c1de286322afb99b06e264694b04555ca0554203b2869b9ea465991a3aad8ae9

Sharing

Copy URL

Twitter E-mail

General

Target

c1de286322afb99b06e264694b04555ca0554203b2869b9ea465991a3aad8ae9
Size

5.0MB
MD5

2b87290b458f24ae3b45c472d90da583
SHA1

e1e654681797c58396671779795b37bb92a1ede6
SHA256

c1de286322afb99b06e264694b04555ca0554203b2869b9ea465991a3aad8ae9
SHA512

7e0a8ddd5e97d8e91d7bb2e963d0ec42437c0933b86581079d7fd3f29107fe89b553570633530b7167c42e1d5707ae9a40fc048841df1787d3880aa2f5d66156
SSDEEP

98304:NsJNehXzeSc9DbsLK9igyGnG0fgQTM/22Es:NsJNehjeSc9vs29SGnG3Fj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1de286322afb99b06e264694b04555ca0554203b2869b9ea465991a3aad8ae9

Files

c1de286322afb99b06e264694b04555ca0554203b2869b9ea465991a3aad8ae9
.exe windows:6 windows x64

8cabba2b757af03dae84be4211e22efe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapCreate
GetFullPathNameW
GetGeoInfoW
GetUserGeoID
VerSetConditionMask
GetEnvironmentVariableW
GetCurrentProcess
GetCurrentProcessId
OpenProcess
GetVersionExW
GetModuleFileNameW
VerifyVersionInfoW
GetLocaleInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ExpandEnvironmentStringsW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetLongPathNameW
ReadFile
SetFilePointer
WriteFile
GetTempPathW
CopyFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
UnregisterWaitEx
RegisterWaitForSingleObject
CancelIo
SleepEx
QueueUserAPC
lstrlenW
ReadDirectoryChangesW
SetLastError
FreeLibrary
LoadLibraryA
LCMapStringW
GetUserDefaultLCID
OutputDebugStringW
GetCurrentThread
LoadLibraryW
GetPackagesByPackageFamily
OpenPackageInfoByFullName
ClosePackageInfo
GetPackageInfo
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
GetFileAttributesW
GetFileSizeEx
CreateThread
GetDiskFreeSpaceW
ReleaseMutex
CreateMutexA
CompareStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetModuleHandleA
LocalAlloc
QueryFullProcessImageNameW
InitializeCriticalSection
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
MultiByteToWideChar
IsDebuggerPresent
GetStringTypeW
EncodePointer
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsFree
GetSystemTimeAsFileTime
GetCPInfo
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
GetSystemInfo
CreateWaitableTimerA
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
ExitThread
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
SetStdHandle
SetEndOfFile
WriteConsoleW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
CreateMutexW
AreFileApisANSI
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
GetSystemDirectoryA
SetConsoleMode
ReadConsoleA
MapViewOfFile
CreateFileMappingW
GetSystemTime
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
WaitForSingleObject
DeleteCriticalSection
HeapDestroy
DecodePointer
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetDefaultDllDirectories
SetDllDirectoryW
FreeConsole
AttachConsole
Sleep
GetModuleHandleW
GetProcAddress
GetLastError
WaitForMultipleObjects
GetTickCount
ResetEvent
HeapFree
GetProcessHeap
HeapAlloc
SetEvent
WaitForSingleObjectEx
CloseHandle
CreateEventW
CreateEventA
LocalFree
WideCharToMultiByte
FormatMessageW
GetFileSize
FormatMessageA
RtlUnwind
GetCurrentDirectoryW
PeekNamedPipe
GetDriveTypeW
UnmapViewOfFile

gdiplus

GdiplusShutdown
GdiplusStartup

user32

MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
LoadStringW
LoadIconW
LoadCursorW
RegisterClassExW
PostQuitMessage
DefWindowProcW
FindWindowW
SendMessageW
MessageBoxW
GetProcessWindowStation
wsprintfW
GetUserObjectInformationW
CreateWindowExW

advapi32

CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegEnumKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
OpenThreadToken
RegOpenKeyW
LookupAccountNameW
RegDeleteValueW
RegSetValueExW
ConvertSidToStringSidW
RegEnumValueW
RegQueryInfoKeyW
CryptEnumProvidersW
RegOpenKeyExW
RegCloseKey
CryptDestroyKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW

shell32

SHGetDesktopFolder
SHCreateDirectoryExW
SHGetMalloc
SHGetFolderPathW
CommandLineToArgvW
SHFileOperationW

ole32

CoCreateGuid
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2

oleaut32

SysAllocStringLen
VariantClear
SysFreeString

msi

ord173
ord217

rpcrt4

UuidToStringW
RpcStringFreeW

userenv

ExpandEnvironmentStringsForUserW

shlwapi

PathFindFileNameW
SHRegDuplicateHKey
PathFileExistsW
StrRetToBufW
ord487

bcrypt

BCryptGenRandom

crypt32

CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore

ws2_32

getpeername
htons
setsockopt
WSACreateEvent
socket
shutdown
WSAEventSelect
listen
connect
__WSAFDIsSet
select
htonl
closesocket
bind
WSAEnumNetworkEvents
accept
WSASetLastError
send
recv
getnameinfo
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
ntohs
getsockopt
getsockname
ioctlsocket
recvfrom
sendto
gethostname
WSACloseEvent
WSAIoctl

wldap32

ord301
ord32
ord200
ord30
ord79
ord27
ord26
ord22
ord41
ord50
ord35
ord45
ord60
ord211
ord46
ord217
ord143
ord33

normaliz

IdnToAscii

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1014KB - Virtual size: 1013KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 600KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8cabba2b757af03dae84be4211e22efe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdiplus

user32

advapi32

shell32

ole32

oleaut32

msi

rpcrt4

userenv

shlwapi

bcrypt

crypt32

ws2_32

wldap32

normaliz

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1014KB - Virtual size: 1013KB

.data Size: 46KB - Virtual size: 78KB

.pdata Size: 149KB - Virtual size: 148KB

.rsrc Size: 193KB - Virtual size: 193KB

.reloc Size: 600KB - Virtual size: 604KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1014KB - Virtual size: 1013KB

.data
Size: 46KB - Virtual size: 78KB

.pdata
Size: 149KB - Virtual size: 148KB

.rsrc
Size: 193KB - Virtual size: 193KB

.reloc
Size: 600KB - Virtual size: 604KB