b536011ed81819587119f09d3385c4941880bdac3bdd5c891d0d9d4da32680c1

Resubmissions

17/04/2025, 02:08

250417-ckvp3sslt8 10

24/08/2023, 09:41

230824-ln94lsbe58 10

Sharing

Copy URL Twitter E-mail

General

Target

b536011ed81819587119f09d3385c4941880bdac3bdd5c891d0d9d4da32680c1
Size

572KB
MD5

0cd67227fc00b66c3804fb9adacfa848
SHA1

724fa0baaf2d983f4a3af4c4491ac07229a3e7a3
SHA256

b536011ed81819587119f09d3385c4941880bdac3bdd5c891d0d9d4da32680c1
SHA512

85687f9c08425b1f61ee03f2b446af04b50b773d17143fe28d56caee58eb57429fce330f39ead702777f28df573ad5788b30ac9120b7b73d31aa0a8aa53db206
SSDEEP

12288:hwB3tOJHGuAvbwhVNvcYNiTzO/EzAoLKWCV64mR0Qxxy:mWGvshVNkYNiTzNzAICYdR0Qxx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b536011ed81819587119f09d3385c4941880bdac3bdd5c891d0d9d4da32680c1

Files

b536011ed81819587119f09d3385c4941880bdac3bdd5c891d0d9d4da32680c1
.exe windows x64

8b3cacfc3aa8e18d65d4629abc0e0b88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LCMapStringEx
MapViewOfFile
CreateFileMappingW
CreateProcessA
ExitProcess
CloseHandle
SetEndOfFile
WriteConsoleW
FlushFileBuffers
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLastError
UnmapViewOfFile
CreateMutexW
GetModuleFileNameA
GetLocaleInfoW
LCMapStringW
WaitForSingleObject
OpenFileMappingW
Sleep
SetEvent
GetSystemDirectoryA
CreateEventA
OpenMutexW
GetTickCount
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
ProcessIdToSessionId
Process32NextW
Process32FirstW
VirtualAllocEx
lstrcmpiW
HeapFree
InitializeCriticalSectionEx
HeapSize
GlobalFree
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
ReadFile
K32GetModuleFileNameExA
WideCharToMultiByte
WriteProcessMemory
Wow64SetThreadContext
Thread32Next
Wow64GetThreadContext
Thread32First
QueryThreadCycleTime
SuspendThread
ResumeThread
GetModuleHandleA
GetSystemInfo
Wow64SuspendThread
VirtualProtectEx
GetThreadContext
GetProcAddress
GetThreadId
GetModuleHandleW
IsBadReadPtr
SetThreadContext
OpenThread
WriteFile
SetFilePointer
CreateFileW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
GetVersionExW
LoadLibraryA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
GetFileType
RtlUnwind

user32

LoadAcceleratorsW
GetSystemMetrics

ws2_32

bind
closesocket
select
inet_addr
socket
recvfrom
htons
sendto
setsockopt
WSAGetLastError
gethostbyname
WSAStartup
WSACleanup
gethostname
inet_ntoa

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpCloseHandle

iphlpapi

GetAdaptersAddresses
GetIpNetTable
GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

advapi32

DuplicateTokenEx
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
AdjustTokenPrivileges
LookupPrivilegeValueW

ole32

CoCreateGuid

Sections

.text
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

8b3cacfc3aa8e18d65d4629abc0e0b88

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

wtsapi32

userenv

winhttp

iphlpapi

version

advapi32

ole32

Sections

.text Size: 353KB - Virtual size: 353KB

.rdata Size: 185KB - Virtual size: 184KB

.data Size: 12KB - Virtual size: 18KB

.pdata Size: 16KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 353KB - Virtual size: 353KB

.rdata
Size: 185KB - Virtual size: 184KB

.data
Size: 12KB - Virtual size: 18KB

.pdata
Size: 16KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB