f64fbdd61cfa5a484b7bf1a4f5d671a61db0fd38b0eeebdcbbcbfd1680ab26d1

Sharing

Copy URL

Twitter E-mail

General

Target

f64fbdd61cfa5a484b7bf1a4f5d671a61db0fd38b0eeebdcbbcbfd1680ab26d1
Size

10.5MB
MD5

e4178e1f08b0d6d8476111a27c14a29b
SHA1

7655f9902fd45da78355b18f32ba4f2da58a565c
SHA256

f64fbdd61cfa5a484b7bf1a4f5d671a61db0fd38b0eeebdcbbcbfd1680ab26d1
SHA512

887fc11c037fef3d7014e6b714286546dbc4355d3dfc875389b538b61b63920805bf32406aef129995b04c0b88199564ccda07cb979df209004d31445eeb0f3c
SSDEEP

98304:ndHUxky4hlYS0jBJoDnnvtP4Xcns1ze0Tzy+ki7A9/+sGnFQyPg1p:n5Gky6YjjBSDGsnWzekz/62sEFBW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f64fbdd61cfa5a484b7bf1a4f5d671a61db0fd38b0eeebdcbbcbfd1680ab26d1

Files

f64fbdd61cfa5a484b7bf1a4f5d671a61db0fd38b0eeebdcbbcbfd1680ab26d1
.exe windows:5 windows x86

ec70abe7c47666fd850a572854f332e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
RtlCaptureStackBackTrace
LocalFree
LoadLibraryExA
DeviceIoControl
lstrlenW
lstrcpyW
OpenProcess
VirtualFree
OutputDebugStringW
InitializeCriticalSection
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CloseHandle
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
HeapQueryInformation
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
InterlockedDecrement
OutputDebugStringA
LoadLibraryW
GetTickCount
Sleep
HeapSize
HeapReAlloc
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
CreateFileW
GetACP
ExitProcess
ResumeThread
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RaiseException
GetProcAddress
SetEndOfFile
DecodePointer
ExitThread
GetSystemInfo
HeapValidate
MoveFileExW
WriteConsoleW
GetModuleFileNameA
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
VirtualAlloc
GetVersionExW
GetModuleFileNameW
FreeLibraryAndExitThread
EncodePointer
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
FormatMessageW
WideCharToMultiByte
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
VirtualQuery
GetFileAttributesW
InterlockedIncrement
CompareFileTime
FindClose
FindFirstFileW
FindNextFileW
SleepEx
VerSetConditionMask
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObject
ExpandEnvironmentStringsA
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
FormatMessageA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteFile
SwitchToFiber
DeleteFiber
CreateFiber
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
LockFile
UnlockFile
GetFileSizeEx
FlushFileBuffers
SetFilePointerEx
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetTempPathA
CreateDirectoryA
RemoveDirectoryA
CreateFileA
GetFileAttributesA
GetFileAttributesExA
DeleteFileA
FindFirstFileA
FindNextFileA
MoveFileA
ReplaceFileA
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes

user32

PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
UnregisterClassW
DestroyWindow
ShowWindow
DialogBoxParamW
EndDialog
LoadAcceleratorsW
RegisterClassExW
GetMessageW
CreateWindowExW
TranslateAcceleratorW
GetClassNameW
EnumWindows
GetWindowTextW
EnumDisplaySettingsA
GetWindowThreadProcessId
FindWindowExA
FindWindowW
SetForegroundWindow
SetFocus
WaitForInputIdle
SendMessageW
SendMessageA
wsprintfW
MessageBoxA
PeekMessageW
LoadStringW
LoadIconW
LoadCursorW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
EndPaint
BeginPaint
UpdateWindow

comdlg32

GetOpenFileNameW

advapi32

CryptGenRandom
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
RegCloseKey
RegLoadKeyW
RegFlushKey
RegEnumKeyW
GetLengthSid
FreeSid
CryptSetHashParam
CryptDestroyKey
CryptEnumProvidersW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext

shell32

ShellExecuteW
SHCreateDirectoryExW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

VariantClear
SysAllocString
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantCopy
SysAllocStringByteLen
VariantInit
SysFreeString

shlwapi

wnsprintfW
PathFindFileNameW
PathRemoveExtensionW
UrlUnescapeW
SHCreateStreamOnFileEx

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

wldap32

ord79
ord301
ord200
ord35
ord143
ord217
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord30

netapi32

Netbios

ws2_32

getnameinfo
WSAGetLastError
socket
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
gethostbyname
inet_ntoa
getservbyname
shutdown

Sections

.textbss
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 153KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

gshare
Size: 512B - Virtual size: 258B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec70abe7c47666fd850a572854f332e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

wldap32

netapi32

ws2_32

Sections

.textbss Size: - Virtual size: 4.1MB

.text Size: 8.5MB - Virtual size: 8.5MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 153KB - Virtual size: 188KB

.idata Size: 11KB - Virtual size: 10KB

gshare Size: 512B - Virtual size: 258B

.msvcjmc Size: 4KB - Virtual size: 3KB

.00cfg Size: 512B - Virtual size: 260B

.tls Size: 1024B - Virtual size: 777B

.rsrc Size: 236KB - Virtual size: 236KB

.reloc Size: 320KB - Virtual size: 320KB

.textbss
Size: - Virtual size: 4.1MB

.text
Size: 8.5MB - Virtual size: 8.5MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 153KB - Virtual size: 188KB

.idata
Size: 11KB - Virtual size: 10KB

gshare
Size: 512B - Virtual size: 258B

.msvcjmc
Size: 4KB - Virtual size: 3KB

.00cfg
Size: 512B - Virtual size: 260B

.tls
Size: 1024B - Virtual size: 777B

.rsrc
Size: 236KB - Virtual size: 236KB

.reloc
Size: 320KB - Virtual size: 320KB