9cf9a305b17e275a962959399e17a96c0e2ace16a411fb36d75d5b0b535fdffa

Sharing

Copy URL Twitter E-mail

General

Target

9cf9a305b17e275a962959399e17a96c0e2ace16a411fb36d75d5b0b535fdffa
Size

1.4MB
MD5

9ac29768a24e6467989a353ae340818a
SHA1

a5b4df2d9d969ab460cc5baf070f1562ad9a8967
SHA256

9cf9a305b17e275a962959399e17a96c0e2ace16a411fb36d75d5b0b535fdffa
SHA512

77c60b4cd351eaec875de3afcebedeeda6a5bd7bb9419c3f83b7517c9aed6dabbd58e54ab078ccdc11b94b1e1793df3af1d559db1f5487ff2b5f4faf55a08b0f
SSDEEP

24576:OFxfjtlJy7A0+hRfMtuj7ooc5MHJTSF9wdHUnsE2RZUYdPn6zs1y4Fo:WxbtlJyEXMtwSqTDdHUnqRZNdPn6zTYo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9cf9a305b17e275a962959399e17a96c0e2ace16a411fb36d75d5b0b535fdffa

Files

9cf9a305b17e275a962959399e17a96c0e2ace16a411fb36d75d5b0b535fdffa
.exe windows x64

2aa126e30620ee5d04351c79036118ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSACleanup
WSAGetLastError
recv
send
WSASetLastError
closesocket

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsProcessorFeaturePresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
OutputDebugStringW
IsDebuggerPresent
TerminateProcess
GetModuleHandleW
InitializeSListHead
CreateDirectoryW
SizeofResource
QueryDosDeviceW
HeapFree
InitializeCriticalSectionEx
K32GetProcessImageFileNameW
OpenProcess
HeapSize
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
MultiByteToWideChar
GetLastError
Process32NextW
LockResource
Process32FirstW
HeapReAlloc
CloseHandle
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
Module32FirstW
HeapDestroy
DeleteCriticalSection
ReadProcessMemory
GetProcessHeap
WideCharToMultiByte
Module32NextW
GetModuleHandleExA
GetStdHandle
GetFileType
WriteFile
GetModuleHandleA
GetProcAddress
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
ConvertFiberToThread
FreeLibrary
LoadLibraryA
FindClose
FindFirstFileA
FindNextFileA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
wsprintfW

advapi32

DeregisterEventSource
ReportEventA
RegisterEventSourceA

shell32

SHGetFolderPathW

msvcp140

?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z

shlwapi

PathIsDirectoryW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__current_exception_context
_CxxThrowException
__C_specific_handler
memchr
strstr
memmove
memcmp
strrchr
wcsstr
__std_exception_destroy
__std_exception_copy
__std_terminate
memcpy
memset
strchr

api-ms-win-crt-stdio-l1-1-0

fputs
__stdio_common_vsscanf
__stdio_common_vswprintf_s
fread
fopen
_wfopen
__acrt_iob_func
_setmode
_set_fmode
_fileno
fgets
fflush
ferror
feof
fclose
__p__commode
fseek
__stdio_common_vsprintf_s
_fsopen
__stdio_common_vfprintf_s
fopen_s
__stdio_common_vfprintf
__stdio_common_vsprintf
ftell
fwrite
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

strspn
strncmp
isspace
strcspn
_wcsnicmp
_stricmp
wmemcpy_s
strcmp
_strnicmp
strncpy

api-ms-win-crt-filesystem-l1-1-0

_findclose
_findfirst64i32
_findnext64i32
_stat64i32

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
terminate
__p___argv
__p___argc
exit
raise
_c_exit
_errno
_exit
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_get_initial_narrow_environment
strerror_s
_set_app_type
_seh_filter_exe
_cexit
signal
_invalid_parameter_noinfo
system
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
free
malloc
_callnewh

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtoul

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 844KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2aa126e30620ee5d04351c79036118ab

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

msvcp140

shlwapi

version

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 844KB - Virtual size: 844KB

.rdata Size: 470KB - Virtual size: 469KB

.data Size: 6KB - Virtual size: 20KB

.pdata Size: 42KB - Virtual size: 41KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 844KB - Virtual size: 844KB

.rdata
Size: 470KB - Virtual size: 469KB

.data
Size: 6KB - Virtual size: 20KB

.pdata
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 18KB - Virtual size: 18KB