avemaria2_d32e3b8c31bee73d1c6f902ce62c5c3a24fb5d82dc394c17dcb9b268a7fa92b0

Sharing

Copy URL Twitter E-mail

General

Target

avemaria2_d32e3b8c31bee73d1c6f902ce62c5c3a24fb5d82dc394c17dcb9b268a7fa92b0
Size

2.0MB
MD5

9b673f58549eaf905ef8166a099745a0
SHA1

7572ecd688331d00dcf91a7c36055c180fd8d752
SHA256

d32e3b8c31bee73d1c6f902ce62c5c3a24fb5d82dc394c17dcb9b268a7fa92b0
SHA512

bd78a4a75005cf6596ed25c9b4d1392f7bdfec1a4ba50034356cb60e25b1bf2c04d702512165ec02c607776c937db0841df76013fb39c25fd3f0c7fc088a56d3
SSDEEP

12288:q9q7b6iisuutUJNRCKrzKa/6D+MUVGAarBY4OuAAUzZPp2DhaBRGwLZYr:pbkRCKHkDnAFi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
avemaria2_d32e3b8c31bee73d1c6f902ce62c5c3a24fb5d82dc394c17dcb9b268a7fa92b0

Files

avemaria2_d32e3b8c31bee73d1c6f902ce62c5c3a24fb5d82dc394c17dcb9b268a7fa92b0
.exe windows x86

1f08bf0e9242145dda7807c9aa809522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessHandleCount
GetProcessHeaps
GetProcessId
GetQueuedCompletionStatus
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadId
GetTickCount
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetVersionExW
GetVolumePathNameW
GlobalMemoryStatusEx
HeapDestroy
HeapSetInformation
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
ProcessIdToSessionId
QueryFullProcessImageNameW
GetFileInformationByHandleEx
QueryPerformanceFrequency
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ResetEvent
ResumeThread
SearchPathW
SetDllDirectoryW
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetHandleInformation
SetInformationJobObject
SetUnhandledExceptionFilter
SignalObjectAndWait
TerminateJobObject
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VerifyVersionInfoA
VirtualAlloc
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
WriteProcessMemory
lstrlenW
GetConsoleMode
GetConsoleCP
GetStringTypeW
SetStdHandle
HeapQueryInformation
GetFileInformationByHandle
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentDirectoryW
FreeLibrary
FreeEnvironmentStringsW
FlushInstructionCache
ExpandEnvironmentStringsW
EnumSystemLocalesEx
EnterCriticalSection
EncodePointer
DuplicateHandle
DeleteProcThreadAttributeList
DeleteFileW
DebugBreak
CreateToolhelp32Snapshot
CreateThread
CreateRemoteThread
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateJobObjectW
CreateIoCompletionPort
CreateFileW
CreateFileMappingW
CreateFileMappingA
CreateEventW
CloseHandle
AttachConsole
AssignProcessToJobObject
AcquireSRWLockExclusive
VerSetConditionMask
RtlCaptureContext
FreeConsole
Sleep
GetCurrentProcess
VirtualAllocEx
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RaiseException
QueryPerformanceCounter
DecodePointer
HeapSize
HeapFree
GetProcessHeap
SetEnvironmentVariableA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
OutputDebugStringW
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
HeapAlloc
HeapValidate
GetCommandLineA
GetCommandLineW
GetACP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
SetConsoleCtrlHandler
HeapReAlloc
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FlushFileBuffers

user32

InvalidateRect
LoadStringA
UnregisterClassA

advapi32

SystemFunction036
SetTokenInformation
SetThreadToken
SetSecurityInfo
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
SetKernelObjectSecurity
SetEntriesInAclW
RevertToSelf
ReportEventW
RegisterEventSourceW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegDisablePredefinedCache
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
MapGenericMask
LookupPrivilegeValueW
IsValidSid
InitializeSid
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityInfo
GetSecurityDescriptorSacl
GetNamedSecurityInfoW
GetLengthSid
GetKernelObjectSecurity
GetAce
FreeSid
EqualSid
DuplicateTokenEx
DuplicateToken
DeregisterEventSource
CreateWellKnownSid
CreateRestrictedToken
CreateProcessAsUserW
CopySid
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
AccessCheck

ole32

ProgIDFromCLSID
CoTaskMemFree

oleaut32

VariantClear
SysFreeString
SetErrorInfo
CreateErrorInfo

Sections

.text
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f08bf0e9242145dda7807c9aa809522

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 462KB - Virtual size: 461KB

.rdata Size: 183KB - Virtual size: 182KB

.data Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 462KB - Virtual size: 461KB

.rdata
Size: 183KB - Virtual size: 182KB

.data
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 512B - Virtual size: 480B