4dd94fa36bda6a89aa25a0db6bb13d6281bd872da60d2c3095f0f54181d35db7

Sharing

Copy URL Twitter E-mail

General

Target

4dd94fa36bda6a89aa25a0db6bb13d6281bd872da60d2c3095f0f54181d35db7
Size

140KB
MD5

101e34fea0d955ca3a58d291b5f1abae
SHA1

bcbcc0fdce75fab78cd2c69cd68aa7e27c272ba7
SHA256

4dd94fa36bda6a89aa25a0db6bb13d6281bd872da60d2c3095f0f54181d35db7
SHA512

a1e704fae7629e22a033532493927d9c0af334d94feaf931add320f5afe2be9b7b2979c0abca352215c8d92302030634b3cded2f8dd8a33a47be6dd02d63eba6
SSDEEP

3072:FPeHXCar0zr6viEd1H13hoFc9dFy+ErLs:iCm0zr0dl1S4BErL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dd94fa36bda6a89aa25a0db6bb13d6281bd872da60d2c3095f0f54181d35db7

Files

4dd94fa36bda6a89aa25a0db6bb13d6281bd872da60d2c3095f0f54181d35db7
.exe windows x64

f0fe48135b22f13314c4a8edae5c1c0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

sbiedll

SbieApi_QueryProcess
SbieApi_EnumProcessEx
SbieDll_Hook
SbieDll_IsBoxedService
SbieDll_StartBoxedService

kernel32

SetEvent
WaitForSingleObject
CreateEventW
OpenEventW
GetCurrentProcessId
ExitProcess
CreateThread
GetCurrentThreadId
GetProcessHeap
TlsGetValue
TlsSetValue
OpenProcess
GetVersionExW
CreateFileMappingW
GetModuleHandleW
GetProcAddress
LoadLibraryW
HeapReAlloc
HeapFree
HeapAlloc
SetLastError
GetLastError
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW
WriteConsoleW
TlsAlloc
GetStartupInfoW
HeapSize
SetFilePointerEx
LCMapStringW
FlsFree
FlsSetValue
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
FlsAlloc
FlsGetValue

advapi32

StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
QueryServiceStatusEx
QueryServiceStatus
OpenServiceW
ControlService
CloseServiceHandle
GetTokenInformation
DuplicateToken
AccessCheckByType
OpenProcessToken
SetThreadToken

ntdll

NtOpenKey
RtlInitUnicodeString
NtQueryValueKey
RtlAdjustPrivilege
NtClose
NtQueryInformationProcess

user32

MessageBoxW
wsprintfW

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0fe48135b22f13314c4a8edae5c1c0c

Headers

DLL Characteristics

File Characteristics

Imports

sbiedll

kernel32

advapi32

ntdll

user32

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB