804118f1633d719bb695f4e87ad5ebcb7c9637211ef2a50589a20eea9aea2f8f

Sharing

Copy URL Twitter E-mail

General

Target

804118f1633d719bb695f4e87ad5ebcb7c9637211ef2a50589a20eea9aea2f8f
Size

2.5MB
MD5

2824f45236af3129b670a77509221675
SHA1

a4f573d992ff1ec0e2e4584af2e13c233060a0d2
SHA256

804118f1633d719bb695f4e87ad5ebcb7c9637211ef2a50589a20eea9aea2f8f
SHA512

5ca19842e384d73eb343989197e5d98f29b59b50b994faddcfc5bbb928e5f8f14c5ede62ddf6d2e3d0b7c77573dcfeee932f38c9ff10d89e1eb518ce27d97f0e
SSDEEP

24576:NxluWCEkx/gITyj4HYTvmngOezyr3yNtGs0wd/ZL8Ug+JwNZgCxiIsCA2flywBuJ:0WFcGOng5yEGs0wxZN2DxiIq2d3dz6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
804118f1633d719bb695f4e87ad5ebcb7c9637211ef2a50589a20eea9aea2f8f

Files

804118f1633d719bb695f4e87ad5ebcb7c9637211ef2a50589a20eea9aea2f8f
.exe windows x86

d57df9a537639961a0bc1aedd32e089e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetLastError
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionEx
DeleteCriticalSection
WideCharToMultiByte
GetCurrentThreadId
SetLastError
LockResource
FindResourceExW
Sleep
GlobalFree
LocalFree
FormatMessageW
LocalAlloc
CallNamedPipeW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCommandLineW
DecodePointer
CreateMutexW
GetNativeSystemInfo
GetDiskFreeSpaceExW
FreeLibrary
FindClose
GetSystemDirectoryW
CreateProcessW
GetCurrentProcess
FindNextFileW
CloseHandle
GlobalAlloc
GlobalLock
SetThreadUILanguage
LoadLibraryW
CreateDirectoryW
GetLogicalDrives
GetTempPathW
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
OpenProcess
ResumeThread
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetModuleFileNameExW
GetCurrentDirectoryW
GetCurrentProcessId
OutputDebugStringW
SetEndOfFile
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindFirstFileW
MulDiv
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
DeleteFileW
FindFirstFileExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
RemoveDirectoryW
AreFileApisANSI
CopyFileW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
QueryPerformanceCounter
TryEnterCriticalSection
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitProcess
GetModuleHandleExW
ExitThread
GetStdHandle
WriteFile
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetFileSizeEx
ReadConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW

crypt32

CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

Sections

.text
Size: 664KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d57df9a537639961a0bc1aedd32e089e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

rpcrt4

Sections

.text Size: 664KB - Virtual size: 664KB

.rdata Size: 166KB - Virtual size: 166KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 664KB - Virtual size: 664KB

.rdata
Size: 166KB - Virtual size: 166KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 39KB - Virtual size: 39KB