6d1f31cbb07240ff1fe912f859769d222f9db9fe542859d98a929b2c0ed4a0b7

Sharing

Copy URL Twitter E-mail

General

Target

6d1f31cbb07240ff1fe912f859769d222f9db9fe542859d98a929b2c0ed4a0b7
Size

3.2MB
MD5

ba32bf28944344a0d2e64937fda81879
SHA1

0d6eb82d653d4ba705379317b92c86115c3bc638
SHA256

6d1f31cbb07240ff1fe912f859769d222f9db9fe542859d98a929b2c0ed4a0b7
SHA512

f657233610a26030e6ce8cacf71b470e5100322602143d2ecfa0def59771652fbdd220ffeabc6e657d380f1ff3cf1e2f18ccdb50d083ecf7c7efd9f14bbcc126
SSDEEP

49152:BDg/9tgiAzs19KpUwEB1GNaJb2GDWCu0iTHBBBBBUWUBBBB9GJ:NZ5AgVBBBBBUWUBBBB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d1f31cbb07240ff1fe912f859769d222f9db9fe542859d98a929b2c0ed4a0b7

Files

6d1f31cbb07240ff1fe912f859769d222f9db9fe542859d98a929b2c0ed4a0b7
.exe windows x64

c3836920da69904cc3a6068b477958ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wldap32

ord216
ord208
ord41
ord117
ord26
ord27
ord14
ord167
ord142
ord79
ord133
ord147
ord301
ord219
ord127
ord46
ord145

winmm

timeGetTime
timeBeginPeriod

ws2_32

gethostname
WSACleanup
WSASetLastError
WSAIoctl
WSAWaitForMultipleEvents
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
__WSAFDIsSet
WSAResetEvent
inet_addr
ntohl
accept
WSAGetLastError
setsockopt
ioctlsocket
sendto
bind
closesocket
freeaddrinfo
select
htons
listen
getaddrinfo
htonl
getsockopt
WSAStartup
getpeername
recv
recvfrom
getsockname
inet_ntoa
send
connect
ntohs
socket

kernel32

CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
LockResource
Process32FirstW
HeapReAlloc
CloseHandle
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
GetLocalTime
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
OpenFileMappingA
MapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
CreateMutexW
CreateDirectoryW
SetThreadAffinityMask
ReadFile
TryEnterCriticalSection
GetVolumeInformationW
CancelIo
FindFirstFileW
SetPriorityClass
EnterCriticalSection
FindNextFileW
WriteFile
GetModuleHandleExW
TerminateProcess
RemoveDirectoryW
GetModuleFileNameW
WaitForMultipleObjects
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
SetEndOfFile
PeekNamedPipe
GetTempPathW
FindClose
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
ReleaseMutex
GetSystemDirectoryW
ResumeThread
GetModuleHandleA
DisconnectNamedPipe
CreateEventW
FormatMessageW
GetFileAttributesExW
OutputDebugStringW
SetEvent
GetCurrentThread
TerminateThread
QueryPerformanceFrequency
DeleteFileW
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
GetLogicalDriveStringsW
LocalFree
ReplaceFileW
ExitProcess
GetModuleHandleW
FreeLibrary
CopyFileW
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
CompareStringOrdinal
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalFree
GlobalLock
GetCurrentProcessId
GlobalUnlock
GetTickCount
SleepEx
WaitForSingleObjectEx
GetStdHandle
GetFileType
GetEnvironmentVariableA
SetLastError
VerSetConditionMask
VerifyVersionInfoW
MoveFileExW
GetSystemTimeAsFileTime
EncodePointer
LCMapStringEx
HeapSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
GetStartupInfoW
InitializeSListHead
ReleaseSRWLockExclusive
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
OpenProcess
UnmapViewOfFile
K32GetProcessImageFileNameW
InitializeCriticalSectionEx
HeapFree
QueryDosDeviceW
GetProcAddress
SizeofResource
CreateFileW
InitializeSRWLock
AcquireSRWLockExclusive

user32

GetWindowRect
MapVirtualKeyW
GetMessagePos
GetUpdateRgn
GetMessageExtraInfo
GetSystemMenu
GetWindowLongW
MoveWindow
CallWindowProcW
EmptyClipboard
IsChild
CreateCaret
MapWindowPoints
TrackMouseEvent
GetForegroundWindow
UnhookWindowsHookEx
GetMessageTime
SetLayeredWindowAttributes
BringWindowToTop
GetClipboardData
LoadIconW
LoadCursorW
DestroyCaret
SetCapture
SetWindowsHookExW
SetClipboardData
ToUnicode
SetCursor
SetWindowLongW
GetClientRect
UpdateLayeredWindow
IsWindowVisible
ShowCaret
GetDesktopWindow
EnableMenuItem
SystemParametersInfoW
GetParent
ReleaseCapture
InvalidateRect
GetAncestor
SetCursorPos
GetCursorPos
BeginPaint
EndPaint
GetDC
ReleaseDC
GetMessageW
DefWindowProcW
PostMessageW
SendMessageTimeoutW
GetFocus
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
RegisterClassExW
DispatchMessageW
PeekMessageW
EnumWindows
SetFocus
TranslateMessage
GetWindowTextW
GetWindowThreadProcessId
AttachThreadInput
UnregisterClassW
SetWindowPos
MessageBoxW
MonitorFromWindow
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
SendMessageW
CallNextHookEx
EndDialog
SetWindowTextW
MessageBeep
WindowFromPoint
GetWindowPlacement
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow
ShowWindow
IsWindow
GetAsyncKeyState
OpenClipboard
GetCapture
RedrawWindow
DestroyIcon
GetWindowInfo
GetMonitorInfoW
CreateIconIndirect
DrawIconEx
CloseClipboard

