8740ac78b4634d147fed92e26a847718ea8b8463b9c8c3527625245282282a40

Sharing

Copy URL Twitter E-mail

General

Target

8740ac78b4634d147fed92e26a847718ea8b8463b9c8c3527625245282282a40
Size

1.4MB
MD5

312c8568148284ac3dc2e5c366af10cf
SHA1

ab6d5c315d16df5375ddaac8f7e448988fcbb75e
SHA256

8740ac78b4634d147fed92e26a847718ea8b8463b9c8c3527625245282282a40
SHA512

65184204a6603403c840b9de08c864ef273c6c3e54821c9e584839efec874dbb941e4c99bfd2925839fca31cefdc7b7eeb27d8bf1913d3a5efa7eaf0e183e35f
SSDEEP

24576:S3jzjUhleGsNAiBMmJMqTfOBPYAskD72dowc/PyQoqvhK1Aay9ZOMEYOPejjz1u3:enjUhleGsNAiBMmJMqTfOBPYAskD72dv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8740ac78b4634d147fed92e26a847718ea8b8463b9c8c3527625245282282a40

Files

8740ac78b4634d147fed92e26a847718ea8b8463b9c8c3527625245282282a40
.exe windows x64

4ee91dd160711ca0f3b109d9a5771341

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetPriorityClass
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
OpenProcess
QueryFullProcessImageNameA
TerminateProcess
FormatMessageA
LocalFree
CreateProcessA
GetLastError
K32EnumProcessModules
K32GetModuleBaseNameA
K32GetModuleInformation
VirtualAlloc
VirtualFree
VirtualAllocEx
GetModuleHandleA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
ReleaseMutex
CreateMutexA
OpenMutexA
LockResource
LoadResource
SizeofResource
FindResourceA

user32

GetDesktopWindow
GetMessageA
GetShellWindow
mouse_event
keybd_event
CallNextHookEx
RegisterHotKey
SetWindowsHookExA
GetSystemMetrics
LoadImageA
GetWindowThreadProcessId
GetForegroundWindow
SetWinEventHook
MessageBoxA
GetWindowRect

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?width@ios_base@std@@QEAA_J_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
_Xtime_get_ticks
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
_Thrd_sleep
_Query_perf_counter
_Query_perf_frequency
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

abort
_invalid_parameter_noinfo_noreturn
_cexit
terminate

vcruntime140

__CxxDetectRethrow
__CxxUnregisterExceptionObject
__FrameUnwindFilter
memcpy
memmove
__CxxRegisterExceptionObject
__CxxQueryExceptionSize
__current_exception_context
__current_exception
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__CxxFrameHandler3
memset
__CxxExceptionFilter

api-ms-win-crt-math-l1-1-0

ceilf

mscoree

_CorExeMain

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ee91dd160711ca0f3b109d9a5771341

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

vcruntime140

api-ms-win-crt-math-l1-1-0

mscoree

Sections

.text Size: 48KB - Virtual size: 47KB

.nep Size: 1024B - Virtual size: 720B

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 1KB - Virtual size: 7KB

.pdata Size: 512B - Virtual size: 336B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 512B - Virtual size: 88B

.text
Size: 48KB - Virtual size: 47KB

.nep
Size: 1024B - Virtual size: 720B

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 1KB - Virtual size: 7KB

.pdata
Size: 512B - Virtual size: 336B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 512B - Virtual size: 88B