e5d876728d7a8fc90c89473567929e77a2c6d064ee00d9deb4adfb12d0b44af1

Sharing

Copy URL Twitter E-mail

General

Target

e5d876728d7a8fc90c89473567929e77a2c6d064ee00d9deb4adfb12d0b44af1
Size

1.3MB
MD5

4cd16bbb43692d6c7874483074398ecf
SHA1

62c8b466a4d7d340d2cf5834f08cfa0634899f11
SHA256

e5d876728d7a8fc90c89473567929e77a2c6d064ee00d9deb4adfb12d0b44af1
SHA512

20bc1f23edcc9e43840e90f41c9e9c4b2241535d54a58beb4b45793ffdbc282c44dfcc3814cbc746511ef946e818a3102083064976b520c53e30f90882273bd4
SSDEEP

24576:zqFW6w3MEIGew0cnkPQeP+Vqy/XkSpsGMSHfMqGAYAaoOfeUSLOo:zqFW6w3tIV+kZ+Z/0FyMq6jfsLO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5d876728d7a8fc90c89473567929e77a2c6d064ee00d9deb4adfb12d0b44af1

Files

e5d876728d7a8fc90c89473567929e77a2c6d064ee00d9deb4adfb12d0b44af1
.exe windows x64

ef18b6972f196cd4c1302066e1e0cc3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileSectionNamesW
GetGeoInfoW
GetUserGeoID
GetUserDefaultUILanguage
TerminateThread
CreateDirectoryW
GetTickCount
OpenMutexW
GetSystemInfo
OpenFileMappingW
FormatMessageA
GetModuleHandleA
GetFileAttributesW
GetFileSizeEx
GetFullPathNameW
FindResourceExW
LoadResource
CreateMutexA
GetCurrentDirectoryW
FindClose
FindNextFileW
FileTimeToLocalFileTime
GetSystemTime
SystemTimeToFileTime
GetPrivateProfileStringW
OutputDebugStringW
SetLastError
GetCurrentProcessId
OpenMutexA
CreateFileMappingA
OpenFileMappingA
FlushFileBuffers
SetFilePointerEx
GetVolumeInformationA
DeviceIoControl
GetWindowsDirectoryA
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileSize
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStdHandle
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
MoveFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
DeleteFileW
CreateFileW
K32EnumProcesses
GetModuleFileNameW
VirtualQuery
GetNativeSystemInfo
GetVersionExW
DuplicateHandle
GetExitCodeThread
GetExitCodeProcess
WaitForMultipleObjects
CreateEventW
CreateRemoteThread
FlushInstructionCache
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
UnmapViewOfFile
MapViewOfFile
IsWow64Process
ReadFile
SetFilePointer
CreateFileA
DecodePointer
RaiseException
InitializeCriticalSectionEx
OpenEventW
QueryUnbiasedInterruptTime
ResumeThread
AssignProcessToJobObject
CreateProcessW
SetInformationJobObject
GetLastError
CreateJobObjectW
SetEvent
GetCurrentThread
GetProcAddress
GetModuleHandleW
GetCurrentProcess
CheckRemoteDebuggerPresent
IsDebuggerPresent
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
K32GetProcessImageFileNameW
OpenProcess
QueryInformationJobObject
CloseHandle
TerminateJobObject
CreateFileMappingW
CreateMutexW
GetCurrentThreadId
OpenThread
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetTickCount64
ResetEvent
LocalFree
LoadLibraryExW
FreeLibrary
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
SetEndOfFile
GetOEMCP

user32

MsgWaitForMultipleObjectsEx
BroadcastSystemMessageW
IsWindowVisible
GetWindowThreadProcessId
PeekMessageW
FindWindowA
DispatchMessageW
CreateDialogParamW
DestroyWindow
LoadIconW
SendMessageW
PostQuitMessage
SetWindowTextW
RegisterWindowMessageA
TranslateMessage
ShowWindow
SetDlgItemTextW
GetDlgItem
EnumDisplaySettingsW
GetDC
GetForegroundWindow
IsWindow
SetForegroundWindow
BringWindowToTop
SetFocus
ReleaseDC
AttachThreadInput
GetClassNameA
PostMessageW
MessageBoxW
GetSystemMetrics
ChangeDisplaySettingsW
FindWindowW

gdi32

GetDeviceCaps

advapi32

ImpersonateLoggedOnUser
CryptGetHashParam
RegSetValueExA
RegSetKeySecurity
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
ImpersonateSelf
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
CryptGenRandom
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW
RevertToSelf
OpenThreadToken
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetKnownFolderPath

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
CoInitialize

oleaut32

VariantInit
VariantClear
SysFreeString
VariantChangeType
SysAllocString

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

secur32

GetUserNameExW

wininet

HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
InternetQueryOptionA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
InternetGetLastResponseInfoA

ws2_32

WSAStartup
gethostbyname
ntohl

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate

Sections

.text
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pccode
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gchr
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef18b6972f196cd4c1302066e1e0cc3f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

secur32

wininet

ws2_32

iphlpapi

rpcrt4

Sections

.text Size: 430KB - Virtual size: 429KB

.pecode Size: 65KB - Virtual size: 65KB

.pccode Size: 12KB - Virtual size: 11KB

.rdata Size: 167KB - Virtual size: 166KB

.data Size: 4KB - Virtual size: 12KB

.pdata Size: 24KB - Virtual size: 23KB

_RDATA Size: 512B - Virtual size: 148B

.gchr Size: 4KB - Virtual size: 3KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 430KB - Virtual size: 429KB

.pecode
Size: 65KB - Virtual size: 65KB

.pccode
Size: 12KB - Virtual size: 11KB

.rdata
Size: 167KB - Virtual size: 166KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 24KB - Virtual size: 23KB

_RDATA
Size: 512B - Virtual size: 148B

.gchr
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 568KB - Virtual size: 572KB