989e825d71e420798475daa6ec04ab034b374cddc40f545fc890aebcaca5e209

Sharing

Copy URL

Twitter E-mail

General

Target

989e825d71e420798475daa6ec04ab034b374cddc40f545fc890aebcaca5e209
Size

2.4MB
MD5

54ea77ebc21e4fc401686adcdcaabe32
SHA1

04530f437dd837c40a3bb9b4972c0f00f3157294
SHA256

989e825d71e420798475daa6ec04ab034b374cddc40f545fc890aebcaca5e209
SHA512

e46a43e98c2af7fb12b0a98a91a93c255c95350073bbfe3da5013930873b14d5e694a2e15653d5cb1d4701b92db15c6ebec554c384e6a9338e6c5e33d6be24c7
SSDEEP

24576:aT1B+2tN6+K6viH6bly3lvwzbjTFiiQbEvmbaPeWAkhlc2FfF435r1S6/AkLGwbx:afs5bEvTZlcX5JV/Aknddp7s42IU6i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
989e825d71e420798475daa6ec04ab034b374cddc40f545fc890aebcaca5e209

Files

989e825d71e420798475daa6ec04ab034b374cddc40f545fc890aebcaca5e209
.exe windows x86

3f69a7f3a2e9f7ab1022cee6ca0356ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateIoCompletionPort
SetFileCompletionNotificationModes
TryAcquireSRWLockExclusive
GetConsoleMode
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetModuleHandleA
GetProcAddress
GetCurrentThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
SetConsoleMode
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
GetFileType
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
SetConsoleTextAttribute
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
SetHandleInformation
WakeConditionVariable
CreateThread
SetFilePointerEx
UnhandledExceptionFilter
GetModuleFileNameW
SetLastError
SetConsoleCtrlHandler
GetCommandLineW
GetStdHandle
CreateFileW
WakeAllConditionVariable
GetQueuedCompletionStatusEx
SleepConditionVariableSRW
GetSystemInfo
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TlsSetValue
TlsGetValue
MoveFileExW
SetFileInformationByHandle
DuplicateHandle
GetCurrentProcess
GetFileInformationByHandleEx
CopyFileExW
SetUnhandledExceptionFilter
GetLastError
FindFirstFileW
PostQueuedCompletionStatus
FindClose
CloseHandle
GetCurrentProcessId
SwitchToThread
HeapReAlloc
IsProcessorFeaturePresent
HeapFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetConsoleScreenBufferInfo
HeapAlloc
GetCurrentDirectoryW
GetProcessHeap
TerminateProcess

ws2_32

WSACleanup
WSAStartup
recv
getaddrinfo
WSASend
shutdown
freeaddrinfo
getsockname
WSAIoctl
accept
ioctlsocket
listen
bind
setsockopt
WSASocketW
closesocket
WSAGetLastError
send

iphlpapi

GetAdaptersAddresses

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile
NtCreateFile
NtReadFile

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

vcruntime140

memcmp
__current_exception_context
_except_handler4_common
__CxxFrameHandler3
memset
memmove
memcpy
__current_exception

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initterm
_initterm_e
_seh_filter_exe
_register_onexit_function
_crt_atexit
_controlfp_s
exit
__p___argv
terminate
_exit
__p___argc
_initialize_onexit_table
_cexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 650KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f69a7f3a2e9f7ab1022cee6ca0356ef

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

iphlpapi

ntdll

bcrypt

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 650KB - Virtual size: 649KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 73KB - Virtual size: 73KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 650KB - Virtual size: 649KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 73KB - Virtual size: 73KB