74f8e4e0746a1ee30d6b1f84dd626844575c557336c42da56cfa51d872e1e090

Sharing

Copy URL Twitter E-mail

General

Target

74f8e4e0746a1ee30d6b1f84dd626844575c557336c42da56cfa51d872e1e090
Size

1.8MB
MD5

1df8fc04c2e381d212c823f46e1948c5
SHA1

092041d0d68cab4f41a573f66b9e7766c4878701
SHA256

74f8e4e0746a1ee30d6b1f84dd626844575c557336c42da56cfa51d872e1e090
SHA512

d0023e34b765e4dd2c03c2525a7812bcbacd10624d6540c18d7d70335846e8defe7dbd79bcbbf1f61be676f52baba7d8f5393ce39af9c48ee5f2c0f7319ba371
SSDEEP

24576:iZ7adq15Oa6ZjD9DKBxoOtMdBlKEomlbBW8sRPEbyJlTaN8D1o:iZ7oO5OasP9eBxPkB9FBURPcyJpaNIK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74f8e4e0746a1ee30d6b1f84dd626844575c557336c42da56cfa51d872e1e090

Files

74f8e4e0746a1ee30d6b1f84dd626844575c557336c42da56cfa51d872e1e090
.exe windows x64

a0e7ff77bbef3902455fbad2e7e7ee04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dbghelp

SymGetSymFromAddr64
SymInitialize
SymGetModuleBase64
SymGetLineFromAddr64
StackWalk64
SymSetOptions
SymFunctionTableAccess64

kernel32

RtlCaptureContext
GetCommandLineW
GetCurrentProcess
lstrlenW
GetModuleFileNameW
CreateMutexW
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
OpenProcess
TrySubmitThreadpoolCallback
GetCurrentThread
CloseHandle
LocalSize
LocalFree
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
ReadConsoleW
FormatMessageW
HeapReAlloc
IsValidCodePage
GetACP
RtlUnwind
LoadLibraryW
GetOEMCP
GetCommandLineA
GetLastError
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
WriteConsoleW
GetDynamicTimeZoneInformation
GetFileAttributesW
MultiByteToWideChar
Sleep
GetCurrentProcessId
WideCharToMultiByte
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
GetConsoleMode
OutputDebugStringA
SetEnvironmentVariableW
QueryFullProcessImageNameW
CreateEventW
SetEvent
TerminateProcess
ResetEvent
CreateThread
GetTickCount64
FormatMessageA
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
RtlPcToFileHeader
RaiseException
GetSystemTimeAsFileTime
ReadFile
GetProcAddress
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedPushEntrySList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetConsoleCtrlHandler
SetStdHandle
GetFileType
DeleteFileW
ExitProcess
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
GetConsoleOutputCP
GetTimeZoneInformation
FlushFileBuffers
GetEnvironmentStringsW

user32

GetForegroundWindow
EnumChildWindows
MapVirtualKeyW
GetWindowThreadProcessId
LoadImageW
SetForegroundWindow
UpdateWindow
PostQuitMessage
GetClientRect
ShowWindow
LoadStringW
RegisterClassExW
CreateWindowExW
MonitorFromWindow
SetWindowPos
GetGUIThreadInfo
DefWindowProcW
GetKeyboardLayout
GetMonitorInfoW
EnumDisplayMonitors
GetNextDlgTabItem
TranslateMessage
SetFocus
IsDialogMessageW
DispatchMessageW
GetKeyboardState
ScreenToClient
GetFocus
GetWindowRect
GetMessageW
MonitorFromPoint
ToUnicodeEx
PostMessageW
GetAsyncKeyState
MessageBoxW
CallNextHookEx
GetCursorPos
SendInput
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
MapVirtualKeyExW

shell32

SHGetKnownFolderPath
CommandLineToArgvW

shlwapi

PathStripPathW

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

advapi32

EventUnregister
EventRegister
EventWriteTransfer
RegOpenKeyExW
RegNotifyChangeKeyValue
RegGetValueW
EventSetInformation

ole32

CoInitializeEx
CoTaskMemAlloc
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance
CoGetApartmentType

dwmapi

DwmSetWindowAttribute

oleaut32

GetErrorInfo
SysStringLen
SysAllocString
SysFreeString
SetErrorInfo

Sections

.text
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0e7ff77bbef3902455fbad2e7e7ee04

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

kernel32

user32

shell32

shlwapi

api-ms-win-shcore-scaling-l1-1-1

advapi32

ole32

dwmapi

oleaut32

Sections

.text Size: 752KB - Virtual size: 752KB

.rdata Size: 226KB - Virtual size: 226KB

.data Size: 103KB - Virtual size: 113KB

.pdata Size: 35KB - Virtual size: 35KB

_RDATA Size: 512B - Virtual size: 512B

.rsrc Size: 199KB - Virtual size: 198KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 752KB - Virtual size: 752KB

.rdata
Size: 226KB - Virtual size: 226KB

.data
Size: 103KB - Virtual size: 113KB

.pdata
Size: 35KB - Virtual size: 35KB

_RDATA
Size: 512B - Virtual size: 512B

.rsrc
Size: 199KB - Virtual size: 198KB

.reloc
Size: 572KB - Virtual size: 576KB