54046c3bab14b43589dd10e6f9ef8ba8678f17944b9dd18d9f997bc1b9a3711b

Sharing

Copy URL Twitter E-mail

General

Target

54046c3bab14b43589dd10e6f9ef8ba8678f17944b9dd18d9f997bc1b9a3711b
Size

382KB
MD5

1b2ddb0f4b9182c2d0c2b6e3922a5d75
SHA1

f2deb5c7013b89b3c9591a787762f266c5692981
SHA256

54046c3bab14b43589dd10e6f9ef8ba8678f17944b9dd18d9f997bc1b9a3711b
SHA512

05527033377592e69b6437df1f2ffa155a01f1c9d1a18d7e8bfcec162cf64f8ce7bf5664d7e9ab202294c2e8ef12fedc032eaccb47e7bb1c1ab2ed7a924e4fec
SSDEEP

6144:Zz5u+Pa52YVWtJ+mw453XirmFMKiLOYWT3hQbbISDI4fDaTB1yauK1Docgl:ZAGs5ItJ+m2S8yhQvnaTns

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54046c3bab14b43589dd10e6f9ef8ba8678f17944b9dd18d9f997bc1b9a3711b

Files

54046c3bab14b43589dd10e6f9ef8ba8678f17944b9dd18d9f997bc1b9a3711b
.exe windows x64

cdf4add3f021fdb7614153a84d683733

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
GetCommandLineW
CreateFileA
GetDriveTypeW
FreeLibrary
CreateProcessW
HeapAlloc
HeapFree
GetTickCount
GetProcessHeap
GetSystemDirectoryW
WideCharToMultiByte
LoadLibraryW
GetLocaleInfoW
Sleep
CreateFileW
lstrcmpW
MultiByteToWideChar
GetStartupInfoW
GetLocalTime
Process32FirstW
GlobalMemoryStatusEx
DeviceIoControl
GetSystemInfo
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
lstrcpyW
QueryPerformanceCounter
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
QueryPerformanceFrequency
WriteFile
CopyFileW
ExpandEnvironmentStringsW
CreateEventA
GetNativeSystemInfo
IsBadReadPtr
SetLastError
LoadLibraryA
VirtualProtect
MoveFileExA
SetErrorMode
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentDirectoryA
GetCurrentThreadId
CreateThread
GetFileSize
SetFilePointer
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
DeleteCriticalSection
FlushFileBuffers
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentProcess
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
VirtualFree
GetCurrentProcessId
GetWindowsDirectoryW
CloseHandle
LocalAlloc
GetProcAddress
GetLastError
lstrlenW
GetModuleFileNameW
FormatMessageW
ReadProcessMemory
OpenProcess
GetStringTypeW
GetConsoleMode
GetConsoleCP
GetStdHandle
GetVersion
HeapSetInformation
FlsAlloc
FlsFree
RaiseException
HeapDestroy
CreateWaitableTimerW
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetSystemTimeAsFileTime
ExitThread
DecodePointer
EncodePointer
LocalFree
HeapSize
HeapReAlloc
TryEnterCriticalSection
CancelWaitableTimer
SetWaitableTimer
lstrlenA
UnmapViewOfFile
SwitchToThread
CreateFileMappingW
MapViewOfFileEx
GetModuleHandleW
ReadFile
HeapCreate

user32

PeekMessageW
MsgWaitForMultipleObjects
FindWindowA
GetLastInputInfo
GetWindowTextW
GetWindowTextA
GetMonitorInfoW
wsprintfW
GetClassNameA
EnumDisplayMonitors
OpenWindowStationW
IsWindow
GetInputState
PostThreadMessageA
SetProcessWindowStation
GetForegroundWindow
SendMessageW
DispatchMessageW
TranslateMessage
GetWindow

advapi32

OpenProcessToken
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCreateKeyW
RegCloseKey
CheckTokenMembership
GetCurrentHwProfileW
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
LookupAccountSidW
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
GetTokenInformation

ole32

CoGetObject
CoInitializeEx
CoCreateInstance
CoInitialize
CLSIDFromString
CoUninitialize

oleaut32

SysStringLen
VariantInit
VariantClear
SysAllocString
SysFreeString

ws2_32

WSASetLastError
WSAStringToAddressW
shutdown
closesocket
send
getpeername
setsockopt
WSAIoctl
InetNtopW
htons
ntohs
WSAGetLastError
gethostname
inet_ntoa
gethostbyname
getsockname
freeaddrinfo
getaddrinfo
WSAStartup
WSAResetEvent
WSAEventSelect
WSACleanup
bind
connect
recv
WSACloseEvent
WSACreateEvent
socket
WSAEnumNetworkEvents
WSAWaitForMultipleEvents

shlwapi

StrChrW
PathIsDirectoryA

netapi32

NetWkstaGetInfo

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeGetTime

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.*X4
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdf4add3f021fdb7614153a84d683733

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

shlwapi

netapi32

winmm

Sections

.text Size: 239KB - Virtual size: 238KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 26KB - Virtual size: 48KB

.pdata Size: 13KB - Virtual size: 13KB

.*X4 Size: 15KB - Virtual size: 14KB

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 239KB - Virtual size: 238KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 26KB - Virtual size: 48KB

.pdata
Size: 13KB - Virtual size: 13KB

.*X4
Size: 15KB - Virtual size: 14KB

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB