be602cfb2032d5f77609eaae90dc02242de48b06d657242eaf1773ee82de9134

Sharing

Copy URL Twitter E-mail

General

Target

be602cfb2032d5f77609eaae90dc02242de48b06d657242eaf1773ee82de9134
Size

7.2MB
MD5

de2ad4415cc30186d7bf64defc3dfc29
SHA1

9bc9227267b2fc815834b488bbba0c3546eec259
SHA256

be602cfb2032d5f77609eaae90dc02242de48b06d657242eaf1773ee82de9134
SHA512

8d939724ffba25739acc7c86a2e333b00e56ecb51318e4b1187746b44bdcfdac2373e84dd993568dc4f40e54b5cc15dce32b2370d2273da76f18c317c1f33a72
SSDEEP

49152:ciPOseTS6lPg5wr8fFO95LMEaSENgKIiAd9TKBQEeZapB1EDYTnVN1QXipeDFbJi:ZFmOh/vl1c3AiPzLahv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be602cfb2032d5f77609eaae90dc02242de48b06d657242eaf1773ee82de9134

Files

be602cfb2032d5f77609eaae90dc02242de48b06d657242eaf1773ee82de9134
.exe windows:6 windows x64

ef8000b2b02b2204e841ca879357bda2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlCaptureContext
NtReadFile
NtWriteFile
NtCreateFile
NtDeviceIoControlFile
RtlLookupFunctionEntry
RtlNtStatusToDosError
NtCancelIoFileEx
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader

kernel32

CompareStringW
GetCPInfo
GetOEMCP
GetACP
SetStdHandle
GetStringTypeW
FlsFree
FlsSetValue
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FlsGetValue
FlsAlloc
SetHandleInformation
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsAlloc
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CloseHandle
GetCurrentProcess
LCMapStringW
GetSystemInfo
GetCurrentThreadId
ReadFile
GetOverlappedResult
WriteFile
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
Sleep
GetLastError
GetModuleHandleA
GetProcAddress
CreateMutexW
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
HeapSize
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetConsoleOutputCP
GetSystemTimeAsFileTime
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
TlsSetValue
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
GetConsoleMode
GetFileType
TlsGetValue
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
DuplicateHandle
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
SetLastError
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread

secur32

EncryptMessage
InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
DecryptMessage
FreeCredentialsHandle
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertCloseStore
CertDuplicateStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain

advapi32

SystemFunction036
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ws2_32

recv
getpeername
getsockname
connect
bind
WSASocketW
closesocket
send
WSASend
WSAStartup
WSAIoctl
getsockopt
setsockopt
ioctlsocket
WSACleanup
freeaddrinfo
WSAGetLastError
getaddrinfo
shutdown

bcrypt

BCryptGenRandom

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef8000b2b02b2204e841ca879357bda2

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

secur32

crypt32

advapi32

ws2_32

bcrypt

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 14KB - Virtual size: 19KB

.pdata Size: 356KB - Virtual size: 355KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 5.2MB - Virtual size: 5.2MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 14KB - Virtual size: 19KB

.pdata
Size: 356KB - Virtual size: 355KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 30KB - Virtual size: 30KB