e0d8b6750bf0b42dfeafc8fd6883a15d45148af80dec643a5b07de9484399763

Sharing

Copy URL Twitter E-mail

General

Target

e0d8b6750bf0b42dfeafc8fd6883a15d45148af80dec643a5b07de9484399763
Size

3.3MB
MD5

c1e2dc6adf555e5d06a0d828ef4c3603
SHA1

ab81b9ea8ba5cf159ee8455263e11f83145408ed
SHA256

e0d8b6750bf0b42dfeafc8fd6883a15d45148af80dec643a5b07de9484399763
SHA512

c2aa3d157f9acf3494998c1a461f85d57975c62f18be846c37a9573ae3806ddcb0632fe1da0ce685a8be72902d10b83b585a994ccc1f3998b6a2d35ffaae5fb4
SSDEEP

49152:IfGtlq+VwASOO5IU6iUvtuaev5N1n71X+8c7UuxSh2lEc5u0DPQj8KRz:0++yCNO8cccnK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0d8b6750bf0b42dfeafc8fd6883a15d45148af80dec643a5b07de9484399763

Files

e0d8b6750bf0b42dfeafc8fd6883a15d45148af80dec643a5b07de9484399763
.exe windows x64

78e857bf25931442926a08c33358fa7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindClose
LoadLibraryW
TerminateProcess
GetCurrentProcess
GetACP
VirtualFree
FormatMessageA
RtlCaptureContext
FreeLibrary
GetSystemDirectoryA
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetProcAddress
GetLastError
WriteFile
GetFileType
GetStdHandle
SetConsoleOutputCP
GetConsoleOutputCP
WideCharToMultiByte
CloseHandle
FindNextFileW
FindFirstFileW
GetEnvironmentVariableW
GetCommandLineW
MultiByteToWideChar
GetFileAttributesW
RtlLookupFunctionEntry
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryA
QueryPerformanceCounter

vcruntime140

__current_exception
strchr
memcmp
__current_exception_context
strrchr
memcpy
memchr
strstr
memmove
memset
wcsstr
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
strerror_s
_cexit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_seh_filter_exe
_initialize_narrow_environment
_errno
_c_exit
_get_initial_narrow_environment
_initterm
_initterm_e
signal
_set_app_type
exit
_exit
raise
__p___argv
__p___argc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vswprintf
__stdio_common_vsprintf
fputs
fclose
__acrt_iob_func
ferror
fflush
fgets
_fileno
fread
fseek
ftell
fwrite
setvbuf
_setmode
_set_fmode
__stdio_common_vsprintf_s
__p__commode
fopen
__stdio_common_vsscanf
_wfopen
feof

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

realloc
calloc
malloc
free
_set_new_mode

ws2_32

inet_addr
inet_ntoa
htons
htonl
gethostbyaddr
WSACleanup
WSAStartup
gethostbyname
select
ntohs
getsockopt
ioctlsocket
getservbyport
getservbyname
WSASetLastError
recv
shutdown
socket
setsockopt
send
connect
closesocket
WSAGetLastError

advapi32

DeregisterEventSource
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegisterEventSourceW

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

api-ms-win-crt-string-l1-1-0

strncpy_s
strcmp
strncpy
strcat_s
strcpy_s
isspace
_strdup
strspn
strcspn
isdigit
strncmp
tolower

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 698KB - Virtual size: 697KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78e857bf25931442926a08c33358fa7c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

ws2_32

advapi32

user32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 698KB - Virtual size: 697KB

.data Size: 15KB - Virtual size: 57KB

.pdata Size: 89KB - Virtual size: 88KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 698KB - Virtual size: 697KB

.data
Size: 15KB - Virtual size: 57KB

.pdata
Size: 89KB - Virtual size: 88KB

.reloc
Size: 33KB - Virtual size: 33KB