gdi32

CreateDIBSection
StretchDIBits
CreateRectRgnIndirect
CreateRectRgn
SaveDC
GetObjectW
ExcludeClipRect
RestoreDC
GetRegionData
CreateBitmap
CombineRgn
SelectObject
GetKerningPairsW
CreateCompatibleDC
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
SetMapperFlags
GetGlyphIndicesW
GetGlyphOutlineW
DeleteObject
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW
GetOutlineTextMetricsW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptImportKey
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
AccessCheck
GetNamedSecurityInfoW
DuplicateToken
MapGenericMask
CryptEncrypt
LookupPrivilegeValueW
CryptDestroyKey
AdjustTokenPrivileges
OpenProcessToken
CryptDestroyHash

shell32

Shell_NotifyIconW
SHParseDisplayName
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHCreateShellItem
DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetKnownFolderPath
ExtractAssociatedIconW

ole32

CoInitializeEx
RegisterDragDrop
OleSetContainedObject
DoDragDrop
CoTaskMemFree
CoUninitialize
OleCreate
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoCreateInstance
RevokeDragDrop

oleaut32

SafeArrayUnaccessData
SafeArrayCreateVector
VariantInit
SysFreeString
VariantClear
SafeArrayDestroy
SysAllocString
SafeArrayAccessData
SafeArrayPutElement

shlwapi

PathFileExistsA
PathStripToRootW

wininet

InternetSetOptionW
InternetConnectW
InternetCrackUrlW
InternetCloseHandle
InternetSetFilePointer
HttpQueryInfoW
InternetOpenW
FtpOpenFileW
InternetWriteFile
HttpOpenRequestW
HttpSendRequestExW
InternetReadFile
HttpEndRequestW

imm32

ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmAssociateContextEx
ImmNotifyIME
ImmReleaseContext
ImmGetContext

dxgi

CreateDXGIFactory

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strrchr
_CxxThrowException
__std_terminate
__RTDynamicCast
memmove
memchr
memcmp
__intrinsic_setjmp
memset
memcpy
__RTtypeid
longjmp
__std_type_info_compare
strchr
strstr
_purecall
__std_exception_destroy
__std_exception_copy
__C_specific_handler
__current_exception
__current_exception_context
__uncaught_exception

api-ms-win-crt-string-l1-1-0

_wcsdup
tolower
wcspbrk
strncmp
strspn
strcmp
strncpy
isspace
_strdup
towupper
_wcsnicmp
iswalnum
strcspn
iswalpha
iswdigit
toupper
iswspace
wmemcpy_s
isalnum
towlower
__strncnt
isupper
strpbrk
strcpy_s
islower

api-ms-win-crt-runtime-l1-1-0

strerror
_fpreset
_getpid
__sys_nerr
_endthreadex
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_c_exit
_exit
exit
_beginthreadex
_invalid_parameter_noinfo
terminate
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
abort
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_errno

api-ms-win-crt-stdio-l1-1-0

_close
fgetc
_write
_read
_wfopen
__acrt_iob_func
fclose
fgetpos
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
_set_fmode
fwrite
fsetpos
fgets
__p__commode
__stdio_common_vsprintf
_open
_fileno
_fseeki64
_lseeki64
freopen_s
__stdio_common_vswprintf
setvbuf
fflush
__stdio_common_vfprintf
fread
feof
fputs
fputc
ungetc
__stdio_common_vsscanf
fseek
fopen
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wstat64
_access
_unlink
_stat64
_unlock_file
_fstat64
_lock_file

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_set_new_mode
_callnewh
realloc
free

api-ms-win-crt-convert-l1-1-0

strtoul
wcstombs
_atoi64
_strtod_l
strtoll
atoi
strtol

api-ms-win-crt-locale-l1-1-0

__pctype_func
setlocale
_configthreadlocale
___lc_codepage_func
_create_locale
_unlock_locales
localeconv
_lock_locales
___lc_locale_name_func
___mb_cur_max_func

api-ms-win-crt-math-l1-1-0

sin
floor
log
fmod
floorf
cosf
cos
ceilf
ceil
atan2f
atan2
__setusermatherr
_finite
frexp
_fdclass
_hypot
_hypotf
acos
pow
sinf
sqrt
sqrtf
tan
tanf
truncf
exp

api-ms-win-crt-time-l1-1-0

_localtime64_s
wcsftime
_ftime64_s
_time64
_gmtime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 603KB - Virtual size: 603KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3836920da69904cc3a6068b477958ed

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

winmm

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

imm32

dxgi

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 603KB - Virtual size: 603KB

.data Size: 58KB - Virtual size: 64KB

.pdata Size: 124KB - Virtual size: 123KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 603KB - Virtual size: 603KB

.data
Size: 58KB - Virtual size: 64KB

.pdata
Size: 124KB - Virtual size: 123KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 27KB