3088ea566fdaa8f8160436a4c6c4d0279c77c550553f398992f9b871d3d0dbec

Sharing

Copy URL Twitter E-mail

General

Target

3088ea566fdaa8f8160436a4c6c4d0279c77c550553f398992f9b871d3d0dbec
Size

678KB
MD5

93a5580f0baf846f268e873a6fbc8cb5
SHA1

51f3d72c68376d4649c43496947260e7c618027c
SHA256

3088ea566fdaa8f8160436a4c6c4d0279c77c550553f398992f9b871d3d0dbec
SHA512

3ea2bf012aab8ab95d763fbd242a7715b44e22852463dc52dc06db7ac0bdbea7406aa0216856357e25108b18fb23de27fc9cd401280e7e975122a669ca069733
SSDEEP

12288:NShcRAaVDaDisCLeXFTJmMyz1bMI2iIlhSMXlFTvB:sh+AUm2QVTJmvFR2iIlhSMXltB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3088ea566fdaa8f8160436a4c6c4d0279c77c550553f398992f9b871d3d0dbec

Files

3088ea566fdaa8f8160436a4c6c4d0279c77c550553f398992f9b871d3d0dbec
.exe windows x64

c7e07f3f242d6bb71426e9f0ba8ef18f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSEnumerateProcessesW
WTSQueryUserToken
WTSFreeMemory

userenv

DestroyEnvironmentBlock
GetAppContainerFolderPath
DeleteAppContainerProfile
CreateEnvironmentBlock
CreateAppContainerProfile

kernel32

DeleteProcThreadAttributeList
UpdateProcThreadAttribute
GetModuleHandleW
GetProcAddress
LocalFree
InitializeProcThreadAttributeList
SetLastError
SleepEx
GetTickCount64
GetStringTypeW
CreateProcessW
GetProcessHeap
HeapFree
HeapAlloc
GetExitCodeProcess
GetCurrentProcessId
GetCurrentDirectoryW
CloseHandle
GetLastError
OpenProcess
GetFileAttributesW
WaitForSingleObject
GetProcessId
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
FlushFileBuffers
GetConsoleOutputCP
HeapSize
HeapReAlloc
GetCurrentProcess
WriteConsoleW
ReadConsoleW
DeviceIoControl
GetFinalPathNameByHandleW
GetModuleFileNameW
CreateFileW
GetFullPathNameW
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadFile
GetFileInformationByHandleEx
WriteFile
DeleteFileW
MoveFileExW
SetFilePointerEx
ExpandEnvironmentStringsW
MultiByteToWideChar
FormatMessageW
GetStdHandle
SetConsoleMode
GetConsoleMode
SetEndOfFile
GetFileType
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
SetStdHandle
GetCPInfo
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
LookupPrivilegeValueW
GetTokenInformation
AdjustTokenPrivileges
SetThreadToken
ConvertStringSidToSidW
SetTokenInformation
GetLengthSid
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
ConvertSidToStringSidW
IsWellKnownSid
CreateWellKnownSid
CopySid
AllocateAndInitializeSid
FreeSid
CheckTokenMembership

shell32

ShellExecuteExW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

Sections

.text
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7e07f3f242d6bb71426e9f0ba8ef18f

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

userenv

kernel32

advapi32

shell32

ole32

Sections

.text Size: 348KB - Virtual size: 347KB

.rdata Size: 246KB - Virtual size: 245KB

.data Size: 5KB - Virtual size: 9KB

.pdata Size: 15KB - Virtual size: 14KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 348KB - Virtual size: 347KB

.rdata
Size: 246KB - Virtual size: 245KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 15KB - Virtual size: 14KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 2KB - Virtual size: 2KB