b6dcbc33b42f5299a8f73d3dc09610ee39923287ff312a9cd3fe2bc0892f029b

Sharing

Copy URL Twitter E-mail

General

Target

b6dcbc33b42f5299a8f73d3dc09610ee39923287ff312a9cd3fe2bc0892f029b
Size

12.7MB
MD5

81190060c18879fff019dbd5d256d7c5
SHA1

63c3d7d0910051de6eb8f1fab72aa622a09e3cee
SHA256

b6dcbc33b42f5299a8f73d3dc09610ee39923287ff312a9cd3fe2bc0892f029b
SHA512

416814225be41551c54fb6eb058b374e0e6aecaebea2bfcd92e37f2f2666b687263c8b23ff09aad0bd7fcafa802607a8732149dda110fc5b1357b2cda1f74488
SSDEEP

98304:xUdH1u1OWTV6VglofwFjUnkbWaCn2cb0Lod3Bo:SVO8scnkvxKo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6dcbc33b42f5299a8f73d3dc09610ee39923287ff312a9cd3fe2bc0892f029b

Files

b6dcbc33b42f5299a8f73d3dc09610ee39923287ff312a9cd3fe2bc0892f029b
.exe windows:6 windows x64

818c8f70967d52423a0dbad31e4e5a6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
NtWriteFile
NtReadFile
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

ole32

OleInitialize
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
CoCreateInstance

shell32

DragQueryFileW
DragFinish
SHAppBarMessage

user32

GetSystemMenu
GetClipCursor
GetClientRect
SetWindowPos
SendMessageW
PostMessageW
MonitorFromRect
PeekMessageW
GetMessageW
DestroyIcon
ShowCursor
CreateIcon
ClipCursor
SendInput
GetKeyboardLayout
MapVirtualKeyExW
GetKeyboardState
GetAsyncKeyState
GetActiveWindow
MapVirtualKeyW
ToUnicodeEx
GetKeyState
IsWindow
SetCapture
SetWindowLongW
DefWindowProcW
EnableMenuItem
GetDC
ChangeDisplaySettingsExW
GetWindowLongW
GetMonitorInfoW
ClientToScreen
InvalidateRgn
GetUpdateRect
ValidateRect
RedrawWindow
RegisterWindowMessageA
CreateWindowExW
RegisterClassExW
DispatchMessageA
GetMessageA
ReleaseCapture
SetCursor
IsProcessDPIAware
EnumChildWindows
DestroyWindow
LoadCursorW
ScreenToClient
GetWindowLongPtrW
SetWindowLongPtrW
AdjustWindowRectEx
GetTouchInputInfo
RegisterTouchWindow
GetWindowPlacement
GetWindowRect
CloseTouchInputHandle
GetCursorPos
PostThreadMessageW
DispatchMessageW
MonitorFromWindow
GetSystemMetrics
TranslateMessage
SetWindowPlacement
GetWindowThreadProcessId
IsWindowVisible
ShowWindow
EnumWindows
SetForegroundWindow
TrackMouseEvent
RegisterRawInputDevices
GetRawInputData
SystemParametersInfoA
SetPropW
GetMenu
MsgWaitForMultipleObjectsEx
SetWindowDisplayAffinity

kernel32

TlsAlloc
EncodePointer
TlsFree
GetModuleHandleExW
GetCommandLineA
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
GetStringTypeW
Process32Next
OpenProcess
CloseHandle
Process32First
CreateToolhelp32Snapshot
RaiseException
SetHandleInformation
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
ResetEvent
DeleteCriticalSection
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FreeEnvironmentStringsW
ReleaseMutex
FlsAlloc
TzSpecificLocalTimeToSystemTime
FlsGetValue
FindClose
FlsSetValue
FlsFree
AcquireSRWLockShared
ReleaseSRWLockShared
CreateMutexW
GetLastError
GetCurrentProcess
AcquireSRWLockExclusive
WriteFile
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
CompareStringW
LCMapStringW
SleepConditionVariableSRW
GetSystemInfo
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
CreateThread
WideCharToMultiByte
WriteConsoleW
MultiByteToWideChar
LCIDToLocaleName
GetUserDefaultUILanguage
lstrlenW
GetFullPathNameW
GetFileAttributesW
CreateFileW
OutputDebugStringA
OutputDebugStringW
GetModuleFileNameW
GetProcAddress
HeapSize
GetConsoleOutputCP
FormatMessageW
HeapAlloc
LoadLibraryExW
GetProcessHeap
HeapFree
GetModuleHandleW
WaitForSingleObject
LoadLibraryW
FreeLibrary
GetEnvironmentVariableW
ExitProcess
GetFileType
GetConsoleMode
ReleaseSRWLockExclusive
LoadLibraryA
GetFinalPathNameByHandleW
SetEvent
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GetFileInformationByHandle
FindNextFileW
CreateEventW
GetModuleHandleA
Sleep
AddVectoredExceptionHandler
CreateMutexA
WaitForSingleObjectEx
HeapReAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
TerminateProcess
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
FlushFileBuffers
GetCommandLineW
TryAcquireSRWLockExclusive
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
GetCurrentThread
SwitchToThread
SetThreadStackGuarantee
GetCurrentThreadId

psapi

GetModuleFileNameExW

dwmapi

DwmEnableBlurBehindWindow

secur32

InitializeSecurityContextW
FreeContextBuffer
DecryptMessage
EncryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW
FreeCredentialsHandle
AcquireCredentialsHandleA
AcceptSecurityContext

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateStore
CertOpenStore
CertFreeCertificateChain
CertDuplicateCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CertEnumCertificatesInStore

advapi32

RegCloseKey
RegOpenKeyExW
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
RegQueryValueExW
EventRegister
SystemFunction036

ws2_32

bind
WSASocketW
closesocket
getsockname
getpeername
shutdown
recv
send
connect
WSASend
WSAStartup
WSAIoctl
getsockopt
setsockopt
ioctlsocket
WSAGetLastError
getaddrinfo
freeaddrinfo
WSACleanup

bcrypt

BCryptGenRandom

comctl32

DefSubclassProc
SetWindowSubclass
RemoveWindowSubclass

oleaut32

SysFreeString
GetErrorInfo
SetErrorInfo
SysStringLen

Sections

.text
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 638KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

818c8f70967d52423a0dbad31e4e5a6e

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

gdi32

ole32

shell32

user32

kernel32

psapi

dwmapi

secur32

crypt32

advapi32

ws2_32

bcrypt

comctl32

oleaut32

Sections

.text Size: 9.3MB - Virtual size: 9.3MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 15KB - Virtual size: 21KB

.pdata Size: 638KB - Virtual size: 637KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 50KB - Virtual size: 49KB

.text
Size: 9.3MB - Virtual size: 9.3MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 15KB - Virtual size: 21KB

.pdata
Size: 638KB - Virtual size: 637KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 50KB - Virtual size: 49KB