5dc9492fe76ea1206e7fc4f6f96953fac8abac7db3dc731fc9a292fa54de95e5

Sharing

Copy URL Twitter E-mail

General

Target

5dc9492fe76ea1206e7fc4f6f96953fac8abac7db3dc731fc9a292fa54de95e5
Size

168KB
MD5

6e8bf45e593fe9d50b040a5c628ebfcd
SHA1

18b9fa5361301adb27f01b2266da8bff575c7fd0
SHA256

5dc9492fe76ea1206e7fc4f6f96953fac8abac7db3dc731fc9a292fa54de95e5
SHA512

4289138d191932e197bed6115975006adf7bb1af13839e027721e0b3cd7cceac42a8b7f3c9ab6087282d9fad2f94054103654a9f2e34370dd28793c203706566
SSDEEP

3072:JHUaPi9I5GG6W6SxjbknIhP44MWHKE6G7XF7MMjB3zr5Vo:aaPRGGhxjbknIhPsBC1NNDr5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dc9492fe76ea1206e7fc4f6f96953fac8abac7db3dc731fc9a292fa54de95e5

Files

5dc9492fe76ea1206e7fc4f6f96953fac8abac7db3dc731fc9a292fa54de95e5
.exe windows:6 windows x64

d4453f2c67b73c7b5ef90f3aaa143e2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetEnvironmentVariableW
SetLastError
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcess
GetStdHandle
GetCurrentProcessId
GetCurrentDirectoryW
GetCurrentThread
SetThreadStackGuarantee
QueryPerformanceCounter
TryAcquireSRWLockExclusive
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexA
GetModuleHandleA
AddVectoredExceptionHandler
ReleaseSRWLockShared
GetModuleHandleW
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleMode
WriteConsoleW
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetCurrentThreadId
FormatMessageW
InitializeSListHead
RtlVirtualUnwind
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryA
WaitForSingleObject
HeapAlloc
GetProcessHeap
ResumeThread
QueueUserAPC
CloseHandle
GetLastError
CreateProcessA
IsProcessorFeaturePresent

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

ntdll

NtAllocateVirtualMemory
NtWriteVirtualMemory

vcruntime140

memset
memcpy
__CxxFrameHandler3
memcmp
memmove
__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_initterm
_exit
_seh_filter_exe
_get_initial_narrow_environment
__p___argc
terminate
__p___argv
_initialize_narrow_environment
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_set_app_type
_initialize_onexit_table
_register_onexit_function
_crt_atexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4453f2c67b73c7b5ef90f3aaa143e2f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 512B - Virtual size: 760B

.pdata Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 1016B

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 512B - Virtual size: 760B

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 1016B