f74dfe035f6d958a01100fe1e2d767ba507652c875088b15708a90faee6cede3

Sharing

Copy URL Twitter E-mail

General

Target

f74dfe035f6d958a01100fe1e2d767ba507652c875088b15708a90faee6cede3
Size

387KB
MD5

6ea23fb9c9ffd858c9e0112f9880df3c
SHA1

871fb6d387131fdd87ae705d4213cfd166a80b0e
SHA256

f74dfe035f6d958a01100fe1e2d767ba507652c875088b15708a90faee6cede3
SHA512

d1f704fcaaa786c36e8d35d671142796bc91cfb0f26ccc8c9c9f0ce75f280619af370c828a07ccdf53486bf7f77e85514559330a0952f569bc496bcfb3376bc9
SSDEEP

6144:yoeg636uQl5TFhIUqspnaX3ZV+BV2zj81Pr5yGohRcgfyG4wke1gnA:y3gs6uQl5hhID4V2zY5VoIpOke1i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f74dfe035f6d958a01100fe1e2d767ba507652c875088b15708a90faee6cede3

Files

f74dfe035f6d958a01100fe1e2d767ba507652c875088b15708a90faee6cede3
.exe windows x86

182d975a852cd48010db600e0da5bbad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateDirectoryW
ReadFile
FindFirstFileW
FindNextFileW
WriteFile
TerminateProcess
WaitForMultipleObjects
FindClose
CreateMutexA
CreateFileW
GetCurrentDirectoryA
UnmapViewOfFile
OpenProcess
CreateToolhelp32Snapshot
GetExitCodeThread
Process32NextW
Sleep
TerminateThread
DeleteFileW
Process32FirstW
GetSystemInfo
CreateThread
GetProcAddress
CreateFileMappingA
GetFileSize
GetComputerNameW
GlobalMemoryStatusEx
CreateProcessW
MapViewOfFile
GetTickCount
GetExitCodeProcess
LocalFree
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetModuleHandleW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetCurrentProcessId
CloseHandle
CreateFileA
GetCurrentThreadId
GetCurrentProcess

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoUninitialize

oleaut32

VariantClear

libcrypto-1_1

SHA512_Init
MD5_Update
SHA256_Update
X509_get_ext_d2i
ASN1_STRING_length
MD5_Final
X509_free
BIO_new_socket
SHA256_Final
ASN1_STRING_get0_data
OPENSSL_sk_value
GENERAL_NAMES_free
SHA256_Init
SHA512_Update
X509_get_subject_name
SHA512_Final
OPENSSL_sk_num
X509_STORE_add_cert
d2i_X509
MD5_Init
X509_NAME_get_text_by_NID
X509_STORE_free
BIO_ctrl

libssl-1_1

SSL_get_error
SSL_CTX_use_certificate_file
SSL_connect
OPENSSL_init_ssl
SSL_free
SSL_shutdown
SSL_CTX_load_verify_locations
SSL_CTX_get_cert_store
SSL_set_verify
SSL_get_peer_certificate
SSL_new
SSL_CTX_free
SSL_CTX_set_cert_store
SSL_pending
SSL_CTX_use_PrivateKey_file
SSL_CTX_new
SSL_write
SSL_get_verify_result
TLS_client_method
SSL_ctrl
SSL_set_bio
SSL_read

msvcp140

??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??0facet@locale@std@@IAE@I@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
_Mtx_unlock
_Thrd_id
_Thrd_sleep
_Strcoll
_Mtx_init_in_situ
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
_Mtx_lock
?__ExceptionPtrDestroy@@YAXPAX@Z
_Mtx_destroy_in_situ
?__ExceptionPtrToBool@@YA_NPBX@Z
?id@?$collate@D@std@@2V0locale@2@A
?_XGetLastError@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_Strxfrm
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
??1_Facet_base@std@@UAE@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
_Xtime_get_ticks
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
??_7_Facet_base@std@@6B@
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??_7facet@locale@std@@6B@
??1facet@locale@std@@MAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ

dbghelp

MiniDumpWriteDump

ws2_32

WSACleanup
__WSAFDIsSet
getaddrinfo
select
closesocket
getnameinfo
send
WSASocketW
inet_pton
WSAStartup
getpeername
shutdown
ntohs
WSAGetLastError
setsockopt
ioctlsocket
freeaddrinfo
recv
connect
socket
getsockopt

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

crypt32

CertOpenSystemStoreW
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext

vcruntime140

__CxxFrameHandler3
__std_exception_destroy
strchr
memcpy
_CxxThrowException
memset
_purecall
memchr
memmove
_except_handler4_common
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
__p___argv
_set_app_type
terminate
_controlfp_s
_seh_filter_exe
__p___argc
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
system
_c_exit
_initialize_onexit_table
exit
_cexit
_errno
_exit
_crt_atexit
_initterm_e
_register_onexit_function
_initterm
_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fputc
_fseeki64
fflush
fclose
fread
fsetpos
__stdio_common_vsprintf
_pclose
fgetc
fgets
__stdio_common_vfprintf
__acrt_iob_func
feof
getchar
fwrite
__p__commode
fgetpos
setvbuf
ungetc
_popen
_set_fmode

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-convert-l1-1-0

strtoull
strtol
strtoul
wcstombs_s
atoi

api-ms-win-crt-math-l1-1-0

_except1
_dtest
modf
_finite
_isnan
__setusermatherr

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_callnewh
_set_new_mode

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-string-l1-1-0

tolower
_stricmp
strncmp
strcpy_s
strcat_s
isdigit

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64
_localtime64

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

182d975a852cd48010db600e0da5bbad

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

libcrypto-1_1

libssl-1_1

msvcp140

dbghelp

ws2_32

iphlpapi

crypt32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 16KB - Virtual size: 16KB