d41c21e8cbefc5d5cf77d75f7d75c1fe2641f05eb3f8e3fb937e4a84ba37caa9

Sharing

Copy URL Twitter E-mail

General

Target

d41c21e8cbefc5d5cf77d75f7d75c1fe2641f05eb3f8e3fb937e4a84ba37caa9
Size

3.6MB
MD5

39da3ff27cf4beaa3d4517ef8c2411c8
SHA1

aadc986502b8cf90dd4612c68e17802d86d63b05
SHA256

d41c21e8cbefc5d5cf77d75f7d75c1fe2641f05eb3f8e3fb937e4a84ba37caa9
SHA512

83161a89548437759e062108751be94ffc8ab8a11a1773ef675b554a8e78cc5347f832fbea0d383451bb85bd554c3b3776f99dce26dd41da219dc508c1af1dc6
SSDEEP

49152:8gvxxnMdytnOpGKyN/CcaW4AiyMgcPAqO4fnEBaWU7e:8gvjMEOpGnN5P4otJqO8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d41c21e8cbefc5d5cf77d75f7d75c1fe2641f05eb3f8e3fb937e4a84ba37caa9

Files

d41c21e8cbefc5d5cf77d75f7d75c1fe2641f05eb3f8e3fb937e4a84ba37caa9
.exe windows:6 windows x86

2e48d45a128edb3cd77afddfdae96f9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

PathAppendW
PathRemoveFileSpecW

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

kernel32

GetProcAddress
Sleep
GetLastError
DeleteFileW
GetFileSize
MoveFileW
CreateMutexA
ReleaseMutex
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleW
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
PeekNamedPipe
LoadLibraryW
VerSetConditionMask
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
OpenProcess
WaitForSingleObject
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetCurrentProcessId
ConvertThreadToFiber
ConvertFiberToThread
FindFirstFileW
CreateFiber
DeleteFiber
SwitchToFiber
SetConsoleMode
ReadConsoleA
DecodePointer
HeapSize
GetTimeZoneInformation
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
GetFullPathNameW
SetEndOfFile
SetStdHandle
GetFileAttributesExW
FlushFileBuffers
CloseHandle
MultiByteToWideChar
GetCurrentThreadId
CreateFileW
GetTickCount
WriteFile
ReadFile
WaitForMultipleObjects
GetStringTypeW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetCommandLineW
GetCommandLineA
HeapFree
HeapAlloc
SetFilePointerEx
TryEnterCriticalSection
DuplicateHandle
GetCurrentProcess
GetCurrentThread
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RaiseException
RtlUnwind
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread

ws2_32

setsockopt
ntohs
getsockopt
getsockname
getpeername
bind
WSAWaitForMultipleEvents
WSASetLastError
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
closesocket
send
socket
connect
recvfrom
recv
shutdown
getnameinfo
sendto
ioctlsocket
WSAGetLastError
WSACleanup
getaddrinfo
WSAStartup
htonl
htons
freeaddrinfo
WSAIoctl
__WSAFDIsSet
select
accept
listen
gethostname
ntohl

advapi32

CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
DeregisterEventSource
CryptCreateHash
ReportEventW
RegisterEventSourceW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CertOpenSystemStoreA

wldap32

ord41
ord50
ord45
ord22
ord211
ord46
ord217
ord143
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord60

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 509KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 35KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e48d45a128edb3cd77afddfdae96f9b

Headers

DLL Characteristics

File Characteristics

Imports

version

shlwapi

user32

kernel32

ws2_32

advapi32

crypt32

wldap32

bcrypt

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 509KB - Virtual size: 509KB

.data Size: 35KB - Virtual size: 52KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 147KB - Virtual size: 148KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 509KB - Virtual size: 509KB

.data
Size: 35KB - Virtual size: 52KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 147KB - Virtual size: 148KB