2270ab25d8552e22e22d4d2fc0e8faa3d9e019c1adf6b02e9633863509219759

Sharing

Copy URL Twitter E-mail

General

Target

2270ab25d8552e22e22d4d2fc0e8faa3d9e019c1adf6b02e9633863509219759
Size

275KB
MD5

1bcdda0ce8e3e0a86311e57f7ceafa33
SHA1

e5fa876acd0206e53e6a25627d54088893757dba
SHA256

2270ab25d8552e22e22d4d2fc0e8faa3d9e019c1adf6b02e9633863509219759
SHA512

855f58b2e4187fb9c0217e321417045c91cd0843d305d088d27fe3725892c5ff418979062534ad0de018e44d016517662bdba914b28e1cc1e857f14ccf524bfb
SSDEEP

6144:Mixw/LyWyt/595LDMoJI5CLTXz8VzD8AQULFMkhnTa:MB/Lylr95XM4qOXz8ZD8Av5h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2270ab25d8552e22e22d4d2fc0e8faa3d9e019c1adf6b02e9633863509219759

Files

2270ab25d8552e22e22d4d2fc0e8faa3d9e019c1adf6b02e9633863509219759
.exe windows x64

95777810672d4d5f9d22ba7cec1bdce6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeGetTime

ntdll

RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
NtWriteVirtualMemory
NtMapViewOfSection
NtQuerySection
NtOpenSection
NtQuerySystemInformation
NtUnmapViewOfSection
RtlNtStatusToDosError
RtlCompareUnicodeString
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
NtReadVirtualMemory
NtTerminateProcess
RtlInitString
RtlInitUnicodeString
NtQueryInformationProcess
NtCreateSection
RtlUnicodeStringToAnsiString
RtlCompareString

ws2_32

WSAStartup
WSAGetLastError
ioctlsocket
htons
recv
connect
socket
send
WSACleanup
inet_pton
shutdown
select
closesocket
__WSAFDIsSet

iphlpapi

GetAdaptersInfo

kernel32

CreatePipe
ResumeThread
GetFileSizeEx
SetThreadContext
SuspendThread
Wow64GetThreadContext
Wow64SetThreadContext
VirtualProtect
FormatMessageA
LocalFree
OutputDebugStringA
LoadLibraryW
VirtualQueryEx
VirtualQuery
MultiByteToWideChar
OpenThread
GetCurrentProcessId
ExitProcess
VirtualAllocEx
GetThreadContext
FindResourceW
GetCurrentThreadId
LockResource
LoadResource
ReadFile
FindFirstFileA
VirtualFree
WriteFile
VirtualAlloc
FindNextFileA
lstrlenA
FindClose
GetLastError
CreateFileA
CloseHandle
GetLocalTime
GetFileSize
CreateDirectoryA
GetFileTime
GetVolumeInformationW
CreateDirectoryW
GetModuleFileNameA
RemoveVectoredExceptionHandler
GetCurrentProcess
lstrlenW
GetModuleFileNameW
GetCurrentDirectoryA
GetModuleHandleA
OpenProcess
CopyFileA
GetSystemDirectoryA
WritePrivateProfileStringA
AddVectoredExceptionHandler
GetProcAddress
ReadProcessMemory
GetModuleHandleW
GetPrivateProfileStringA
GetTickCount
FindFirstFileW
FindNextFileW
TerminateProcess
QueryFullProcessImageNameA
CreateToolhelp32Snapshot
Sleep
Process32NextW
TerminateThread
Process32FirstW
CreateThread
FileTimeToLocalFileTime
SystemTimeToFileTime
CreateProcessA
GetProcessTimes
GetExitCodeProcess
SizeofResource
WriteProcessMemory
SetLastError
WaitForSingleObject
CreateFileW
LoadLibraryA

user32

GetWindow
LoadMenuW
GetWindowTextW
SetWindowPos
GetSystemMetrics
GetClassNameA
IsWindow
IsHungAppWindow
GetWindowTextA
GetWindowLongW
SetWindowLongW
TrackPopupMenu
GetSubMenu
DefWindowProcW
DestroyWindow
SetWindowLongPtrW
IsWindowVisible
CallNextHookEx
SwitchToThisWindow
SendMessageA
FlashWindowEx
GetCursorPos
GetMessageW
CreateDialogParamW
EndDialog
DispatchMessageW
TranslateMessage
DialogBoxParamW
ExitWindowsEx
EnumWindows
MessageBoxA
GetWindowLongPtrW
SendMessageW
MessageBoxW
GetWindowThreadProcessId
GetDlgItem
SetDlgItemTextA
SetDlgItemTextW
SetTimer
GetDlgItemTextA
ShowWindow
EnableWindow
CheckDlgButton
KillTimer
SetCursor
LoadCursorW
IsDlgButtonChecked
MapWindowPoints
GetDlgCtrlID
RedrawWindow
GetWindowRect
PostMessageW
LoadIconW
MoveWindow
GetDlgItemTextW
SetWindowTextA

gdi32

SetBkMode
SetTextColor
GetStockObject
CreateFontW
CreateSolidBrush

advapi32

RegSetKeyValueA
RegOpenKeyW
RegGetValueA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegOpenCurrentUser
RegCloseKey
RegGetValueW
RegSetKeyValueW
RegCreateKeyW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95777810672d4d5f9d22ba7cec1bdce6

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ntdll

ws2_32

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 174KB - Virtual size: 173KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 512B - Virtual size: 320B

.text
Size: 174KB - Virtual size: 173KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 512B - Virtual size: 320B