bb88b73895054110cac1489e718fb2852d2178006f6dfcd9c6e0a46e0d53bedc

Sharing

Copy URL Twitter E-mail

General

Target

bb88b73895054110cac1489e718fb2852d2178006f6dfcd9c6e0a46e0d53bedc
Size

4.6MB
MD5

27a155cfe1e1277204c601625f7dd9ce
SHA1

05c50007560b378f97633bed5a706ceddadc3a27
SHA256

bb88b73895054110cac1489e718fb2852d2178006f6dfcd9c6e0a46e0d53bedc
SHA512

b486fec73bbb205d6d845a0cb08a642bdb8a47d3da4c50812c89354553fc3385652beef224cac2a6425204dd09a50baa8cfdcd26c9aa76adf5db6f7cb56136dc
SSDEEP

49152:P+TndItaI1hjNUaWMObvCmoKGnxLa31ogmpS49xEyuQV7mF7f52LVPC0CrLB/fZU:eAWMOjCmbGMKRxZVBAbUm2VvmS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb88b73895054110cac1489e718fb2852d2178006f6dfcd9c6e0a46e0d53bedc

Files

bb88b73895054110cac1489e718fb2852d2178006f6dfcd9c6e0a46e0d53bedc
.exe windows:6 windows x64

3214aea031c6c2c0d170edca7623c4e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
CloseHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
AllocConsole
GetCurrentProcess
DeleteFileW
FindFirstFileW
FindClose
RemoveDirectoryW
FindNextFileW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
VerSetConditionMask
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
VerifyVersionInfoW
LoadLibraryExW
GetModuleHandleExW
SetLastError
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileAttributesW
GetFileSize
SetFilePointer
WriteFile
OutputDebugStringW
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
VirtualQuery
FormatMessageW
GetCurrentDirectoryW
CreateDirectoryW
SetFileAttributesW
LocalAlloc
LocalFree
lstrlenW
WritePrivateProfileStringW
WritePrivateProfileStructW
RtlUnwind
VirtualFree
GetSystemInfo
VirtualProtect
LoadLibraryExA
GetCommandLineW
IsWow64Process2
SetThreadPriority
GetCurrentThread
IsDebuggerPresent
GlobalFree
GetLongPathNameW
WriteFileEx
SetNamedPipeHandleState
GetOverlappedResult
CancelIo
SetEvent
WaitForSingleObjectEx
CreateEventW
GlobalAlloc
ReadFile
GetEnvironmentVariableW
GetTickCount
LoadLibraryW
ProcessIdToSessionId
OpenProcess
GetExitCodeProcess
CreateProcessW
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
GetFileSizeEx
MapViewOfFile
LocalFileTimeToFileTime
SetFileTime
DosDateTimeToFileTime
FormatMessageA
FindFirstFileExW
GetFileAttributesExW
GetFinalPathNameByHandleW
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
GetTempPathW
AreFileApisANSI
DeviceIoControl
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
RtlPcToFileHeader
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockShared
AcquireSRWLockShared
Sleep
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
IsProcessorFeaturePresent
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetLocaleInfoEx
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
RtlUnwindEx
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualAlloc
GetFileType
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStdHandle
WriteConsoleW
ExitProcess
GetCommandLineA
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetUserGeoID
GetGeoInfoW
InitializeCriticalSection
GetSystemDirectoryW
GetWindowsDirectoryW
GetComputerNameW
GetSystemDefaultLocaleName
GetSystemTime
SystemTimeToFileTime
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
GlobalMemoryStatusEx
QueryFullProcessImageNameW
GlobalFindAtomW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalAddAtomW
MoveFileW
ReplaceFileW
SetFileAttributesA
GetTempFileNameA
RaiseFailFastException
QueryUnbiasedInterruptTime
GetLargePageMinimum

wldp

WldpQueryWindowsLockdownMode

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 750KB - Virtual size: 749KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 584KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3214aea031c6c2c0d170edca7623c4e0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wldp

rpcrt4

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 750KB - Virtual size: 749KB

.data Size: 98KB - Virtual size: 129KB

.pdata Size: 118KB - Virtual size: 117KB

.didat Size: 2KB - Virtual size: 1KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 108KB - Virtual size: 107KB

.reloc Size: 584KB - Virtual size: 588KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 750KB - Virtual size: 749KB

.data
Size: 98KB - Virtual size: 129KB

.pdata
Size: 118KB - Virtual size: 117KB

.didat
Size: 2KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 108KB - Virtual size: 107KB

.reloc
Size: 584KB - Virtual size: 588KB