegOpenKeyW
RegGetValueA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegOpenCurrentUser
RegCloseKey
RegGetValueW
RegSetKeyValueW
RegCreateKeyW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed39822279c50a21295f07f48994c242

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ntdll

ws2_32

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 170KB - Virtual size: 169KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 512B - Virtual size: 324B

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 512B - Virtual size: 324B