994a9c675fa2fb4e416baf05d7c0f6aa9c7efe531db70be20aef0378fed0e314

Sharing

Copy URL Twitter E-mail

General

Target

994a9c675fa2fb4e416baf05d7c0f6aa9c7efe531db70be20aef0378fed0e314
Size

2.0MB
MD5

4bea423a466c5c8f1ef7b4eb54796636
SHA1

7802ab2e46fa23ccd507e06eb814ee62b9c7f953
SHA256

994a9c675fa2fb4e416baf05d7c0f6aa9c7efe531db70be20aef0378fed0e314
SHA512

db45bd7fd2b0f60ddba351a08bb8a3da9813cf2e2fb18ebe66aa8a6ea3ff4ecf9376594bfdfe3513c05a359bfe7dd73fd85c44e7cdf0ba33984927a1dd7e6d4b
SSDEEP

49152:j2l/OAAwdoucwxsCDcRLfTTWditaqxvwYTV9CtsFTFc:0GAAusCwaQv5pGy5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
994a9c675fa2fb4e416baf05d7c0f6aa9c7efe531db70be20aef0378fed0e314

Files

994a9c675fa2fb4e416baf05d7c0f6aa9c7efe531db70be20aef0378fed0e314
.exe windows:6 windows x64

97b58e5100bd3661dfcd7db2a475abb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dbghelp

SymGetSymFromAddr64
SymInitialize
SymGetModuleBase64
SymGetLineFromAddr64
StackWalk64
SymSetOptions
SymFunctionTableAccess64

kernel32

GetCurrentProcess
lstrlenW
GetModuleFileNameW
CreateMutexW
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
OpenProcess
GetLastError
GetCommandLineW
CloseHandle
LocalSize
LocalFree
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
FlushFileBuffers
FormatMessageW
RtlCaptureContext
LoadLibraryW
TrySubmitThreadpoolCallback
ReadFile
ReadConsoleW
HeapReAlloc
SetEndOfFile
IsValidCodePage
GetACP
GetCurrentThread
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
WriteConsoleW
GetDynamicTimeZoneInformation
GetFileAttributesW
MultiByteToWideChar
Sleep
GetCurrentProcessId
WideCharToMultiByte
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
GetConsoleMode
OutputDebugStringA
SetEnvironmentVariableW
QueryFullProcessImageNameW
CreateEventW
SetEvent
TerminateProcess
ResetEvent
CreateThread
GetTickCount64
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetProcAddress
GetFileInformationByHandleEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
RtlPcToFileHeader
RaiseException
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedPushEntrySList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetConsoleCtrlHandler
SetStdHandle
GetFileType
DeleteFileW
ExitProcess
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
GetConsoleOutputCP
GetOEMCP

user32

MapVirtualKeyExW
GetGUIThreadInfo
GetForegroundWindow
EnumChildWindows
MapVirtualKeyW
GetWindowThreadProcessId
LoadImageW
SetForegroundWindow
UpdateWindow
PostQuitMessage
GetClientRect
ShowWindow
LoadStringW
RegisterClassExW
CreateWindowExW
MonitorFromWindow
SetWindowPos
PostMessageW
DefWindowProcW
GetKeyboardLayout
GetMonitorInfoW
EnumDisplayMonitors
GetNextDlgTabItem
TranslateMessage
SetFocus
IsDialogMessageW
DispatchMessageW
GetKeyboardState
ScreenToClient
SetWindowsHookExW
GetWindowRect
GetMessageW
GetCursorPos
MonitorFromPoint
MessageBoxW
CallNextHookEx
GetAsyncKeyState
UnhookWindowsHookEx
GetFocus
SendInput
PostThreadMessageW
ToUnicodeEx

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
RegNotifyChangeKeyValue
RegGetValueW

shell32

CommandLineToArgvW
SHGetKnownFolderPath

shlwapi

PathStripPathW

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

ole32

CoInitializeEx
CoTaskMemAlloc
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance
CoGetApartmentType

dwmapi

DwmSetWindowAttribute

oleaut32

GetErrorInfo
SysStringLen
SysAllocString
SysFreeString
SetErrorInfo

Sections

.text
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

97b58e5100bd3661dfcd7db2a475abb1

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

kernel32

user32

advapi32

shell32

shlwapi

api-ms-win-shcore-scaling-l1-1-1

ole32

dwmapi

oleaut32

Sections

.text Size: 812KB - Virtual size: 811KB

.rdata Size: 297KB - Virtual size: 296KB

.data Size: 101KB - Virtual size: 113KB

.pdata Size: 37KB - Virtual size: 37KB

_RDATA Size: 512B - Virtual size: 512B

.rsrc Size: 194KB - Virtual size: 194KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 812KB - Virtual size: 811KB

.rdata
Size: 297KB - Virtual size: 296KB

.data
Size: 101KB - Virtual size: 113KB

.pdata
Size: 37KB - Virtual size: 37KB

_RDATA
Size: 512B - Virtual size: 512B

.rsrc
Size: 194KB - Virtual size: 194KB

.reloc
Size: 572KB - Virtual size: 576KB