b9a4ba7a9fcf0dbe24ff7f26f1c2d51bcd8b7a2b87a1cb8c3a1748995fdf5098

Sharing

Copy URL Twitter E-mail

General

Target

b9a4ba7a9fcf0dbe24ff7f26f1c2d51bcd8b7a2b87a1cb8c3a1748995fdf5098
Size

472KB
MD5

f9d4b3f722db98ceac4a240368ac2622
SHA1

132e989172bfd2e5768e66ee0e20c15681edeeb5
SHA256

b9a4ba7a9fcf0dbe24ff7f26f1c2d51bcd8b7a2b87a1cb8c3a1748995fdf5098
SHA512

1a92f51b314f2080808e9377ca5721ee9bfddd0d5ac43dc079d2870bdca59284e57abfa2b4444f848d15d693bb1c5f626949ec481b60c44b9506fbccfb8080d0
SSDEEP

3072:g7kP/rRYoKPHS8xuker2KgCrtIFF5Thd2W14EDJHK1fkgLCoY46fDKyO0m7v1TXU:gwdYNrur2K1tIFF5ThHdzohjyWpX4HL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9a4ba7a9fcf0dbe24ff7f26f1c2d51bcd8b7a2b87a1cb8c3a1748995fdf5098

Files

b9a4ba7a9fcf0dbe24ff7f26f1c2d51bcd8b7a2b87a1cb8c3a1748995fdf5098
.exe windows:6 windows x64

b40bcccb54acb6a9794c37482aeb5fde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
CM_Get_Parent
SetupDiGetClassDevsW
CM_Get_Device_IDW
SetupDiGetDeviceInstallParamsW

kernel32

SetEndOfFile
WriteConsoleW
HeapSize
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
CreateDirectoryW
CreateMutexW
GetLastError
LocalFree
GetPrivateProfileStringW
GetLocalTime
LoadLibraryW
GetProcAddress
FreeLibrary
WaitForMultipleObjects
GetCurrentThreadId
OpenEventW
OpenProcess
CreateEventW
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GetTimeZoneInformation
ReadFile
WriteFile
GetModuleFileNameW
FindClose
CreateFileW
CloseHandle
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
WaitForSingleObject
SetEvent
ResetEvent
Sleep
TerminateThread
RaiseException
FindNextFileW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
ReadConsoleW
HeapAlloc
HeapFree
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
SetFilePointerEx
GetFileSizeEx
ExitProcess
GetStdHandle
GetModuleHandleExW
ExitThread
RtlPcToFileHeader
RtlUnwindEx
WaitForSingleObjectEx
EncodePointer
DecodePointer
SetLastError
LCMapStringW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateThread
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW

user32

GetQueueStatus
TranslateMessage
KillTimer
PostQuitMessage
PostThreadMessageW
DispatchMessageW
CallMsgFilterW
RegisterClassExW
WaitMessage
UnregisterClassW
CreateWindowExW
DestroyWindow
PostMessageW
DefWindowProcW
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer

shell32

CommandLineToArgvW

ole32

CLSIDFromString

oleaut32

VariantClear

winmm

timeGetTime

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b40bcccb54acb6a9794c37482aeb5fde

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

shell32

ole32

oleaut32

winmm

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 7KB - Virtual size: 14KB

.pdata Size: 9KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 191KB - Virtual size: 190KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 7KB - Virtual size: 14KB

.pdata
Size: 9KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 191KB - Virtual size: 190KB

.reloc
Size: 3KB - Virtual size: 3KB