e8d6b7a3414aef1e0208a88fa4da3a5fbc6bd01c7ffdd567df5e7037834937e5

Sharing

Copy URL Twitter E-mail

General

Target

e8d6b7a3414aef1e0208a88fa4da3a5fbc6bd01c7ffdd567df5e7037834937e5
Size

865KB
MD5

bbc8ffe4329943cd012929e78658d88c
SHA1

b16962c47b61feb181b0644569c9330e20034664
SHA256

e8d6b7a3414aef1e0208a88fa4da3a5fbc6bd01c7ffdd567df5e7037834937e5
SHA512

94074ce9773b67ec03ffb1fa080346e2b1dd367b7545a8ea1bc549a1b625487a18f6de7c05db3a726b4f2978df6b4a0e4691cbb495b9b452e12b3cbd11fbe332
SSDEEP

6144:dmnuKYIEKn9f/rJOdhzseAeMPaimln2ZEIMj+:dmnuKYLi9fjJQhFSCimln

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8d6b7a3414aef1e0208a88fa4da3a5fbc6bd01c7ffdd567df5e7037834937e5

Files

e8d6b7a3414aef1e0208a88fa4da3a5fbc6bd01c7ffdd567df5e7037834937e5
.exe windows:6 windows x64

9fbfd1fd6dda22d604479a1b97d8d106

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

netapi32

NetApiBufferFree
NetLocalGroupGetMembers

ws2_32

send
socket
WSAStartup
WSACleanup
WSAAsyncSelect
bind
getsockname
htons
InetPtonW
inet_ntoa
ntohs
inet_addr
ioctlsocket
connect
closesocket
recv

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpDetectAutoProxyConfigUrl

secur32

GetUserNameExW

comctl32

PropertySheetW
InitMUILanguage

crypt32

CryptStringToBinaryA
CryptProtectData
CertGetNameStringW
CryptBinaryToStringA
CertCreateCertificateContext
CertFreeCertificateContext
CryptUnprotectData

shlwapi

StrTrimA
UrlUnescapeA
PathIsRelativeW

advapi32

RegOpenKeyExW
LookupAccountNameW
LookupAccountSidW
GetTokenInformation
EqualSid
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCopyTreeW
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegGetValueW
RegSetKeyValueW
RegDeleteKeyValueW
CreateWellKnownSid
CopySid
OpenProcessToken
RegCreateKeyExW
RegDeleteValueW
DeregisterEventSource
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHCreateItemFromParsingName

gdi32

GetObjectW
CreateFontIndirectW
SetPixel
SelectObject
GetPixel
DeleteObject
DeleteDC
CreateCompatibleDC
LPtoDP
SetTextColor
GetTextExtentPoint32W
GetDeviceCaps
GetStockObject

comdlg32

GetOpenFileNameW

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx

cryptui

CryptUIDlgViewContext

wininet

InternetConnectW
InternetCloseHandle
InternetOpenW
InternetReadFile
InternetSetOptionA
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoA
HttpQueryInfoW

kernel32

GetTickCount
FindClose
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
ExpandEnvironmentStringsW
GlobalFree
GetWindowsDirectoryW
LocalFree
IsDebuggerPresent
OpenProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CreatePipe
SetHandleInformation
WriteFile
ReadFileEx
ReadFile
GetStartupInfoW
CreateProcessW
ResumeThread
TerminateThread
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcessId
CreateEventW
SetEvent
CancelIo
PeekNamedPipe
FormatMessageW
SetNamedPipeHandleState
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
GetTickCount64
InitializeSListHead
GetTempPathW
GetExitCodeProcess
CreateSemaphoreW
GetFileAttributesW
CreateFileW
CreateDirectoryW
Sleep
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
CloseHandle
GetLastError
ReleaseSemaphore
WaitForSingleObject
GetCurrentProcess
GetSystemDirectoryW
MulDiv
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
FileTimeToLocalFileTime
FindResourceExW
GetModuleFileNameW
LoadResource
SizeofResource
FindResourceW
EnumResourceLanguagesW
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
LCIDToLocaleName
GetUserDefaultUILanguage
GetLocaleInfoEx
VerSetConditionMask
GetCommandLineW

user32

SetDlgItemInt
CheckMenuItem
AppendMenuW
SetMenuItemBitmaps
GetDlgItemInt
SetMenuInfo
DestroyMenu
GetCursorPos
GetIconInfo
SetCursor
TrackPopupMenu
CreatePopupMenu
EnumThreadWindows
GetSysColor
GetClientRect
GetWindowTextW
RemovePropW
GetPropW
SetPropW
IsWindowEnabled
EnableWindow
SetFocus
GetDlgCtrlID
EndDialog
MoveWindow
PostMessageW
IsDialogMessageW
GetWindowTextLengthW
ReleaseDC
GetDC
MsgWaitForMultipleObjectsEx
EnableMenuItem
SetForegroundWindow
MessageBoxW
SendMessageW
SendMessageTimeoutW
ShowWindow
SetWindowPos
GetDlgItem
GetSystemMetrics
InvalidateRect
SetWindowTextW
GetWindowRect
HideCaret
ShowCaret
OffsetRect
GetWindowLongW
SetWindowLongW
CreateDialogIndirectParamW
DialogBoxIndirectParamW
CheckRadioButton
IsDlgButtonChecked
MessageBoxExW
SetWindowLongPtrW
LookupIconIdFromDirectory
CreateIconFromResourceEx
LoadImageW
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
CreateWindowExW
IsWindow
DestroyWindow
SetDlgItemTextW
GetDlgItemTextW
SetTimer
KillTimer
GetMenuItemID
GetMenuInfo
FindWindowW
LoadCursorW
PeekMessageW
SetDlgItemTextA
CallMsgFilterW
keybd_event

vcruntime140

memset
strchr
memchr
memcmp
memcpy
memmove
wcsrchr
strstr
wcschr
__C_specific_handler
__current_exception
__current_exception_context
wcsstr

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcsspn
strncmp
_wcsdup
wcsncat
isxdigit
wcstok_s
strcmp
wcsncpy_s
strtok
strncpy
_wcsnicmp
_strdup
_stricmp
wcsncmp
wcsncpy
isalnum
iswctype
wcscspn
strspn
strncpy_s
wcspbrk

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
malloc
free
calloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__p__commode
fclose
__stdio_common_vswscanf
__stdio_common_vfwprintf
_wfopen
fwrite
_set_fmode
__stdio_common_vsscanf
fgets
__stdio_common_vswprintf

api-ms-win-crt-time-l1-1-0

_time64
_wctime64

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-convert-l1-1-0

atoi
_wtoi
strtol
strtoul
wcstol
mbstowcs
strtod

api-ms-win-crt-runtime-l1-1-0

_cexit
exit
_exit
terminate
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_c_exit

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath
_wunlink
_wstat64i32

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

aslr_workaround

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fbfd1fd6dda22d604479a1b97d8d106

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

netapi32

ws2_32

winhttp

secur32

comctl32

crypt32

shlwapi

advapi32

shell32

gdi32

comdlg32

ole32

cryptui

wininet

kernel32

user32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 1024B - Virtual size: 10KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 717KB - Virtual size: 716KB

.reloc Size: 512B - Virtual size: 180B

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 1024B - Virtual size: 10KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 717KB - Virtual size: 716KB

.reloc
Size: 512B - Virtual size: 180B