a4fbe6a8702a84b4aaa28f425f6cc498cd2cfed4b16fb2fdd355b0822953d3b8

Sharing

Copy URL Twitter E-mail

General

Target

a4fbe6a8702a84b4aaa28f425f6cc498cd2cfed4b16fb2fdd355b0822953d3b8
Size

3.7MB
MD5

15448e908904f74a4d9371c9320f19ae
SHA1

2040eb431b7c35ec99d16e964ca1b9fa1a790a74
SHA256

a4fbe6a8702a84b4aaa28f425f6cc498cd2cfed4b16fb2fdd355b0822953d3b8
SHA512

ac48fd92319967ee2fd0d1f9cd970b7c437736eb41f4d45862f898971fa004140b7ddb85f50547adac260f1a9feb9b7b422f747f9792370988010ef7e30377af
SSDEEP

49152:eLQWgz4YiWJq4uHg8fkBi8JLBs/NlOabM0+beeRKojOAPvVq4v1RyaUaGmYp1nT:gW0bJ+bXFpB39UaGmYp1nT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4fbe6a8702a84b4aaa28f425f6cc498cd2cfed4b16fb2fdd355b0822953d3b8

Files

a4fbe6a8702a84b4aaa28f425f6cc498cd2cfed4b16fb2fdd355b0822953d3b8
.exe windows:6 windows x64

af9101b23c17cf28952761e9077849e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SystemFunction036

kernel32

CloseHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetHandleInformation
GetCurrentProcessId
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentProcess
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
FreeEnvironmentStringsW
ReleaseMutex
FindClose
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WaitForSingleObject
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
GetConsoleMode
GetFileType
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile
NtCreateFile
NtReadFile
NtDeviceIoControlFile

ws2_32

send
WSASend
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
recv
shutdown
getsockopt
bind
closesocket
getsockname
getpeername
WSASocketW
ioctlsocket
connect

secur32

AcquireCredentialsHandleA
FreeContextBuffer
FreeCredentialsHandle
QueryContextAttributesW
DecryptMessage
ApplyControlToken
AcceptSecurityContext
InitializeSecurityContextW
DeleteSecurityContext
EncryptMessage

crypt32

CertDuplicateCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af9101b23c17cf28952761e9077849e0

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

ws2_32

secur32

crypt32

bcrypt

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 14KB - Virtual size: 19KB

.pdata Size: 137KB - Virtual size: 136KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 14KB - Virtual size: 19KB

.pdata
Size: 137KB - Virtual size: 136KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 22KB - Virtual size: 22KB