d2e9a8f57697da533827c71faf15b5172b20e57fa9ed176d0e4fe5feeef7fff0

Sharing

Copy URL Twitter E-mail

General

Target

d2e9a8f57697da533827c71faf15b5172b20e57fa9ed176d0e4fe5feeef7fff0
Size

1.6MB
MD5

0d08a610d23ff64f928eca7458301cdb
SHA1

0c00cc263bdb3788f51d366173a115fb0e269304
SHA256

d2e9a8f57697da533827c71faf15b5172b20e57fa9ed176d0e4fe5feeef7fff0
SHA512

a6e8924a37ab36e1bf1c698bcfdeed20d05d7797c81b322a306ce551dff0e98c0f357c0a51150ac40da618bebea11fb995902a950de59452df3ba3d8726185d4
SSDEEP

24576:zFsBHRj3S2NCR6o+fZeylDNvWdNokDbx4dnjV3NrnTlG:zFzErReehWdN6j9Nrn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2e9a8f57697da533827c71faf15b5172b20e57fa9ed176d0e4fe5feeef7fff0

Files

d2e9a8f57697da533827c71faf15b5172b20e57fa9ed176d0e4fe5feeef7fff0
.exe windows x64

dc66db41d064313999bdb49067e59d68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
LeaveCriticalSection
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
EnterCriticalSection
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
SetUnhandledExceptionFilter
GetCurrentProcessId
GetProcAddress
GetLocalTime
LoadLibraryW
CreateFileA
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
WriteConsoleW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
GetModuleFileNameA
SetConsoleTitleW
CloseHandle
CreateMutexW
GetModuleFileNameW
Sleep
WaitForSingleObject
GetFullPathNameW
GetDriveTypeW
GetPrivateProfileStringA
GetDiskFreeSpaceExW
GetLastError
CreateDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetLogicalDrives
HeapDestroy
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryW
SetLastError
MoveFileExW
GetEnvironmentVariableA
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
GetFileSizeEx
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetStdHandle
ExitProcess
GetCommandLineA
GetCommandLineW
GetFileType
GetFileInformationByHandle
PeekNamedPipe
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetExitCodeProcess
CreateProcessW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
SetFileAttributesW
GetConsoleOutputCP
IsValidCodePage

advapi32

CryptGetHashParam
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenServiceW
ControlService
DeleteService
ChangeServiceConfig2W
OpenSCManagerW
CloseServiceHandle
CreateServiceW
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptDestroyHash
CryptGenRandom

massctl64

msc_reset
msc_rebuild2
msc_init
msc_delete
msc_getprogress2
msc_commit
msc_port_open_status
msc_getprogress

ws2_32

freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
listen
htonl
accept
select
__WSAFDIsSet
WSAIoctl
WSASetLastError
socket
setsockopt
WSAWaitForMultipleEvents
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
ioctlsocket
closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs

dbghelp

MiniDumpWriteDump

crypt32

CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCreateCertificateChainEngine

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc66db41d064313999bdb49067e59d68

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

massctl64

ws2_32

dbghelp

crypt32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 226KB - Virtual size: 226KB

.data Size: 16KB - Virtual size: 23KB

.pdata Size: 54KB - Virtual size: 53KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 226KB - Virtual size: 226KB

.data
Size: 16KB - Virtual size: 23KB

.pdata
Size: 54KB - Virtual size: 53KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB