f33d3c8f623f14b2e4a84591d43628d2f7b5145d1fb38c3f6e49aedca0993607

Sharing

Copy URL Twitter E-mail

General

Target

f33d3c8f623f14b2e4a84591d43628d2f7b5145d1fb38c3f6e49aedca0993607
Size

2.5MB
MD5

f2079b5e1935d695bb1b6d0d00ecef64
SHA1

8237ffb0b28458d9c0f7efeb52e4e352f20779b8
SHA256

f33d3c8f623f14b2e4a84591d43628d2f7b5145d1fb38c3f6e49aedca0993607
SHA512

dd4e9bd71601df5a763ce36de4a64736ae679c37e1905ceeec260b7bde50faf40bdd68809771f97064de5505a971317c42f3b6fe5263fafabb8d438af7942e0a
SSDEEP

24576:T6YVDCtzQtHq+SrtTw+d0nAMolyfcDqU8ERqxqcx9oO6aQJo+yb9+LXswIiqn01i:DVoznRwe0nAbyfcDZo9o3zI96Xsw7zpI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f33d3c8f623f14b2e4a84591d43628d2f7b5145d1fb38c3f6e49aedca0993607

Files

f33d3c8f623f14b2e4a84591d43628d2f7b5145d1fb38c3f6e49aedca0993607
.exe windows x64

19f565b9eb9e68c002317d22c6de69c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList

kernel32

RtlUnwindEx
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
VirtualProtect
QueryPerformanceFrequency
VirtualFree
GetFullPathNameW
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
SetFilePointerEx
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
lstrcpynW
GetLastError
GetModuleFileNameW
SetLastError
GetNativeSystemInfo
lstrlenA
CreateThread
CompareStringW
GetFileSizeEx
lstrcpyA
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetCurrentThread
GlobalMemoryStatusEx
LoadLibraryExW
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
SuspendThread
GetTickCount
lstrcmpiA
GetFileSize
GetStartupInfoW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrcpynA
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
CreateMutexA
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
GetLogicalProcessorInformation
GetComputerNameW
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
CreateEventW
QueryFullProcessImageNameW
SetThreadLocale
GetThreadLocale

shlwapi

StrStrIW

ole32

CoInitialize
CoUninitialize

user32

UnregisterClassW
CreateWindowExW
GetMessageW
GetClassInfoW
TranslateMessage
CharLowerBuffW
CharUpperW
PeekMessageW
GetSystemMetrics
DefWindowProcW
wsprintfW
MessageBoxA
MessageBoxW
GetAsyncKeyState
SetWindowLongPtrW
CharUpperBuffW
RegisterClassW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
DispatchMessageW
GetCursorPos

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

msvcrt

_wcslwr
isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

advapi32

RegQueryValueExW
GetUserNameW
RegCloseKey
RegOpenKeyExW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 766KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 50KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 568B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19f565b9eb9e68c002317d22c6de69c8

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

shlwapi

ole32

user32

oleaut32

msvcrt

advapi32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 766KB - Virtual size: 765KB

.bss Size: - Virtual size: 50KB

.idata Size: 6KB - Virtual size: 5KB

.tls Size: - Virtual size: 568B

.rdata Size: 512B - Virtual size: 109B

.reloc Size: 69KB - Virtual size: 69KB

.pdata Size: 56KB - Virtual size: 56KB

.rsrc Size: 57KB - Virtual size: 56KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 766KB - Virtual size: 765KB

.bss
Size: - Virtual size: 50KB

.idata
Size: 6KB - Virtual size: 5KB

.tls
Size: - Virtual size: 568B

.rdata
Size: 512B - Virtual size: 109B

.reloc
Size: 69KB - Virtual size: 69KB

.pdata
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 57KB - Virtual size: 56KB