d0099e070e6a3787be8b5776b7d65ff6247c02c5ec0cf72aa893a1107d5c9f35

Sharing

Copy URL Twitter E-mail

General

Target

d0099e070e6a3787be8b5776b7d65ff6247c02c5ec0cf72aa893a1107d5c9f35
Size

842KB
MD5

01c5c1a8f624addd8baf3bd788ad45bb
SHA1

3342cee842dc278bedbf5ac5671976022ba105e0
SHA256

d0099e070e6a3787be8b5776b7d65ff6247c02c5ec0cf72aa893a1107d5c9f35
SHA512

2247a1c07aeda97861b2fcfb41f945a590d2f581bb84f1ec6681d51dbefc6edec426f9ab05b8e4a76cfd1cd87d557fcd9c95ed795c9900578f85e1d4174e48cb
SSDEEP

12288:LCc4S2f+BqB7suOYLesZBo9OZXExjPo7Vrso6J3:L74So+BXuOY7zyOZU9g7Vr8J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0099e070e6a3787be8b5776b7d65ff6247c02c5ec0cf72aa893a1107d5c9f35

Files

d0099e070e6a3787be8b5776b7d65ff6247c02c5ec0cf72aa893a1107d5c9f35
.exe windows:6 windows x64

abbb08089b001118338b2353461afcac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SystemTimeToTzSpecificLocalTime
CreateMutexW
GetLastError
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
GetModuleHandleA
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
FreeEnvironmentStringsW
GetModuleHandleExW
ReleaseMutex
FindClose
ReleaseSRWLockShared
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
SystemTimeToFileTime
WriteFile
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
DuplicateHandle
SetFilePointerEx
LoadLibraryExW
FreeLibrary
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStdHandle
GetCurrentProcessId
RaiseException
TzSpecificLocalTimeToSystemTime
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
TryAcquireSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
RtlPcToFileHeader
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
RtlUnwindEx
IsProcessorFeaturePresent
CreateDirectoryW
FindFirstFileW
CreateEventW
ReadFile
GetOverlappedResult
CancelIo
GetStartupInfoW
SetUnhandledExceptionFilter
GetConsoleMode
GetFileType
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CloseHandle
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
ReleaseSRWLockExclusive
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentThreadId
AcquireSRWLockExclusive

user32

TrackPopupMenu
DefWindowProcW
GetMenuItemID
LoadCursorW
PostQuitMessage
SetForegroundWindow
GetCursorPos
InsertMenuItemW
RegisterClassW
CreateWindowExW
LoadIconW
CreatePopupMenu
SetMenuInfo
GetMessageW
TranslateMessage
DispatchMessageW
LoadImageW
PostMessageW

shell32

Shell_NotifyIconW

advapi32

SystemFunction036

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

bcrypt

BCryptGenRandom

Sections

.text
Size: 603KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abbb08089b001118338b2353461afcac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

ntdll

bcrypt

Sections

.text Size: 603KB - Virtual size: 602KB

.rdata Size: 203KB - Virtual size: 203KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 26KB - Virtual size: 26KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 603KB - Virtual size: 602KB

.rdata
Size: 203KB - Virtual size: 203KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 26KB - Virtual size: 26KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 4KB - Virtual size: 4KB