97fdeea0885e7b7d7b9025847000e042dbc782fcf283c3f91b649524e830af1d

Sharing

Copy URL Twitter E-mail

General

Target

97fdeea0885e7b7d7b9025847000e042dbc782fcf283c3f91b649524e830af1d
Size

3.4MB
MD5

0f8da56373595e0a4b4b225db60ab68d
SHA1

6bf0254cb51409de5298f3737f954e0c7bde45c2
SHA256

97fdeea0885e7b7d7b9025847000e042dbc782fcf283c3f91b649524e830af1d
SHA512

337480ef47fdc13e98e548516978ea41450aba1b9e81f00f860d9beee8ef4abb456cb57ce3b6cb0af2a459ebe09f3903da0e75aaf76f3464cf04a3686b43edfb
SSDEEP

49152:YrudUPNmJIzyL4cZYbY5bhgau3m1BFVKwlaN09iGyRbTgS8zpX0ERxMXIU6ivTl:QOHauhN+JNO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97fdeea0885e7b7d7b9025847000e042dbc782fcf283c3f91b649524e830af1d

Files

97fdeea0885e7b7d7b9025847000e042dbc782fcf283c3f91b649524e830af1d
.exe windows x64

90df0a612ce66fce64e0bfab4f75f4ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

ntdll

NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
VerSetConditionMask

kernel32

MoveFileExA
GetTickCount
FreeLibrary
GetSystemDirectoryA
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
WakeConditionVariable
GetCurrentThread
WaitForSingleObject
WriteConsoleW
GetEnvironmentVariableA
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
ReadFile
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetSystemInfo
HeapFree
MultiByteToWideChar
GetProcessHeap
CreateMutexA
HeapAlloc
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
SetLastError
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
SwitchToThread
PostQueuedCompletionStatus
WakeAllConditionVariable
SetConsoleMode
GetProcAddress
GetModuleHandleW
SetHandleInformation
GetFileInformationByHandleEx
GetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetConsoleMode
ReleaseSRWLockShared
GetStdHandle
HeapReAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
SleepConditionVariableSRW
GetCommandLineW
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLastError
SetFileInformationByHandle
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
ExitProcess
Sleep
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FormatMessageW
TerminateProcess
GetModuleFileNameW
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetFullPathNameW
CreateFileW
GetFileInformationByHandle
ReadConsoleW

crypt32

CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateChain
CertGetEnhancedKeyUsage
CertOpenStore
CryptQueryObject
CertCreateCertificateChainEngine

ws2_32

getsockname
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
setsockopt
bind
recv
send
WSASend
socket
ioctlsocket
shutdown
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
getsockopt
WSAIoctl
connect
closesocket
WSAGetLastError
getpeername
htons
ntohs
WSASetLastError
__WSAFDIsSet
select
accept
htonl
listen
WSASocketW

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
ApplyControlToken
AcquireCredentialsHandleA
QueryContextAttributesW

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegCloseKey
SystemFunction036
CryptGenRandom
RegQueryValueExW
RegOpenKeyExW

vcruntime140

memcmp
memset
_CxxThrowException
__current_exception
strchr
strrchr
__C_specific_handler
memchr
memmove
memcpy
__CxxFrameHandler3
__current_exception_context
strstr

api-ms-win-crt-string-l1-1-0

strcmp
_strdup
isupper
strpbrk
wcslen
tolower
strcpy
strcspn
strncmp
strspn
strncpy
strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr
trunc

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
calloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_cexit
__p___argc
__sys_nerr
_c_exit
_register_thread_local_exe_atexit_callback
_exit
exit
__sys_errlist
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
terminate
_errno
_crt_atexit
_configure_narrow_argv
_initterm_e
_seh_filter_exe
_set_app_type
__p___argv

api-ms-win-crt-convert-l1-1-0

wcstombs
strtol
strtoll
strtoul
atoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fputc
ftell
feof
__stdio_common_vsscanf
fputs
fclose
_read
fflush
_close
fwrite
_open
_set_fmode
fseek
fgets
_lseeki64
fread
_write
__acrt_iob_func
fopen
__p__commode

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_time64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_unlink
_access
_fstat64
_stat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90df0a612ce66fce64e0bfab4f75f4ae

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

ntdll

kernel32

crypt32

ws2_32

secur32

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 118KB - Virtual size: 118KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 118KB - Virtual size: 118KB

.reloc
Size: 14KB - Virtual size: 14KB