f2dbc7457dfdef963a43023e3f2bafb934b3932f24415443a4c1430ae7a526ed

Sharing

Copy URL Twitter E-mail

General

Target

f2dbc7457dfdef963a43023e3f2bafb934b3932f24415443a4c1430ae7a526ed
Size

4.5MB
MD5

3371a62d7f64172c89120874018e43d2
SHA1

69db2fa812c9f53626fb5fa282ae17c737ee93ee
SHA256

f2dbc7457dfdef963a43023e3f2bafb934b3932f24415443a4c1430ae7a526ed
SHA512

9ce61dbf1b44ba0f929bd9de8108c7403bd15546032268c8e948af850d1fc2f0cabe0cf7e7486aae1b6a3125af0a47c1a00bbc7364f4d8e44461e6a7152803ef
SSDEEP

98304:jDdsaHfkcS0992RFzqasiUjYJd992lKm2h5NO9V:tsaHfkc32RFZmjYJraR2h5E9V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2dbc7457dfdef963a43023e3f2bafb934b3932f24415443a4c1430ae7a526ed

Files

f2dbc7457dfdef963a43023e3f2bafb934b3932f24415443a4c1430ae7a526ed
.exe windows:5 windows x64

4635686e23fc993d969d5a33a71cdd72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OpenProcess
GetSystemDirectoryW
WideCharToMultiByte
LoadLibraryW
GetLocaleInfoW
Sleep
GetModuleFileNameW
CreateFileW
lstrcmpW
lstrlenW
GetStartupInfoW
GetLastError
GetProcAddress
GetLocalTime
Process32FirstW
GlobalMemoryStatusEx
DeviceIoControl
GetSystemInfo
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
CloseHandle
GetCurrentProcessId
lstrcpyW
QueryPerformanceCounter
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
QueryPerformanceFrequency
WriteFile
CopyFileW
ExpandEnvironmentStringsW
CreateEventA
FormatMessageW
GetNativeSystemInfo
IsBadReadPtr
SetLastError
LoadLibraryA
VirtualProtect
MoveFileExA
SetErrorMode
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentDirectoryA
GetCurrentThreadId
CreateThread
GetFileSize
SetFilePointer
MapViewOfFileEx
ReadFile
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetTickCount
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetModuleHandleW
HeapFree
GetCurrentProcess
HeapAlloc
lstrlenA
CreateProcessW
FreeLibrary
GetDriveTypeW
CreateFileA
GetCommandLineW
ExitProcess
DeleteCriticalSection
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
VirtualFree
CreateWaitableTimerW
HeapDestroy
FreeEnvironmentStringsW
GetStringTypeW
IsValidCodePage
GetOEMCP
HeapCreate
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
EncodePointer
GetACP
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
HeapSize
GetConsoleMode
LocalFree
GetConsoleCP
GetStdHandle
GetProcessHeap
HeapSetInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
HeapReAlloc
ExitThread
VirtualQuery
SetThreadStackGuarantee
TryEnterCriticalSection
CancelWaitableTimer
SetWaitableTimer
UnmapViewOfFile
SwitchToThread
MultiByteToWideChar
CreateFileMappingW
GetVersion

user32

MsgWaitForMultipleObjects
GetMonitorInfoW
FindWindowA
SendMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
GetLastInputInfo
GetWindowTextW
GetWindowTextA
GetForegroundWindow
wsprintfW
GetClassNameA
EnumDisplayMonitors
OpenWindowStationW
IsWindow
GetInputState
PostThreadMessageA
SetProcessWindowStation
GetWindow

advapi32

RegEnumKeyExA
GetTokenInformation
RegSetValueExW
RegDeleteValueW
RegCreateKeyW
RegCloseKey
CheckTokenMembership
GetCurrentHwProfileW
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
LookupAccountSidW
RegOpenKeyExA
RegQueryInfoKeyW
RegQueryValueExW
OpenProcessToken

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysStringLen
SysFreeString
VariantInit
SysAllocString

shlwapi

PathIsDirectoryA
StrChrW

ws2_32

getsockname
getpeername
WSASetLastError
WSAStringToAddressW
shutdown
closesocket
send
setsockopt
WSAIoctl
htons
ntohs
WSAGetLastError
gethostname
inet_ntoa
gethostbyname
freeaddrinfo
getaddrinfo
WSAStartup
WSAResetEvent
WSAEventSelect
WSACleanup
bind
connect
recv
WSACloseEvent
WSACreateEvent
socket
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
InetNtopW

netapi32

NetWkstaGetInfo

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeGetTime

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FEFE0
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.FEFE1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FEFE2
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4635686e23fc993d969d5a33a71cdd72

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

ws2_32

netapi32

winmm

Sections

.text Size: 192KB - Virtual size: 192KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 48KB - Virtual size: 48KB

.pdata Size: 12KB - Virtual size: 12KB

.FEFE0 Size: 1.8MB - Virtual size: 1.8MB

.FEFE1 Size: 4KB - Virtual size: 4KB

.FEFE2 Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 75KB - Virtual size: 75KB

.l1 Size: 10KB - Virtual size: 10KB

.text
Size: 192KB - Virtual size: 192KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 48KB - Virtual size: 48KB

.pdata
Size: 12KB - Virtual size: 12KB

.FEFE0
Size: 1.8MB - Virtual size: 1.8MB

.FEFE1
Size: 4KB - Virtual size: 4KB

.FEFE2
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 75KB - Virtual size: 75KB

.l1
Size: 10KB - Virtual size: 10KB