7b0596eb52d26e3dfef1e719769bbf4fad2a66dcca97df60e49b8df4118d2dfe

Sharing

Copy URL Twitter E-mail

General

Target

7b0596eb52d26e3dfef1e719769bbf4fad2a66dcca97df60e49b8df4118d2dfe
Size

1.3MB
MD5

070a8db4f52d8642cb767c0c11a1316b
SHA1

73385c44ac4106fef197350270b512b6153248dd
SHA256

7b0596eb52d26e3dfef1e719769bbf4fad2a66dcca97df60e49b8df4118d2dfe
SHA512

5ffeb79a7724ab8b6f98b934b4ee2286c5e601d689bc8186abc591be6ca98c12101072e99ae9d06707b051600a2d1d7142f5542cc1886f29756ebc6daab5834b
SSDEEP

24576:5UCEMO/f5hkpmWBcBNfgPWcR2aQCrYVBiSpTmi:2zFn5huNmBNfgPWDaQniSpa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b0596eb52d26e3dfef1e719769bbf4fad2a66dcca97df60e49b8df4118d2dfe

Files

7b0596eb52d26e3dfef1e719769bbf4fad2a66dcca97df60e49b8df4118d2dfe
.exe windows:6 windows x64

0a5f2f27d2812343f7d62d126e47313d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

rpcrt4

Ndr64AsyncServerCallAll
I_RpcBindingInqLocalClientPID
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcAsyncCompleteCall
RpcMgmtWaitServerListen
RpcServerListen
RpcServerUseProtseqEpW
NdrAsyncServerCall
RpcEpUnregister
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings
NdrServerCallAll
RpcMgmtStopServerListening
NdrServerCall2
NdrClientCall3
RpcBindingVectorFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

ReadFile
GetFileType
CreateFileW
SetEndOfFile
CreateDirectoryW
WriteFile
FindFirstFileExW
SetFilePointerEx
GetFileAttributesW
FindClose
FileTimeToLocalFileTime
FindNextFileW
FindFirstFileW
FlushFileBuffers
ReadFileEx

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
LCMapStringEx
GetOEMCP
GetACP
IsValidCodePage
FormatMessageW
GetCPInfo
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
SetHandleInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
LoadLibraryExW
FreeLibrary

crypt32

CryptDecodeObject
CertOpenStore
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgClose
CertCloseStore
CryptDecodeObjectEx
CryptMsgUpdate
CryptFindOIDInfo
CryptQueryObject
CryptMsgOpenToDecode
CertGetNameStringW

api-ms-win-core-synch-l1-1-0

ResetEvent
TryAcquireSRWLockExclusive
CreateMutexW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LeaveCriticalSection
OpenEventW
SetEvent
CreateEventW
EnterCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
SetSecurityDescriptorDacl
SetTokenInformation
AllocateAndInitializeSid
GetTokenInformation
InitializeSecurityDescriptor
CreateWellKnownSid
FreeSid

oleaut32

SysAllocString
SysFreeString
VariantInit
VarBstrCmp
VariantChangeType
VariantClear

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegGetValueW

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsFree
TlsAlloc
OpenProcessToken
GetExitCodeProcess
ProcessIdToSessionId
TlsGetValue
ExitProcess
TerminateProcess
CreateProcessW
GetCurrentThreadId
GetStartupInfoW
CreateThread
GetCurrentProcessId
CreateProcessAsUserW
TerminateThread
GetCurrentProcess

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetEnvironmentStringsW
GetStdHandle
SetCurrentDirectoryW
GetCommandLineA
SetStdHandle
FreeEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
WaitNamedPipeW
CreatePipe

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
CreateToolhelp32Snapshot
Process32NextW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
GetStringTypeW
CompareStringEx
WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

userenv

CreateEnvironmentBlock

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableCS

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime

wintrust

WinVerifyTrust

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
SetSecurityInfo

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
SetConsoleCtrlHandler
GetConsoleCP
ReadConsoleW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

user32

UpdateWindow
DispatchMessageW
ShowWindow
RegisterClassExW
TranslateMessage
FindWindowW
SendMessageTimeoutW
CloseWindow
DefWindowProcW
GetMessageW
RegisterPowerSettingNotification
RegisterSuspendResumeNotification
UnregisterPowerSettingNotification
LoadIconW
LoadCursorW
CreateWindowExW
wsprintfW

advapi32

DeregisterEventSource
RegisterEventSourceW
ReportEventW

shlwapi

PathFileExistsW

wtsapi32

WTSQueryUserToken
WTSFreeMemory

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlUnwind
RtlVirtualUnwind
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsSetValue
FlsAlloc
FlsFree

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

Sections

.text
Size: 518KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0a5f2f27d2812343f7d62d126e47313d

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-libraryloader-l1-2-0

crypt32

api-ms-win-core-synch-l1-1-0

api-ms-win-security-base-l1-1-0

oleaut32

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

userenv

api-ms-win-core-com-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-timezone-l1-1-0

wintrust

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-base-l1-2-2

api-ms-win-core-console-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

user32

advapi32

shlwapi

wtsapi32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-datetime-l1-1-0

Sections

.text Size: 518KB - Virtual size: 517KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 17KB - Virtual size: 97KB

.pdata Size: 23KB - Virtual size: 22KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 518KB - Virtual size: 517KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 17KB - Virtual size: 97KB

.pdata
Size: 23KB - Virtual size: 22KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB