794ae9b5c67f07b4d7edf235eabbe2dcea7f4bcac946060d62f676dbb0285ba6

Sharing

Copy URL Twitter E-mail

General

Target

794ae9b5c67f07b4d7edf235eabbe2dcea7f4bcac946060d62f676dbb0285ba6
Size

1.6MB
MD5

4e080700fbf574def7d0e233885f3ec7
SHA1

9a04f56c8a35ac40946ab9154ae50f5649554c7c
SHA256

794ae9b5c67f07b4d7edf235eabbe2dcea7f4bcac946060d62f676dbb0285ba6
SHA512

b53597e572d99abf5ecae63fd0ea94d1d3d83e3e9b1fc9a69c713ff61d90f6d46cdb4421d145878b60b9cd3cf490d03d076445ca99485f5954e0cf36e21afff5
SSDEEP

24576:NdvwyKLOsDFncLmKDZOSzcFZbic5RzH1EyDqSrTRSzHKSU2Zlr8pdg5KMQGDnCLc:Np3IEz4iozVEyDqkMzjTZl0oKMQyCLUb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
794ae9b5c67f07b4d7edf235eabbe2dcea7f4bcac946060d62f676dbb0285ba6

Files

794ae9b5c67f07b4d7edf235eabbe2dcea7f4bcac946060d62f676dbb0285ba6
.exe windows x64

1a0a9e1e75898ee0315138eaabeb44d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetDriverInfoDetailW
SetupDiDestroyDriverInfoList
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiBuildDriverInfoList

difxapi

DriverPackageUninstallW

kernel32

HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadConsoleW
SetStdHandle
WriteConsoleW
FindResourceExW
LoadResource
CreateDirectoryW
WaitForSingleObject
SetEvent
OpenProcess
Sleep
SizeofResource
OutputDebugStringW
GetLastError
Process32FirstW
LocalAlloc
LockResource
Process32NextW
CreateToolhelp32Snapshot
OpenEventW
CloseHandle
LocalFree
GetCommandLineW
SetThreadLocale
CreateProcessW
GetTempPathW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
CreateFileW
SetEndOfFile
FileTimeToSystemTime
GetCommandLineA
GetModuleFileNameA
LoadLibraryExW
GetModuleFileNameW
HeapSize
GetConsoleMode
GetConsoleCP
WriteFile
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetProcAddress
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
GetStdHandle
GetFileType
GetProcessHeap
ReadFile
SetFilePointerEx
FlushFileBuffers

user32

LoadStringW
MessageBoxW

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW

shell32

CommandLineToArgvW

msi

ord205
ord113
ord70
ord169
ord88
ord141

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 117.9MB - Virtual size: 117.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a0a9e1e75898ee0315138eaabeb44d7

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

difxapi

kernel32

user32

advapi32

shell32

msi

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 9KB - Virtual size: 19KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 117.9MB - Virtual size: 117.9MB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 9KB - Virtual size: 19KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 117.9MB - Virtual size: 117.9MB

.reloc
Size: 3KB - Virtual size: 2KB