554d0295dff018657f5edae9a9d10add89c42f1a38e583e75b4af3fb8d17927c

Sharing

Copy URL Twitter E-mail

General

Target

554d0295dff018657f5edae9a9d10add89c42f1a38e583e75b4af3fb8d17927c
Size

235KB
MD5

a2d67920e3fd495949481b8404d4e707
SHA1

23232d0224bafc5f10501c8c003fd6f09cd5e9f7
SHA256

554d0295dff018657f5edae9a9d10add89c42f1a38e583e75b4af3fb8d17927c
SHA512

99b1f011edce29943438a09c3ccaf6aa47489834ff5499e5a83e1a5638b7d31baa9537555cc57c9a54bece3df724aed43bfe171fa9d639838afaabe30fad25e6
SSDEEP

3072:2souRJ1/YJSidSqgyADHh2VNsLJYF8bDM6+FEhVTFdUgssHxBxbxczL6WAGDpQ:/P18nd5vW2VNwXcwUHsRpcz7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
554d0295dff018657f5edae9a9d10add89c42f1a38e583e75b4af3fb8d17927c

Files

554d0295dff018657f5edae9a9d10add89c42f1a38e583e75b4af3fb8d17927c
.exe windows x64

b3c2592fed7afe45ceb314e0ceb9bc64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentThread
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExA
VirtualQuery
GetModuleHandleA
GlobalMemoryStatus
LocalFree
FileTimeToDosDateTime
FormatMessageA
lstrcpynA
lstrcpyA
IsBadStringPtrA
GetStdHandle
GetProcAddress
GlobalAlloc
GlobalFree
SetFilePointer
SetConsoleCtrlHandler
WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetFileTime
GetFileSize
FileTimeToLocalFileTime
CreateFileA
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
CopyFileW
WritePrivateProfileStringW
GetModuleFileNameW
OpenProcess
CreateProcessW
TerminateProcess
Sleep
CreateEventA
WaitForSingleObject
SetEvent
GetLastError
CloseHandle
WriteFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
CreateFileW
AllocConsole
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
CompareStringW
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetStdHandle
GetFileType
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc

user32

DestroyWindow
wsprintfA
DefWindowProcA
RegisterClassA
CreateWindowExA

advapi32

RegSetValueExA
CopySid
GetLengthSid
StartServiceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
ChangeServiceConfig2A
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey
LookupAccountNameA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
IsValidSid

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen

shlwapi

PathRemoveFileSpecW
PathFileExistsW

btsserver

?Server_Exit@@YAHXZ
?Server_Init@@YAHPEBUSTRUCT_CONFIG@@@Z

dbghelp

SymGetTypeInfo
SymSetContext
SymEnumSymbols
StackWalk64
SymInitialize
SymGetLineFromAddr64
SymGetModuleBase64
SymFunctionTableAccess64
SymSetOptions
SymCleanup
SymFromAddr

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3c2592fed7afe45ceb314e0ceb9bc64

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

btsserver

dbghelp

version

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 8KB - Virtual size: 7KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 8KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 24KB - Virtual size: 24KB