7ff9b1fc7b6df8f70a32e527110bf03952357dfaeee8c9035fa13909b7ed8143

Sharing

Copy URL Twitter E-mail

General

Target

7ff9b1fc7b6df8f70a32e527110bf03952357dfaeee8c9035fa13909b7ed8143
Size

3.3MB
MD5

095968c9082b8039b5293a878f3192d3
SHA1

f49cd02d484302d3a0682c7f1e470e557800b111
SHA256

7ff9b1fc7b6df8f70a32e527110bf03952357dfaeee8c9035fa13909b7ed8143
SHA512

fd35c3b68e4162453123c67485a969c767a793b81a4d4ff688321446d0d0a9a7e3168e8859c8de1ee4a5b713ea9cdb31f028c9f65bb43d523aad1dc8731fd258
SSDEEP

49152:LfGtlq+VwASOO5IU6iUPtuaev5N1n71X+8c7UuxSh2lEc5urDPQj8KRz:F++iCNO8cccyK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ff9b1fc7b6df8f70a32e527110bf03952357dfaeee8c9035fa13909b7ed8143

Files

7ff9b1fc7b6df8f70a32e527110bf03952357dfaeee8c9035fa13909b7ed8143
.exe windows x64

78e857bf25931442926a08c33358fa7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindClose
LoadLibraryW
TerminateProcess
GetCurrentProcess
GetACP
VirtualFree
FormatMessageA
RtlCaptureContext
FreeLibrary
GetSystemDirectoryA
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetProcAddress
GetLastError
WriteFile
GetFileType
GetStdHandle
SetConsoleOutputCP
GetConsoleOutputCP
WideCharToMultiByte
CloseHandle
FindNextFileW
FindFirstFileW
GetEnvironmentVariableW
GetCommandLineW
MultiByteToWideChar
GetFileAttributesW
RtlLookupFunctionEntry
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryA
QueryPerformanceCounter

vcruntime140

__current_exception
strchr
memcmp
__current_exception_context
strrchr
memcpy
memchr
strstr
memmove
memset
wcsstr
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
strerror_s
_cexit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_seh_filter_exe
_initialize_narrow_environment
_errno
_c_exit
_get_initial_narrow_environment
_initterm
_initterm_e
signal
_set_app_type
exit
_exit
raise
__p___argv
__p___argc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vswprintf
__stdio_common_vsprintf
fputs
fclose
__acrt_iob_func
ferror
fflush
fgets
_fileno
fread
fseek
ftell
fwrite
setvbuf
_setmode
_set_fmode
__stdio_common_vsprintf_s
__p__commode
fopen
__stdio_common_vsscanf
_wfopen
feof

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

realloc
calloc
malloc
free
_set_new_mode

ws2_32

inet_addr
inet_ntoa
htons
htonl
gethostbyaddr
WSACleanup
WSAStartup
gethostbyname
select
ntohs
getsockopt
ioctlsocket
getservbyport
getservbyname
WSASetLastError
recv
shutdown
socket
setsockopt
send
connect
closesocket
WSAGetLastError

advapi32

DeregisterEventSource
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegisterEventSourceW

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

api-ms-win-crt-string-l1-1-0

strncpy_s
strcmp
strncpy
strcat_s
strcpy_s
isspace
_strdup
strspn
strcspn
isdigit
strncmp
tolower

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 698KB - Virtual size: 697KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78e857bf25931442926a08c33358fa7c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

ws2_32

advapi32

user32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 698KB - Virtual size: 697KB

.data Size: 15KB - Virtual size: 57KB

.pdata Size: 89KB - Virtual size: 88KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 698KB - Virtual size: 697KB

.data
Size: 15KB - Virtual size: 57KB

.pdata
Size: 89KB - Virtual size: 88KB

.reloc
Size: 33KB - Virtual size: 33KB