04ac676dbfb9bd99aeeac234267f84792af5be076ec0ee40021fcf92bbee5a16

Sharing

Copy URL Twitter E-mail

General

Target

04ac676dbfb9bd99aeeac234267f84792af5be076ec0ee40021fcf92bbee5a16
Size

1.2MB
MD5

4dc9c52127663d7f6c5c7b4d44ab94ca
SHA1

931dc93c3d5c72b5ae3b326c9c73a73b3ccada5e
SHA256

04ac676dbfb9bd99aeeac234267f84792af5be076ec0ee40021fcf92bbee5a16
SHA512

e8172abc13e4c4e01cdf38eb8f149d209a012545e68518cd197da3676590411166ed2d1d92ae82d0cf289a341b26f1f1fda549fa6f8c2761846add188f309ec0
SSDEEP

24576:JPb/2XSQ3z4n+t4CoT264UxPrnuVC5ucYw5XbTO:wXSQ3z4tCN5SPrnwC5ucYa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ac676dbfb9bd99aeeac234267f84792af5be076ec0ee40021fcf92bbee5a16

Files

04ac676dbfb9bd99aeeac234267f84792af5be076ec0ee40021fcf92bbee5a16
.exe windows x64

7dd026bfc95be1e87953b4c632cbfb31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFileExistsW
PathRemoveExtensionW
PathRemoveBlanksW

kernel32

UnhandledExceptionFilter
GetCurrentProcess
GetCurrentThread
CloseHandle
IsDebuggerPresent
SizeofResource
WriteProcessMemory
SetPriorityClass
WriteFile
GetShortPathNameW
GetModuleFileNameW
SetThreadPriority
GetEnvironmentVariableW
WaitForSingleObject
CreateFileW
RtlVirtualUnwind
ResumeThread
Sleep
lstrcatW
LoadLibraryW
LoadResource
FindResourceW
VirtualAllocEx
CreateProcessW
lstrcpyW
CreateRemoteThread
VirtualProtect
K32GetModuleInformation
GetProcAddress
CreateFileMappingW
MapViewOfFile
RtlLookupFunctionEntry
GetSystemDirectoryW
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleExW
FreeLibrary
ExitProcess
GetModuleHandleW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RtlCaptureContext

user32

MessageBoxW

shell32

ShellExecuteW

msvcrt

__argc
__argv
?_set_new_mode@@YAHH@Z
_commode
_msize
?terminate@@YAXXZ
realloc
__getmainargs
__set_app_type
_XcptFilter
_errno
free
_initterm
malloc
memset
__C_specific_handler
_fmode
_environ
memcpy
_amsg_exit
__CxxFrameHandler

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 769KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 529KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dd026bfc95be1e87953b4c632cbfb31

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

msvcrt

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 769KB

.pdata Size: 1024B - Virtual size: 1008B

.gfids Size: 512B - Virtual size: 28B

.gehcont Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 529KB - Virtual size: 528KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 769KB

.pdata
Size: 1024B - Virtual size: 1008B

.gfids
Size: 512B - Virtual size: 28B

.gehcont
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 529KB - Virtual size: 528KB

.reloc
Size: 512B - Virtual size: 56B