15a2ce3fc130879b3e6014e06ce1afb7b18a3ce1f3ed87724f027e4b732571bc

Sharing

Copy URL Twitter E-mail

General

Target

15a2ce3fc130879b3e6014e06ce1afb7b18a3ce1f3ed87724f027e4b732571bc
Size

5.7MB
MD5

c91ad6855fe9a7de05ad02c3744cdfc6
SHA1

5f383c57acb4edb17a032303db0bd946744bb9f1
SHA256

15a2ce3fc130879b3e6014e06ce1afb7b18a3ce1f3ed87724f027e4b732571bc
SHA512

321fe89052754753d9e6134289ede22ed9cf9c006fc1543d46c8859391d814f90b2be1cdb0bd5f8daf96567da861dc83e0f1caa05640975cc96168185ab86be4
SSDEEP

49152:0Ym/jqf6OpHxdULjbGQ9O9DImi3eG+UFdM0DpT6QXrtpnLtbwWvyxgamDGkrzbb6:We2J3o4XhzQqyOwe41k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15a2ce3fc130879b3e6014e06ce1afb7b18a3ce1f3ed87724f027e4b732571bc

Files

15a2ce3fc130879b3e6014e06ce1afb7b18a3ce1f3ed87724f027e4b732571bc
.exe windows:6 windows x64

235163584da154f71882f9866f7bfe64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
NtWriteFile
NtReadFile
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx

kernel32

SystemTimeToFileTime
SetEvent
EnterCriticalSection
GetCurrentThreadId
TzSpecificLocalTimeToSystemTime
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RaiseException
Process32Next
EncodePointer
OpenProcess
Process32First
CreateToolhelp32Snapshot
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TlsAlloc
TlsFree
GetModuleHandleExW
GetCommandLineA
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
GetStringTypeW
SystemTimeToTzSpecificLocalTime
FlsAlloc
GetSystemTimeAsFileTime
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
TlsSetValue
TlsGetValue
CreateThread
WideCharToMultiByte
WriteConsoleW
MultiByteToWideChar
HeapSize
SetHandleInformation
GetCurrentProcessId
CloseHandle
GetFullPathNameW
ExitProcess
GetFileType
GetConsoleMode
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
CreateMutexW
GetLastError
GetCurrentProcess
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
SleepConditionVariableSRW
GetSystemInfo
GetConsoleOutputCP
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GetUserDefaultUILanguage
LCIDToLocaleName
GetFileInformationByHandle
LoadLibraryW
GetProcAddress
FindNextFileW
CreateMutexA
lstrlenW
WaitForSingleObjectEx
HeapReAlloc
GetFileAttributesW
CreateFileW
OutputDebugStringA
OutputDebugStringW
GetModuleFileNameW
CreateEventW
FormatMessageW
HeapAlloc
GetModuleHandleA
LoadLibraryExW
GetProcessHeap
HeapFree
Sleep
FreeLibrary
GetEnvironmentVariableW
QueryPerformanceFrequency
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
TerminateProcess
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
FlushFileBuffers
GetCommandLineW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
GetCurrentThread
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
LoadLibraryA
FindClose
ReleaseMutex

comctl32

SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass

user32

ToUnicodeEx
ShowCursor
PostThreadMessageW
ClipCursor
GetClipCursor
GetActiveWindow
SetWindowLongW
EnableMenuItem
GetSystemMenu
MonitorFromPoint
SendMessageW
DestroyIcon
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterWindowMessageA
PeekMessageW
DispatchMessageA
GetMessageA
GetKeyboardLayout
CreateIcon
ReleaseCapture
SendInput
SetWindowDisplayAffinity
GetKeyboardState
AdjustWindowRectEx
IsProcessDPIAware
GetDC
GetWindowRect
GetUpdateRect
SetForegroundWindow
MonitorFromRect
GetSystemMetrics
PostMessageW
TrackMouseEvent
DestroyWindow
GetWindowLongW
GetClientRect
ClientToScreen
RegisterClassExW
GetTouchInputInfo
ScreenToClient
CloseTouchInputHandle
GetCursorPos
MonitorFromWindow
SetWindowPos
GetAsyncKeyState
SetCursor
GetMonitorInfoW
LoadCursorW
GetKeyState
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
ShowWindow
MapVirtualKeyExW
TranslateMessage
GetWindowLongPtrW
GetRawInputData
ValidateRect
RedrawWindow
DispatchMessageW
SystemParametersInfoA
SetPropW
GetMenu
CreateWindowExW
IsWindow
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
DefWindowProcW
GetMessageW
MapVirtualKeyW
EnumChildWindows
InvalidateRgn
RegisterTouchWindow

ole32

CoCreateInstance
RevokeDragDrop
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
OleInitialize
RegisterDragDrop

shell32

SHAppBarMessage
DragQueryFileW
DragFinish

psapi

GetModuleFileNameExW

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

ws2_32

WSAStartup
getsockname
getpeername
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
WSASend
setsockopt
WSAIoctl
WSAGetLastError
getaddrinfo
closesocket
freeaddrinfo
WSACleanup
send

advapi32

RegQueryValueExW
RegOpenKeyExW
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
SystemFunction036
RegCloseKey

secur32

AcceptSecurityContext
AcquireCredentialsHandleA
FreeContextBuffer
DecryptMessage
EncryptMessage
InitializeSecurityContextW
DeleteSecurityContext
QueryContextAttributesW
FreeCredentialsHandle
ApplyControlToken

crypt32

CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateChain
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy

oleaut32

GetErrorInfo
SetErrorInfo
SysStringLen
SysFreeString

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

235163584da154f71882f9866f7bfe64

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

comctl32

user32

ole32

shell32

psapi

gdi32

dwmapi

ws2_32

advapi32

secur32

crypt32

oleaut32

bcrypt

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 15KB - Virtual size: 21KB

.pdata Size: 192KB - Virtual size: 192KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 15KB - Virtual size: 21KB

.pdata
Size: 192KB - Virtual size: 192KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 30KB - Virtual size: 30KB