34491374b9ac9a5e64acd5ea0412fcbbc09ac000a190286912b8037250bbbe5f

Sharing

Copy URL Twitter E-mail

General

Target

34491374b9ac9a5e64acd5ea0412fcbbc09ac000a190286912b8037250bbbe5f
Size

5.5MB
MD5

fd6e4d24f5d3e265022b8a7ff1069cda
SHA1

52012dc73f8c17c74c65926eeec4632a0711b289
SHA256

34491374b9ac9a5e64acd5ea0412fcbbc09ac000a190286912b8037250bbbe5f
SHA512

467ac5115dfcecf8469164ed034f7c6f517ec2913e4857d0e1a1574e1daa1cfd4ea192fe285dc4792a0b7dbb714217d42cb07321274460795174fbbd4bfff88e
SSDEEP

49152:ilDc9yD/iya+L4p2qw+16tDOYOtWeHsHktTKiXE6m0lKg5ggbjvwLwdBDyajl7g2:RCCBKL8ZnrTUzQHe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34491374b9ac9a5e64acd5ea0412fcbbc09ac000a190286912b8037250bbbe5f

Files

34491374b9ac9a5e64acd5ea0412fcbbc09ac000a190286912b8037250bbbe5f
.exe windows x64

3ee47834ccfa87cf821f5af14980052a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCancelIoFileEx
NtCreateFile
NtWriteFile
RtlCaptureContext
RtlLookupFunctionEntry
NtReadFile
RtlVirtualUnwind

kernel32

SleepConditionVariableSRW
GetSystemInfo
TryAcquireSRWLockExclusive
CloseHandle
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GetCurrentProcessId
SetHandleInformation
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
FindClose
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
GetProcAddress
SetLastError
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetFilePointerEx
GetStdHandle
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentThreadId
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
GetConsoleMode
InitializeSListHead
GetModuleHandleW
FormatMessageW
ExitProcess
GetFullPathNameW
IsDebuggerPresent
MultiByteToWideChar
WriteConsoleW
CreateThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetEnvironmentVariableW
GetCurrentDirectoryW

advapi32

RegOpenKeyExW
SystemFunction036
RegCloseKey
RegQueryValueExW

secur32

EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
DecryptMessage
QueryContextAttributesW
ApplyControlToken
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext

crypt32

CertOpenStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateStore

ws2_32

shutdown
recv
getsockname
connect
bind
WSASocketW
send
WSASend
WSAIoctl
getsockopt
setsockopt
ioctlsocket
closesocket
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
getpeername

bcrypt

BCryptGenRandom

vcruntime140

__CxxFrameHandler3
memcpy
memset
__C_specific_handler
memmove
memcmp
__current_exception_context
__current_exception
_CxxThrowException

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_register_onexit_function
_configure_narrow_argv
_initialize_onexit_table
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_crt_atexit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
terminate

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ee47834ccfa87cf821f5af14980052a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

secur32

crypt32

ws2_32

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 311KB - Virtual size: 311KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 311KB - Virtual size: 311KB

.reloc
Size: 23KB - Virtual size: 22KB