977be548dbdaa7b0be0540549b6c74a6b7a973475bfe65d1d5ba00c8c993ede3

Sharing

Copy URL Twitter E-mail

General

Target

977be548dbdaa7b0be0540549b6c74a6b7a973475bfe65d1d5ba00c8c993ede3
Size

1.5MB
MD5

15f40dfabe0f4315f825d8c7633ac245
SHA1

b5d9d0a29f88a88148783dd9a749cdbaf54bd9e3
SHA256

977be548dbdaa7b0be0540549b6c74a6b7a973475bfe65d1d5ba00c8c993ede3
SHA512

367c23aeeb0de6e879fe9daa644c4cdbd00b6695620bee0ee2b8f22a4678f5c64f3c1226c9b0df13ea125fc1dd30d19f7fdb73f70ea9ac2e65fc41e9b91a4a1c
SSDEEP

12288:NrvqkCON2Bdss1sOp4akIx7iAv1Nso6+3eGZXrA8yChNC6SIu52BaAA:NRCVPsOp4ak6iW4od3PZXrVCRJ5jAA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
977be548dbdaa7b0be0540549b6c74a6b7a973475bfe65d1d5ba00c8c993ede3

Files

977be548dbdaa7b0be0540549b6c74a6b7a973475bfe65d1d5ba00c8c993ede3
.exe windows x64

0136185c1ca1f00ec956df41e7b24031

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

kernel32

SetEnvironmentVariableW
GetTempPathW
FreeEnvironmentStringsW
Process32FirstW
GetEnvironmentStringsW
CreateToolhelp32Snapshot
WideCharToMultiByte
QueryFullProcessImageNameW
Sleep
GetThreadId
GetCurrentThread
CreateThread
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
SubmitThreadpoolWork
MultiByteToWideChar
lstrlenW
GetCPInfo
GetOEMCP
CreateThreadpoolWork
GetACP
IsValidCodePage
WTSGetActiveConsoleSessionId
GetProcessTimes
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateEventW
CreateThreadpoolTimer
GetStringTypeW
SetStdHandle
TerminateProcess
OpenProcess
CreateFileW
LocalAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetCurrentProcess
LocalFree
LoadLibraryExW
Process32NextW
ProcessIdToSessionId
FindFirstFileExW
GetLastError
WriteFile
CloseHandle
GetProcessHeap
HeapAlloc
HeapFree
WaitForMultipleObjects
FindClose
HeapReAlloc
HeapSize
CreateDirectoryW
SetFilePointerEx
SetFilePointer
InitializeCriticalSectionEx
WaitForSingleObject
OutputDebugStringW
RaiseException
GetLocalTime
GetFileSizeEx
GetFileType
lstrcmpiW
TlsGetValue
TlsAlloc
EncodePointer
ReadFile
HeapDestroy
GetFullPathNameW
GetModuleFileNameW
WriteConsoleW
DeleteCriticalSection
InitializeCriticalSection
LCMapStringW
VerSetConditionMask
FreeLibrary
TlsSetValue
VerifyVersionInfoW
CompareStringW
SetLastError
GetProcAddress
FindNextFileW
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
TlsFree

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

hid

HidP_GetCaps
HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetPreparsedData

setupapi

CMP_WaitNoPendingInstallEvents
CM_Locate_DevNodeW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW

advapi32

ControlService
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
QueryServiceStatus
CreateServiceW
RegNotifyChangeKeyValue
CloseServiceHandle
DeleteService
OpenServiceW
OpenSCManagerW
RevertToSelf
ImpersonateLoggedOnUser
EventWriteString
SetServiceStatus
EventUnregister
EventRegister
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegDeleteKeyW
RegSetValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
DuplicateTokenEx
GetTokenInformation
RegCloseKey
CreateProcessAsUserW
OpenProcessToken

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock

shlwapi

StrChrW
StrCmpNIW
StrCmpIW
StrToIntExW

wintrust

WinVerifyTrust

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0136185c1ca1f00ec956df41e7b24031

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

ole32

hid

setupapi

advapi32

wtsapi32

userenv

shlwapi

wintrust

Sections

.text Size: 138KB - Virtual size: 138KB

.rdata Size: 97KB - Virtual size: 96KB

.data Size: 4KB - Virtual size: 11KB

.pdata Size: 7KB - Virtual size: 7KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 138KB - Virtual size: 138KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 4KB - Virtual size: 11KB

.pdata
Size: 7KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB