f7ef99856f1dfa733ad7b1e1035064304a3119dfcbc1f86f26dbcaaaa0bce1c1

Sharing

Copy URL Twitter E-mail

General

Target

f7ef99856f1dfa733ad7b1e1035064304a3119dfcbc1f86f26dbcaaaa0bce1c1
Size

1004KB
MD5

c7245b29312eafbdb8f8b78c8b1da8ce
SHA1

6e30443ecdabb0553c81e43a5e32e6561fdc5e27
SHA256

f7ef99856f1dfa733ad7b1e1035064304a3119dfcbc1f86f26dbcaaaa0bce1c1
SHA512

f666e9a9abe9961b36fd92e9769e43d00fa2dcc7ea57f15f08e7ea341707a27bb07c8d3e6a9cc001172a3150e57274cef83edb351338abe5d9c46d57e2b91bc6
SSDEEP

24576:8cus2076y0MeGgK6nZeMZQgXe4i7ojhsP5Lgrk1TWb4AN5:8cus2076y0MeRK6nZ5e30jaNf1TWbdz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7ef99856f1dfa733ad7b1e1035064304a3119dfcbc1f86f26dbcaaaa0bce1c1

Files

f7ef99856f1dfa733ad7b1e1035064304a3119dfcbc1f86f26dbcaaaa0bce1c1
.exe windows:6 windows x64

ca214124c306a53afc979c3fd39cc7d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIf3
RpcServerUseProtseqEpW
RpcServerInqCallAttributesW
RpcEpUnregister
RpcServerUnregisterIf
RpcServerListen
NdrServerCall2
NdrServerCallAll
RpcBindingVectorFree
NdrClientCall3

api-ms-win-core-synch-l1-1-0

OpenEventW
EnterCriticalSection
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateEventW
InitializeCriticalSectionEx
ReleaseMutex
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
OpenMutexW
WaitForSingleObject

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

api-ms-win-core-processthreads-l1-1-0

CreateThread
TlsAlloc
CreateProcessAsUserW
GetCurrentProcessId
CreateProcessW
TlsGetValue
TlsSetValue
GetCurrentThreadId
GetExitCodeProcess
TlsFree
SuspendThread
TerminateProcess
ResumeThread
GetStartupInfoW
ExitProcess
OpenProcessToken
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
PropVariantClear
CoInitializeEx
CLSIDFromString
CoUninitialize

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

GetFileType
CreateFileW
FlushFileBuffers
FindFirstFileW
FindNextFileW
FindClose
CompareFileTime
GetFileAttributesExW
FindFirstFileExW
DeleteFileW
SetFilePointerEx
ReadFile
SetEndOfFile
WriteFile
CreateDirectoryW
GetFileSize
SetFilePointer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetVersionExW
GetSystemDirectoryW
GetTickCount64
GetWindowsDirectoryW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-core-privateprofile-l1-1-0

WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegDeleteValueW

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_DevNode_PropertyW
CM_Get_Device_Interface_ListW
CM_Register_Notification
CM_Get_Device_Interface_List_SizeW
CM_Locate_DevNodeW

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-libraryloader-l1-2-0

LoadResource
LoadLibraryExW
GetModuleHandleExW
LockResource
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
FreeResource
FreeLibrary

hid

HidD_SetFeature
HidD_GetFeature
HidD_GetHidGuid
HidD_FreePreparsedData
HidD_GetAttributes
HidP_GetCaps
HidD_GetPreparsedData

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
AddAce
AddAccessAllowedAce
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
SetTokenInformation
GetLengthSid
InitializeAcl
DuplicateTokenEx
AllocateAndInitializeSid
IsValidSecurityDescriptor

propsys

InitPropVariantFromCLSID

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
WaitNamedPipeW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

powrprof

SetSuspendState
PowerDeterminePlatformRole

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable
GetProductInfo

api-ms-win-power-setting-l1-1-0

PowerWriteDCValueIndex
PowerGetActiveScheme
PowerSetActiveScheme
PowerSettingRegisterNotification
PowerWriteACValueIndex
PowerSettingUnregisterNotification

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar

ext-ms-win-networking-wlanapi-l1-1-0

WlanOpenHandle
WlanFreeMemory
WlanEnumInterfaces
WlanCloseHandle

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
DeleteService
StartServiceW
OpenSCManagerW

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-toolhelp-l1-1-0

Process32NextW
CreateToolhelp32Snapshot
Process32FirstW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
HeapSize

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
ChangeServiceConfigW
QueryServiceStatusEx

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage

cfgmgr32

CM_Reenumerate_DevNode_Ex

winusb

WinUsb_Initialize
WinUsb_GetDescriptor
WinUsb_Free

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue
FlsAlloc
FlsGetValue

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
GetStdHandle
GetCommandLineW
GetEnvironmentStringsW
GetCommandLineA
SetStdHandle

api-ms-win-core-localization-l1-2-0

GetCPInfo
GetOEMCP
LCMapStringW
GetACP
IsValidCodePage

api-ms-win-core-console-l1-1-0

GetConsoleCP
GetConsoleMode
WriteConsoleW

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca214124c306a53afc979c3fd39cc7d4

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

api-ms-win-core-synch-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

hid

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-security-base-l1-1-0

propsys

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-ntuser-sysparams-l1-1-0

powrprof

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-string-l1-1-0

ext-ms-win-networking-wlanapi-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-shutdown-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-security-base-l1-2-2

api-ms-win-security-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l2-1-0

userenv

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

cfgmgr32

winusb

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-console-l1-1-0

Sections

.text Size: 302KB - Virtual size: 302KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 4KB - Virtual size: 20KB

.pdata Size: 17KB - Virtual size: 16KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 302KB - Virtual size: 302KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 4KB - Virtual size: 20KB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 568KB - Virtual size: 572KB