19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169.exe
Size

4.6MB
MD5

b07d9eca8af870722939fd87e928e603
SHA1

a80c650cd1a486e077b2e1867f36f553cb682a41
SHA256

19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169
SHA512

c73295e11d4b74e7d7db486fc5903bba982a1def619a8eb91ca94ebda918b2a4b5dd4be98b06801718a4949f0cb5f3ca23219488255b99e499f560ca21301b5e
SSDEEP

49152:ftVwASOnGtlqzTkzu2TpDtbou2HmP317X4GyYGf10MlmJ3aMysM/PNwDge5XF2bE:PssYGt0ME65/Plc3846dRxO+aUjO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169.exe

Files

19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169.exe
.exe windows:5 windows x64

9d7285465b02ea32e9b68a7ea325aea3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

AcquireCredentialsHandleA
FreeContextBuffer
DeleteSecurityContext
CompleteAuthToken
InitializeSecurityContextA
FreeCredentialsHandle
QuerySecurityPackageInfoA

kernel32

GetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
TlsAlloc
TlsGetValue
TlsFree
CreateMutexW
VerSetConditionMask
GetCurrentProcess
TerminateProcess
TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
SetEvent
WaitForMultipleObjects
Sleep
WriteFile
ReadFile
DuplicateHandle
TlsSetValue
SleepEx
CreateEventW
CreateWaitableTimerA
SetWaitableTimer
CreateProcessA
CreateFileA
CreateNamedPipeA
GetCurrentThreadId
PeekNamedPipe
GetStdHandle
GetTimeZoneInformation
OutputDebugStringA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
MultiByteToWideChar
FormatMessageA
LocalFree
AreFileApisANSI
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
GetFileType
GetModuleHandleW
GetProcAddress
FindClose
RtlVirtualUnwind
QueryPerformanceCounter
GetTickCount
FreeLibrary
LoadLibraryW
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
GetModuleHandleExW
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
SetEndOfFile
ExitProcess
CreateFileW
VerifyVersionInfoA
GetDriveTypeW
ExitThread
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
HeapReAlloc
SetConsoleCtrlHandler
HeapFree
HeapAlloc
SetConsoleMode
ReadConsoleInputA
RtlUnwindEx
RaiseException
RtlPcToFileHeader
QueryPerformanceFrequency
TryEnterCriticalSection
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetConsoleMode

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

shell32

SHGetFolderPathA

advapi32

RegisterEventSourceW
DeregisterEventSource
ReportEventW

ws2_32

WSASend
WSARecvFrom
WSARecv
WSAIoctl
WSAGetLastError
WSASetLastError
shutdown
setsockopt
select
ntohs
ntohl
getaddrinfo
WSASocketW
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
WSAStartup
WSASendTo
freeaddrinfo
WSAStringToAddressW
recv
send
listen
htons

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 335KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d7285465b02ea32e9b68a7ea325aea3

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

user32

shell32

advapi32

ws2_32

mswsock

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 335KB - Virtual size: 356KB

.pdata Size: 152KB - Virtual size: 151KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 335KB - Virtual size: 356KB

.pdata
Size: 152KB - Virtual size: 151KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 28KB - Virtual size: 28KB