9fd04e52aa7305ec75e1271e882ebfc5dff32c5dd2dfcdf5a064872d415d020d

Sharing

Copy URL Twitter E-mail

General

Target

9fd04e52aa7305ec75e1271e882ebfc5dff32c5dd2dfcdf5a064872d415d020d
Size

3.1MB
MD5

39810839a43e520f26ab8d7a40ff37ba
SHA1

b70891ac5544caf2fec2d4a167aa6e5e93b8fbad
SHA256

9fd04e52aa7305ec75e1271e882ebfc5dff32c5dd2dfcdf5a064872d415d020d
SHA512

079830b13d7e2425845f5e199e2aa0ff5f75406b20160d320728e4a2447b459ec36095e33ac16bdbcb8f9cdbc1d2fad97c55612b3bb581206676f06b0b110908
SSDEEP

49152:Y4ErBfp/8+F0fIVRhne1OQqx7LMniLlHMrGl5:Y4Sx/30fIr7LMnQsrGl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fd04e52aa7305ec75e1271e882ebfc5dff32c5dd2dfcdf5a064872d415d020d

Files

9fd04e52aa7305ec75e1271e882ebfc5dff32c5dd2dfcdf5a064872d415d020d
.exe windows:6 windows x64

64d7b7153844b2da5f06c9fe8a17580d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtDeviceIoControlFile
NtWriteFile
NtReadFile
RtlPcToFileHeader
RtlCaptureContext
RtlGetNtVersionNumbers
NtCreateFile
NtCancelIoFileEx
RtlUnwindEx
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
HeapSize
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
CreateThread
SetHandleInformation
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCurrentProcessId
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CreateMutexW
GetLastError
GetCurrentProcess
TlsGetValue
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
RaiseException
GetOverlappedResult
ReadFile
WriteFile
IsProcessorFeaturePresent
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
FormatMessageW
WaitForSingleObject
LoadLibraryA
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
MultiByteToWideChar
TlsSetValue
GetFileAttributesW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetSystemTimeAsFileTime
CreateProcessW
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetWindowsDirectoryW
HeapReAlloc
WaitForSingleObjectEx
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
GetConsoleMode
GetFileType
GetModuleHandleW
GetModuleFileNameW
SetCurrentDirectoryW
ExitProcess
GetFullPathNameW
DuplicateHandle
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW

advapi32

RegQueryValueExW
SystemFunction036
RegCloseKey
RegOpenKeyExW

ws2_32

WSASend
send
setsockopt
recv
shutdown
ioctlsocket
connect
WSASocketW
getpeername
getsockname
WSAIoctl
WSAGetLastError
WSACleanup
freeaddrinfo
bind
getaddrinfo
getsockopt
closesocket
WSAStartup

secur32

DecryptMessage
FreeContextBuffer
AcceptSecurityContext
DeleteSecurityContext
EncryptMessage
ApplyControlToken
InitializeSecurityContextW
QueryContextAttributesW
FreeCredentialsHandle
AcquireCredentialsHandleA

crypt32

CertFreeCertificateChain
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertCloseStore

oleaut32

SysFreeString
SysStringLen
GetErrorInfo

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64d7b7153844b2da5f06c9fe8a17580d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

ws2_32

secur32

crypt32

oleaut32

bcrypt

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 14KB - Virtual size: 19KB

.pdata Size: 140KB - Virtual size: 140KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 14KB - Virtual size: 19KB

.pdata
Size: 140KB - Virtual size: 140KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 23KB - Virtual size: 22KB