eb3c0e67a7a2892a00b8216a0ecc100174a6a6e3a1f31a00e95b9b2598ea88e8

Sharing

Copy URL

Twitter E-mail

General

Target

eb3c0e67a7a2892a00b8216a0ecc100174a6a6e3a1f31a00e95b9b2598ea88e8
Size

2.1MB
MD5

93894aee6f4ee5f5ab31eee3d98bd401
SHA1

0999539fe98ec38d47564ba4b768832fff638a0a
SHA256

eb3c0e67a7a2892a00b8216a0ecc100174a6a6e3a1f31a00e95b9b2598ea88e8
SHA512

0d0a442f0fe87f33ae37ac10e4ad70cf2bcc2b0d86b2e3671e1594616c4857a4fdf89936da6025225c878ab8cb731fa166594b6c6671519a442bcdd449b17075
SSDEEP

49152:SSeatkb+LKQxQUzCKGtRWiWCB69Fvc7CN:7bGolvc7C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb3c0e67a7a2892a00b8216a0ecc100174a6a6e3a1f31a00e95b9b2598ea88e8

Files

eb3c0e67a7a2892a00b8216a0ecc100174a6a6e3a1f31a00e95b9b2598ea88e8
.exe windows:6 windows x64

bbf856caec1795bcf4665ba0b1b90676

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtReadFile
NtWriteFile
RtlLookupFunctionEntry
RtlCaptureContext
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind

kernel32

CompareStringW
GetCPInfo
GetOEMCP
GetACP
SetStdHandle
GetStringTypeW
FlsFree
FlsSetValue
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FlsGetValue
FlsAlloc
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsAlloc
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CreateToolhelp32Snapshot
Process32First
CloseHandle
OpenProcess
Process32Next
GetCurrentThreadId
LCMapStringW
GetLastError
GetCurrentProcess
DuplicateHandle
GetSystemInfo
HeapSize
ReadFile
GetOverlappedResult
WriteFile
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
Sleep
GetModuleHandleA
GetProcAddress
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
TlsSetValue
TlsGetValue
FreeEnvironmentStringsW
ReleaseMutex
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetConsoleOutputCP
CreateThread
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
CreateEventW
CancelIo
GetConsoleMode
GetFileType
WideCharToMultiByte
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
SetCurrentDirectoryW
ExitProcess
GetFullPathNameW
CreateMutexW
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
FindClose
MultiByteToWideChar
WriteConsoleW

advapi32

SystemFunction036

psapi

GetModuleFileNameExW

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbf856caec1795bcf4665ba0b1b90676

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

psapi

bcrypt

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 412KB - Virtual size: 411KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 107KB - Virtual size: 106KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 412KB - Virtual size: 411KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 107KB - Virtual size: 106KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 8KB - Virtual size: 7KB