59d0e9f786d2a8ca146ba81ae580c596e72bb5660ea6a811f6fbec81b0a11e10

Sharing

Copy URL Twitter E-mail

General

Target

59d0e9f786d2a8ca146ba81ae580c596e72bb5660ea6a811f6fbec81b0a11e10
Size

305KB
MD5

77f850baaf2467de71fd88f772706668
SHA1

2871bf01f0f21f8bec56da0d2dd5f2626b3f031b
SHA256

59d0e9f786d2a8ca146ba81ae580c596e72bb5660ea6a811f6fbec81b0a11e10
SHA512

cf172f90fae6994ef569a039be6f0835d22b95e797f34937d0e29e1d3e75c814ad4fb8ae24fa80baefb4974b1277e65d5282f36229d573bab3dbd609160eb420
SSDEEP

3072:GwefYGjQwajBWPhKw88cyeBNut67YAAzG0cCPdU/hmDAAXSoe:IfYGEwoM4w88cdBNuw7YAAS/hQZR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59d0e9f786d2a8ca146ba81ae580c596e72bb5660ea6a811f6fbec81b0a11e10

Files

59d0e9f786d2a8ca146ba81ae580c596e72bb5660ea6a811f6fbec81b0a11e10
.exe windows:6 windows x64

f7858716dcfcae040826421c7bf5d3bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReleaseMutex
FindClose
ReleaseSRWLockShared
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
AcquireSRWLockExclusive
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
DuplicateHandle
SetFilePointerEx
GetStdHandle
GetCurrentProcessId
SetHandleInformation
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
TryAcquireSRWLockExclusive
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
FreeEnvironmentStringsW
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
CreateEventW
ReadFile
GetOverlappedResult
CancelIo
GetConsoleMode
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
WriteConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
HeapFree
CloseHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent

advapi32

SystemFunction036

ws2_32

listen
getaddrinfo
WSASocketW
accept
send
recv
WSAGetLastError
bind
closesocket
WSAStartup
WSACleanup
freeaddrinfo

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException
memmove
memcpy
memset
__CxxFrameHandler3
__current_exception_context
__C_specific_handler
__current_exception
memcmp

api-ms-win-crt-runtime-l1-1-0

__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_exit
exit
_initterm_e
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_initterm
_set_app_type
_configure_narrow_argv
__p___argc
_get_initial_narrow_environment
_seh_filter_exe
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7858716dcfcae040826421c7bf5d3bc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 219KB - Virtual size: 218KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 512B - Virtual size: 856B

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 219KB - Virtual size: 218KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 512B - Virtual size: 856B

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 1KB - Virtual size: 1KB