21707aad2d297c7a2188d254bc96ee467caefc7bc9177781db859b1b1cbffb5a

Sharing

Copy URL

Twitter E-mail

General

Target

21707aad2d297c7a2188d254bc96ee467caefc7bc9177781db859b1b1cbffb5a
Size

15.7MB
MD5

a1dd3a833ddb644fb8eaf53d9e6d603f
SHA1

df94328a3579108c9926246832c38654ade8a5ef
SHA256

21707aad2d297c7a2188d254bc96ee467caefc7bc9177781db859b1b1cbffb5a
SHA512

1ace25ae8ca09d82294b33805f9af6e7eb1bafd0a3ac0b5669b925624e5acf4c8686006491359863e32326657e0929f4d6bf56ffc3b0061e88b6cd19d844999d
SSDEEP

393216:SFRLr4jc66GEIF+Ape11wcFr7KPaS/7VU50uOEoW:Io5mApefFr7K5JU4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21707aad2d297c7a2188d254bc96ee467caefc7bc9177781db859b1b1cbffb5a

Files

21707aad2d297c7a2188d254bc96ee467caefc7bc9177781db859b1b1cbffb5a
.exe windows x86

24080c9d2186f82bdfda1def6400567e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsA
CreateDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemDirectoryA
GetTempPathA
MoveFileExA
TerminateProcess
lstrcmpA
Module32FirstW
Module32NextW
lstrcmpiW
GetVolumeInformationA
LocalFree
WTSGetActiveConsoleSessionId
GetVolumeInformationW
FindFirstFileW
FindNextFileW
SetErrorMode
FindClose
GetLogicalDriveStringsW
GetTickCount
lstrcmpW
GetFileAttributesExA
FindFirstFileA
OutputDebugStringA
DeviceIoControl
FindNextFileA
GetFullPathNameA
GetEnvironmentVariableA
GetLocalTime
RemoveDirectoryA
WaitForMultipleObjects
CreateMutexA
CreateProcessA
SizeofResource
FindResourceA
LockResource
LoadResource
GetFileAttributesW
GetStdHandle
GetFileInformationByHandle
GetCurrentDirectoryW
GetModuleHandleA
SetFileAttributesA
CopyFileA
GetDriveTypeA
MoveFileA
GetModuleFileNameA
TlsGetValue
SystemTimeToFileTime
TlsAlloc
FileTimeToSystemTime
FormatMessageW
Sleep
IsBadCodePtr
TlsSetValue
lstrcmpiA
CreateThread
TerminateThread
InitializeCriticalSection
LoadLibraryW
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
SetEndOfFile
WriteFile
GetFileAttributesA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetModuleHandleW
CreateFileA
SetFilePointer
ReadFile
IsBadReadPtr
FreeLibrary
GetProcAddress
GetNativeSystemInfo
LoadLibraryA
VirtualAlloc
VirtualFree
SetLastError
VirtualProtect
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetFileSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetDriveTypeW
CreatePipe
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
GetFileAttributesExW
SetFilePointerEx
GetConsoleCP
SetStdHandle
ExitThread
RtlUnwind
CreateTimerQueue
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
ConvertFiberToThread
GlobalMemoryStatus
DeleteFiber
GetModuleHandleExW
ReadConsoleW
OutputDebugStringW
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
CreateEventW
InitializeCriticalSectionAndSpinCount
EncodePointer
GetStringTypeW
ProcessIdToSessionId
QueryPerformanceCounter
GetModuleFileNameW
QueryPerformanceFrequency
CreateFileW
GetExitCodeProcess
WideCharToMultiByte
CloseHandle
Process32FirstW
Process32NextW
GetLastError
MultiByteToWideChar
GetNumberOfConsoleInputEvents
ReadConsoleInputW
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
SetConsoleMode
SetConsoleTextAttribute
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
WriteConsoleW
WriteConsoleInputW
ReadConsoleA
ResetEvent
ReleaseSemaphore
CreateSemaphoreA
TryEnterCriticalSection
InterlockedDecrement
GetComputerNameA
CheckRemoteDebuggerPresent
SearchPathA
InterlockedCompareExchange
InterlockedIncrement
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
FormatMessageA
LoadLibraryExW
ReadDirectoryChangesW
GetLongPathNameW
FlushFileBuffers
QueueUserWorkItem
GetConsoleMode
GetFileType
SetNamedPipeHandleState
UnregisterWait
CreateNamedPipeW
LocalAlloc
SwitchToThread
WaitNamedPipeW
ConnectNamedPipe
RegisterWaitForSingleObject
CreateEventA
PeekNamedPipe
SetHandleInformation
DuplicateHandle
GetStartupInfoW
GetEnvironmentVariableW
UnregisterWaitEx
InterlockedExchange
SetConsoleCtrlHandler
CancelIo
SetEvent

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
wsprintfW

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
LookupAccountNameW
GetUserNameW
ConvertSidToStringSidW
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
RegisterEventSourceW
ReportEventA
DeregisterEventSource
RegOpenKeyA
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
SetFileSecurityA
RegEnumKeyExA
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
CreateProcessAsUserA
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegFlushKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
CryptGenRandom

shell32

SHGetFolderPathA

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoGetObject
CoInitializeSecurity
CoInitialize
CoUninitialize

oleaut32

VariantChangeType
SysStringLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString
VariantInit

winhttp

WinHttpQueryDataAvailable
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpConnect

shlwapi

SHGetValueA
PathRemoveFileSpecA
StrCmpIW
SHSetValueA
PathFileExistsA
SHDeleteValueA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAGetLastError
WSASocketW
select
closesocket
WSAIoctl
setsockopt
ioctlsocket
FreeAddrInfoW
bind
htons
inet_addr
shutdown
getsockopt
socket
WSARecv
listen
WSASend
WSADuplicateSocketW
WSARecvFrom
WSAStartup
WSASetLastError
WSACleanup
send
recv

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 522KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mark
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7gZ
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24080c9d2186f82bdfda1def6400567e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

winhttp

shlwapi

version

ws2_32

crypt32

wtsapi32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 522KB - Virtual size: 521KB

.data Size: 4.3MB - Virtual size: 4.5MB

.mark Size: 1024B - Virtual size: 560B

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.7gZ Size: 580KB - Virtual size: 580KB

.reloc Size: 105KB - Virtual size: 104KB

.rsrc Size: 7.0MB - Virtual size: 7.0MB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 522KB - Virtual size: 521KB

.data
Size: 4.3MB - Virtual size: 4.5MB

.mark
Size: 1024B - Virtual size: 560B

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.7gZ
Size: 580KB - Virtual size: 580KB

.reloc
Size: 105KB - Virtual size: 104KB

.rsrc
Size: 7.0MB - Virtual size: 7.0MB