d60c297c60297460098da0b3aed8b681bff72d5168257b5a4d392c19118e9b39

Sharing

Copy URL Twitter E-mail

General

Target

d60c297c60297460098da0b3aed8b681bff72d5168257b5a4d392c19118e9b39
Size

1.8MB
MD5

ca81673f74b1b6e89dab0af4071b95ea
SHA1

db3d9861ef9a071041364452b8799c7226bb4041
SHA256

d60c297c60297460098da0b3aed8b681bff72d5168257b5a4d392c19118e9b39
SHA512

84e387154ca4211c98986c5ef630ae71abd322707e3fb18122bd94be9d0eb946d0dd1c1a6931e124b65b412240b4db58d59322ae2e35f6deca192e5a8600e17b
SSDEEP

49152:P5YEq0HMHWdGHdzOdyHIax9d1ZbcAQiK:Od7+yH7xH11cYK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d60c297c60297460098da0b3aed8b681bff72d5168257b5a4d392c19118e9b39

Files

d60c297c60297460098da0b3aed8b681bff72d5168257b5a4d392c19118e9b39
.exe windows x64

47d81a0a63e81f1f53b9c8826d7f9fe1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
CloseHandle
ReadFile
FindResourceA
SizeofResource
LockResource
LoadResource
VirtualAlloc
VirtualProtect
WideCharToMultiByte
DeleteFileA
GetLastError
FreeLibrary
FormatMessageA
LocalFree
LoadLibraryA
CopyFileA
CreateProcessA
TerminateProcess
GetProcAddress
SetEndOfFile
CreateFileA
GetModuleFileNameA
WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
InitializeSListHead
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlPcToFileHeader
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitOnceComplete
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitOnceBeginInitialize
QueryPerformanceFrequency
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwindEx
InterlockedPushEntrySList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind

shell32

SHGetKnownFolderPath
ShellExecuteA

ole32

CoInitializeEx

shlwapi

PathFileExistsA
PathFindFileNameA

Exports

Exports

create_chaiscript_module_chaiscript_stdlib

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47d81a0a63e81f1f53b9c8826d7f9fe1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 294KB - Virtual size: 294KB

.data Size: 146KB - Virtual size: 156KB

.pdata Size: 52KB - Virtual size: 52KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 290KB - Virtual size: 289KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 294KB - Virtual size: 294KB

.data
Size: 146KB - Virtual size: 156KB

.pdata
Size: 52KB - Virtual size: 52KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 290KB - Virtual size: 289KB

.reloc
Size: 12KB - Virtual size: 12KB