f713c368159e78bf9688010c5f8e8f176e992c8f633fc2cfa5fe14db9c21e05b

Sharing

Copy URL Twitter E-mail

General

Target

f713c368159e78bf9688010c5f8e8f176e992c8f633fc2cfa5fe14db9c21e05b
Size

1.3MB
MD5

52d72385635aa1995ee81ea08f0a1896
SHA1

1bc1e90713c5e0da40bca729713e79f05aa3001c
SHA256

f713c368159e78bf9688010c5f8e8f176e992c8f633fc2cfa5fe14db9c21e05b
SHA512

ea45357109791d4bb74feca083fbfcffbd6b6ada516822cc387248402b4d7479950456c496dc2540b96f642f0391ce5954e86bfc701793352b4b7859efb62b56
SSDEEP

24576:30racJISnlzMxcLY5T6O3Ckh3/N28jXOFbEvrdla26TzUab9:EfWSnlwKu6OSKN28aFbyrLa26Ue

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f713c368159e78bf9688010c5f8e8f176e992c8f633fc2cfa5fe14db9c21e05b

Files

f713c368159e78bf9688010c5f8e8f176e992c8f633fc2cfa5fe14db9c21e05b
.exe windows x64

f06682a0fd93d9b13405075d95981662

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

rpcrt4

RpcServerUseProtseqEpW
I_RpcBindingInqLocalClientPID
RpcServerRegisterIf3
RpcAsyncCompleteCall
RpcMgmtWaitServerListen
RpcServerListen
RpcEpUnregister
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings
RpcMgmtStopServerListening
RpcBindingVectorFree
Ndr64AsyncServerCallAll
NdrClientCall3
NdrAsyncServerCall
NdrServerCall2
RpcServerUnregisterIf
NdrServerCallAll

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateDirectoryW
SetEndOfFile
GetFileType
FlushFileBuffers
FindFirstFileW
CreateFileW
FindNextFileW
FindClose
GetFileAttributesW
ReadFileEx
GetFileSize
GetFileTime
ReadFile
SetFileTime
WriteFile
FindFirstFileExW
SetFilePointerEx
FileTimeToLocalFileTime

api-ms-win-core-localization-l1-2-0

GetCPInfo
GetLocaleInfoEx
LCMapStringEx
GetUserDefaultLCID
EnumSystemLocalesW
GetLocaleInfoW
LCMapStringW
IsValidCodePage
FormatMessageW
GetACP
IsValidLocale
GetOEMCP

api-ms-win-core-handle-l1-1-0

SetHandleInformation
CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleHandleExW

api-ms-win-shell-shdirectory-l1-1-0

ord290

crypt32

CertFindCertificateInStore
CryptMsgOpenToDecode
CryptFindOIDInfo
CertCloseStore
CertOpenStore
CryptQueryObject
CryptMsgGetParam
CryptDecodeObjectEx
CryptDecodeObject
CryptMsgUpdate
CertGetNameStringW
CryptMsgClose

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ResetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
InitializeCriticalSectionEx
TryEnterCriticalSection
TryAcquireSRWLockExclusive
InitializeSRWLock
CreateEventW
OpenEventW
DeleteCriticalSection
CreateMutexW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
CreateWellKnownSid
AllocateAndInitializeSid
DuplicateTokenEx
FreeSid
SetSecurityDescriptorDacl
SetTokenInformation
GetTokenInformation

oleaut32

VariantClear
SysFreeString
VariantInit
VarBstrCmp
VariantChangeType
SysAllocString

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryInfoKeyW
RegGetValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
GetCurrentThreadId
GetExitCodeProcess
TerminateThread
TlsGetValue
CreateProcessW
TlsFree
TerminateProcess
GetCurrentProcessId
CreateThread
GetCurrentProcess
CreateProcessAsUserW
TlsSetValue
ProcessIdToSessionId
ExitProcess
OpenProcessToken
GetStartupInfoW

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetStdHandle
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableW
FreeEnvironmentStringsW
SetStdHandle
GetEnvironmentStringsW

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW
PeekNamedPipe
CreatePipe

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
CreateToolhelp32Snapshot
Process32NextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
CompareStringW
CompareStringEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
MoveFileW

userenv

CreateEnvironmentBlock

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTime
GetSystemTimeAsFileTime

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
WakeAllConditionVariable
SleepConditionVariableCS
WakeConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime

wintrust

WinVerifyTrust

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StopTraceW
EnableTraceEx2
StartTraceW

api-ms-win-eventing-legacy-l1-1-0

FlushTraceW

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
SetSecurityInfo

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
GetConsoleMode
WriteConsoleW
GetConsoleCP
ReadConsoleW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-service-management-l1-1-0

OpenServiceW
CreateServiceW
DeleteService
OpenSCManagerW
CloseServiceHandle

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

user32

FindWindowW
LoadCursorW
UpdateWindow
wsprintfW
CreateWindowExW
TranslateMessage
CloseWindow
DefWindowProcW
GetMessageW
RegisterPowerSettingNotification
RegisterSuspendResumeNotification
UnregisterPowerSettingNotification
LoadIconW
DispatchMessageW
ShowWindow
SendMessageTimeoutW
RegisterClassExW

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW

shell32

ShellExecuteExW

shlwapi

PathFileExistsW

wtsapi32

WTSQueryUserToken

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsSetValue
FlsFree
FlsGetValue

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

Sections

.text
Size: 531KB - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f06682a0fd93d9b13405075d95981662

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-shell-shdirectory-l1-1-0

crypt32

api-ms-win-core-synch-l1-1-0

api-ms-win-security-base-l1-1-0

oleaut32

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

userenv

api-ms-win-core-com-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-timezone-l1-1-0

wintrust

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-legacy-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-base-l1-2-2

api-ms-win-core-console-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-service-management-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-io-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

user32

advapi32

shell32

shlwapi

wtsapi32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-datetime-l1-1-0

Sections

.text Size: 531KB - Virtual size: 531KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 19KB - Virtual size: 111KB

.pdata Size: 23KB - Virtual size: 23KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 531KB - Virtual size: 531KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 19KB - Virtual size: 111KB

.pdata
Size: 23KB - Virtual size: 23KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB