274ad759e3f51b87efaff5142c16e33e112a21b43071d1c9b31a7550c3ef9b55

Sharing

Copy URL

Twitter E-mail

General

Target

274ad759e3f51b87efaff5142c16e33e112a21b43071d1c9b31a7550c3ef9b55
Size

2.2MB
MD5

85c36a39de83522063882c7978742221
SHA1

1c8736872b6f42eedbf576f87a57511f064dd565
SHA256

274ad759e3f51b87efaff5142c16e33e112a21b43071d1c9b31a7550c3ef9b55
SHA512

882b6253db3441c8346379cdbfac3874919c075ff2f17fa7e63f2b81766537e6255c1c2a22d6d8db34c4793d375929b79f858680385f8d6debe73cb5767a9956
SSDEEP

49152:pRwDe7t65qHhLp9mr7h3N7Nrk2QcP+GYeX7IXt:pRwe2qH5p9mrZN7NrONp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
274ad759e3f51b87efaff5142c16e33e112a21b43071d1c9b31a7550c3ef9b55

Files

274ad759e3f51b87efaff5142c16e33e112a21b43071d1c9b31a7550c3ef9b55
.exe windows:6 windows x86

1e883ee9863409b199872b4453aceb92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptQueryObject
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptDecodeObject

ws2_32

shutdown
WSAStartup
gethostbyname
inet_ntoa
closesocket
WSAGetLastError
socket
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSASetLastError
WSAIoctl
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
send
getservbyname

kernel32

GetSystemDirectoryW
GetModuleFileNameW
MoveFileExW
OutputDebugStringA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
GetVersionExW
CreateFileA
DeviceIoControl
CreateFileW
DeleteFileW
WriteFile
OutputDebugStringW
GetSystemDirectoryA
GetModuleHandleW
GetProcAddress
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
FreeLibrary
LoadLibraryW
VerifyVersionInfoW
Sleep
QueryPerformanceCounter
GetTickCount
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
FlushConsoleInputBuffer
GetCurrentThreadId
GetModuleHandleA
GetCurrentProcessId
LoadLibraryA
GlobalMemoryStatus
GetSystemTime
SystemTimeToFileTime
EncodePointer
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleInputW
SetConsoleMode
SetEndOfFile
FlushFileBuffers
GetFileSizeEx
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileAttributesW
GetDriveTypeW
Process32NextW
GetStdHandle
CreateToolhelp32Snapshot
lstrcpyW
lstrcpynW
lstrcmpA
LocalFree
LocalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
OpenProcess
TerminateProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
CloseHandle
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
GetConsoleOutputCP
ResetEvent
CreateEventW
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
SetFilePointerEx
DecodePointer
FreeLibraryAndExitThread
ExitThread
CreateThread
Process32FirstW
GetModuleHandleExW
ExitProcess
FindNextFileW
FindFirstFileExW
FindClose
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetFileAttributesExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
LoadIconW
MessageBoxW
LoadCursorW
MessageBoxA
GetWindowRect
GetWindowTextW
EndPaint
BeginPaint
UpdateWindow
GetSystemMetrics
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowPos
LoadAcceleratorsW
TranslateAcceleratorW

gdi32

DeleteObject
CreateFontW

advapi32

CryptGetUserKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
RegCloseKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA

shell32

SHFileOperationW
ShellExecuteW
ord165

shlwapi

PathRemoveFileSpecW

wldap32

ord208
ord41
ord117
ord301
ord147
ord14
ord79
ord26
ord142
ord46
ord167
ord127
ord27
ord216
ord219
ord133
ord145

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e883ee9863409b199872b4453aceb92

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

shlwapi

wldap32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 394KB - Virtual size: 394KB

.data Size: 45KB - Virtual size: 60KB

.rsrc Size: 35KB - Virtual size: 34KB

.tvm0 Size: 280KB - Virtual size: 280KB

.reloc Size: 68KB - Virtual size: 72KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 394KB - Virtual size: 394KB

.data
Size: 45KB - Virtual size: 60KB

.rsrc
Size: 35KB - Virtual size: 34KB

.tvm0
Size: 280KB - Virtual size: 280KB

.reloc
Size: 68KB - Virtual size: 72KB