23ab69ba160c7e9ab68e315e011bf814d5c8fe6d45b7a7d4ae1383ec0fc674c2

Sharing

Copy URL Twitter E-mail

General

Target

23ab69ba160c7e9ab68e315e011bf814d5c8fe6d45b7a7d4ae1383ec0fc674c2
Size

5.0MB
MD5

6fca7679cb17f3bcafaf8ba9901783e4
SHA1

0c58d0c1979e4f9d5a84b4c1b98acc1c63259e0d
SHA256

23ab69ba160c7e9ab68e315e011bf814d5c8fe6d45b7a7d4ae1383ec0fc674c2
SHA512

eb854f355fbdce4fed74d39da586da04b983c3a66339aa7708c272647c1a1a1665643d550535e78396dfde3d6ea408dd35f608f888f3d605ea15604389cf5010
SSDEEP

98304:Pm7zynZHB0veuOUUx6B6i5ob02zi31fLO2WbJUSGDDvZ:PmMhY3OUNDMbJUrF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23ab69ba160c7e9ab68e315e011bf814d5c8fe6d45b7a7d4ae1383ec0fc674c2

Files

23ab69ba160c7e9ab68e315e011bf814d5c8fe6d45b7a7d4ae1383ec0fc674c2
.exe windows x64

9c44fe76a0ec044c6f59ae2f0b46bf25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetDiskFreeSpaceW
LockFile
GetFullPathNameA
GetGeoInfoW
GetUserGeoID
VerSetConditionMask
GetEnvironmentVariableW
GetCurrentProcess
GetCurrentProcessId
OpenProcess
GetVersionExW
FreeLibrary
GetModuleFileNameW
LoadLibraryW
VerifyVersionInfoW
GetLocaleInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ExpandEnvironmentStringsW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetLongPathNameW
ReadFile
SetFilePointer
WriteFile
GetTempPathW
CopyFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
UnregisterWaitEx
RegisterWaitForSingleObject
CancelIo
SleepEx
QueueUserAPC
lstrlenW
ReadDirectoryChangesW
SetLastError
LoadLibraryA
LCMapStringW
GetUserDefaultLCID
OutputDebugStringW
GetCurrentThread
GetPackagesByPackageFamily
OpenPackageInfoByFullName
ClosePackageInfo
GetPackageInfo
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
GetFileAttributesW
GetFileSizeEx
CreateThread
GetFileSize
ReleaseMutex
CreateMutexA
CompareStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnlockFileEx
GetModuleHandleA
LocalAlloc
QueryFullProcessImageNameW
InitializeCriticalSection
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
MultiByteToWideChar
IsDebuggerPresent
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetStringTypeW
EncodePointer
LCMapStringEx
GetCPInfo
GetSystemTimeAsFileTime
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
TlsFree
GetSystemInfo
CreateWaitableTimerA
InitializeCriticalSectionAndSpinCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
GetStdHandle
GetACP
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
OutputDebugStringA
SetStdHandle
WriteConsoleW
SetEndOfFile
CreateMutexW
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFullPathNameW
SwitchToFiber
DeleteFiber
CreateFiber
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
GetSystemDirectoryA
ConvertFiberToThread
ConvertThreadToFiber
SetConsoleMode
ReadConsoleA
MapViewOfFile
CreateFileMappingW
GetSystemTime
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
CreateFileA
WaitForSingleObject
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetDefaultDllDirectories
SetDllDirectoryW
FreeConsole
AttachConsole
Sleep
GetModuleHandleW
GetProcAddress
GetLastError
WaitForMultipleObjects
GetTickCount
ResetEvent
HeapFree
GetProcessHeap
HeapAlloc
SetEvent
WaitForSingleObjectEx
CloseHandle
CreateEventW
CreateEventA
LocalFree
WideCharToMultiByte
FormatMessageW
FormatMessageA
HeapCreate
AreFileApisANSI
GetCurrentDirectoryW
PeekNamedPipe
GetDriveTypeW
FlushViewOfFile

gdiplus

GdiplusShutdown
GdiplusStartup

user32

GetUserObjectInformationW
MessageBoxW
TranslateMessage
DispatchMessageW
LoadStringW
LoadIconW
LoadCursorW
RegisterClassExW
PostQuitMessage
DefWindowProcW
FindWindowW
SendMessageW
MsgWaitForMultipleObjects
wsprintfW
PeekMessageW
GetProcessWindowStation
CreateWindowExW

advapi32

CryptSignHashW
CryptEnumProvidersW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
OpenThreadToken
RegOpenKeyW
LookupAccountNameW
RegDeleteValueW
RegSetValueExW
ConvertSidToStringSidW
RegEnumValueW
RegQueryInfoKeyW
CryptDecrypt
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetDesktopFolder
SHGetFolderPathW
SHCreateDirectoryExW
SHGetMalloc
CommandLineToArgvW
SHFileOperationW

ole32

CoCreateGuid
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2

oleaut32

SysAllocStringLen
VariantClear
SysFreeString

msi

ord173
ord217

rpcrt4

UuidToStringW
RpcStringFreeW

userenv

ExpandEnvironmentStringsForUserW

shlwapi

StrRetToBufW
ord487
PathFindFileNameW
SHRegDuplicateHKey
PathFileExistsW

bcrypt

BCryptGenRandom

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertFreeCertificateContext
CertOpenSystemStoreA
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage

ws2_32

htons
socket
setsockopt
listen
WSAIoctl
select
gethostname
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
htonl
connect
closesocket
bind
accept
WSASetLastError
send
recv
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
ntohs
getsockopt
getsockname
ioctlsocket
recvfrom
sendto
getpeername
__WSAFDIsSet

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord301
ord46
ord143
ord22
ord41
ord50
ord45
ord60
ord211
ord217

normaliz

IdnToAscii

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 931KB - Virtual size: 930KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 600KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9c44fe76a0ec044c6f59ae2f0b46bf25

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdiplus

user32

advapi32

shell32

ole32

oleaut32

msi

rpcrt4

userenv

shlwapi

bcrypt

crypt32

ws2_32

wldap32

normaliz

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 931KB - Virtual size: 930KB

.data Size: 42KB - Virtual size: 71KB

.pdata Size: 147KB - Virtual size: 146KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 187KB - Virtual size: 187KB

.reloc Size: 600KB - Virtual size: 604KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 931KB - Virtual size: 930KB

.data
Size: 42KB - Virtual size: 71KB

.pdata
Size: 147KB - Virtual size: 146KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 187KB - Virtual size: 187KB

.reloc
Size: 600KB - Virtual size: 604KB