624769a31d49a70b1e0832d35f4548e66ecdec8f421ba2836f46737a8345699f

Sharing

Copy URL Twitter E-mail

General

Target

624769a31d49a70b1e0832d35f4548e66ecdec8f421ba2836f46737a8345699f
Size

3.9MB
MD5

32f23e218c23f6aaa21fac22c1af8013
SHA1

ea712a7713b3a0567c356636ca5d136f8be51101
SHA256

624769a31d49a70b1e0832d35f4548e66ecdec8f421ba2836f46737a8345699f
SHA512

5735258f0d1cc6ffa5e99ecb884a4e0d74e106f9e48e95444b80e0e66f8c78c180e438b09ebc6010a1ad7372d57e1fc4ea1808aeb621f2553c9e32a66146e1d0
SSDEEP

49152:Rh5AGbT9bwPNkyFX+5UC+zeNqJYOJRUWCxcI/kiKJ25eWm:Rl+aqFJMMiydW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
624769a31d49a70b1e0832d35f4548e66ecdec8f421ba2836f46737a8345699f

Files

624769a31d49a70b1e0832d35f4548e66ecdec8f421ba2836f46737a8345699f
.exe windows:6 windows x64

ff4a3ddfd1ec9060b5c46b9acd75d033

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlLookupFunctionEntry
NtReadFile
NtWriteFile
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlPcToFileHeader
RtlUnwindEx
NtCancelIoFileEx
RtlVirtualUnwind

kernel32

FlsSetValue
CloseHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetCPInfo
SetStdHandle
GetStringTypeW
GetOEMCP
FlsFree
GetACP
IsValidCodePage
FindFirstFileExW
FlsAlloc
CompareStringW
FlsGetValue
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetHandleInformation
LeaveCriticalSection
GetCurrentProcessId
EnterCriticalSection
EncodePointer
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
LCMapStringW
GetCurrentProcess
DuplicateHandle
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
WriteFile
HeapSize
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
CreateMutexW
GetLastError
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
TlsSetValue
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetConsoleOutputCP
TlsGetValue
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
CreateThread
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
GetConsoleMode
GetFileType
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
AcquireSRWLockShared
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
SetThreadStackGuarantee
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte

ws2_32

shutdown
connect
bind
WSASocketW
getpeername
getsockname
recv
send
WSASend
setsockopt
WSAIoctl
closesocket
WSAGetLastError
getsockopt
ioctlsocket
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo

advapi32

SystemFunction036
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

secur32

DeleteSecurityContext
EncryptMessage
InitializeSecurityContextW
QueryContextAttributesW
FreeContextBuffer
DecryptMessage
ApplyControlToken
FreeCredentialsHandle
AcceptSecurityContext
AcquireCredentialsHandleA

crypt32

CertDuplicateCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertFreeCertificateContext
CertDuplicateCertificateContext

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff4a3ddfd1ec9060b5c46b9acd75d033

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

ws2_32

advapi32

secur32

crypt32

bcrypt

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 14KB - Virtual size: 19KB

.pdata Size: 144KB - Virtual size: 144KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 14KB - Virtual size: 19KB

.pdata
Size: 144KB - Virtual size: 144KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 23KB - Virtual size: 23KB