8494d0148d852a82cea8a4591a863fcbc86e2c92f3f4b2514d6209e20743cfff

Sharing

Copy URL Twitter E-mail

General

Target

8494d0148d852a82cea8a4591a863fcbc86e2c92f3f4b2514d6209e20743cfff
Size

958KB
MD5

fd69757fc776455b756fa674b8c98bbc
SHA1

78a54e3f1831e4e19e2392c07274a66451ad1a25
SHA256

8494d0148d852a82cea8a4591a863fcbc86e2c92f3f4b2514d6209e20743cfff
SHA512

0a1d1c1f903660ea948f5116fae94a838373a77539be3eea7420063edbb974b1da7c275554e384b1726fc4a155a2d0fa590ac068d0488919e5d2d747ff289ef1
SSDEEP

12288:9QlB+4/iiNBwjAwCWoglnyvFHzSmyaZxgsBDSHwfTYwoFeHX56d:alB+4/iiNejiWhlyFz4a8MGHuYw6R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8494d0148d852a82cea8a4591a863fcbc86e2c92f3f4b2514d6209e20743cfff

Files

8494d0148d852a82cea8a4591a863fcbc86e2c92f3f4b2514d6209e20743cfff
.exe windows:6 windows x64

644b53dc37ee61377c93b15662935574

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlLookupFunctionEntry
NtReadFile
NtWriteFile
RtlCaptureContext
NtCancelIoFileEx
RtlNtStatusToDosError
RtlPcToFileHeader
RtlUnwindEx
NtDeviceIoControlFile
RtlVirtualUnwind

kernel32

FlsSetValue
CloseHandle
FlsGetValue
ReleaseSRWLockExclusive
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
FlsFree
FindFirstFileExW
AcquireSRWLockExclusive
CompareStringW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
GetCurrentProcessId
EnterCriticalSection
EncodePointer
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetCPInfo
Process32Next
LCMapStringW
CreateMutexW
GetLastError
GetCurrentProcess
DuplicateHandle
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
HeapSize
GetOverlappedResult
ReadFile
WriteFile
Sleep
GetModuleHandleA
GetProcAddress
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetConsoleOutputCP
CreateThread
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
GetConsoleMode
GetFileType
WideCharToMultiByte
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
SetCurrentDirectoryW
ExitProcess
GetFullPathNameW
FlsAlloc
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
SetThreadStackGuarantee
MultiByteToWideChar
WriteConsoleW

user32

MessageBoxW

advapi32

SystemFunction036

psapi

GetModuleFileNameExW

bcrypt

BCryptGenRandom

Sections

.text
Size: 618KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

644b53dc37ee61377c93b15662935574

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

psapi

bcrypt

Sections

.text Size: 618KB - Virtual size: 617KB

.rdata Size: 271KB - Virtual size: 270KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 41KB - Virtual size: 41KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 618KB - Virtual size: 617KB

.rdata
Size: 271KB - Virtual size: 270KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 41KB - Virtual size: 41KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 5KB - Virtual size: 5KB