8e8767f1da2f91ea49617e464d65da65e9bab36d615f65f1eeb038ded43e1ed0

Sharing

Copy URL Twitter E-mail

General

Target

8e8767f1da2f91ea49617e464d65da65e9bab36d615f65f1eeb038ded43e1ed0
Size

844KB
MD5

cd7e4c9af94db4e687e7b463337e9916
SHA1

77a90282091c3500f1ed573ac1b89947377d9ff6
SHA256

8e8767f1da2f91ea49617e464d65da65e9bab36d615f65f1eeb038ded43e1ed0
SHA512

84fb0a476c5782859c5513ce9b468894d115875f520f15253fe434c5155131d2267882f1f88aee132577ebfb661469ee92c73ad66d00f4d0772081cd130c78d5
SSDEEP

12288:YNTCGm/3FRjmMiKEzD5ZNypaUZtNpj6AeU:cTCJ/jFiKcDnNy06tNpR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e8767f1da2f91ea49617e464d65da65e9bab36d615f65f1eeb038ded43e1ed0

Files

8e8767f1da2f91ea49617e464d65da65e9bab36d615f65f1eeb038ded43e1ed0
.exe windows:6 windows x64

abbb08089b001118338b2353461afcac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SystemTimeToTzSpecificLocalTime
CreateMutexW
GetLastError
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
GetModuleHandleA
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
FreeEnvironmentStringsW
GetModuleHandleExW
ReleaseMutex
FindClose
ReleaseSRWLockShared
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
SystemTimeToFileTime
WriteFile
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
DuplicateHandle
SetFilePointerEx
LoadLibraryExW
FreeLibrary
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStdHandle
GetCurrentProcessId
RaiseException
TzSpecificLocalTimeToSystemTime
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
TryAcquireSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
RtlPcToFileHeader
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
RtlUnwindEx
IsProcessorFeaturePresent
CreateDirectoryW
FindFirstFileW
CreateEventW
ReadFile
GetOverlappedResult
CancelIo
GetStartupInfoW
SetUnhandledExceptionFilter
GetConsoleMode
GetFileType
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CloseHandle
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
ReleaseSRWLockExclusive
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentThreadId
AcquireSRWLockExclusive

user32

TrackPopupMenu
DefWindowProcW
GetMenuItemID
LoadCursorW
PostQuitMessage
SetForegroundWindow
GetCursorPos
InsertMenuItemW
RegisterClassW
CreateWindowExW
LoadIconW
CreatePopupMenu
SetMenuInfo
GetMessageW
TranslateMessage
DispatchMessageW
LoadImageW
PostMessageW

shell32

Shell_NotifyIconW

advapi32

SystemFunction036

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

bcrypt

BCryptGenRandom

Sections

.text
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abbb08089b001118338b2353461afcac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

ntdll

bcrypt

Sections

.text Size: 604KB - Virtual size: 604KB

.rdata Size: 204KB - Virtual size: 203KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 26KB - Virtual size: 26KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 604KB - Virtual size: 604KB

.rdata
Size: 204KB - Virtual size: 203KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 26KB - Virtual size: 26KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 4KB - Virtual size: 4KB