b9c46934be90fdc7b8591ea8940ef8c98ff34808f8e5ce537ddb8635ec2e0c73

Sharing

Copy URL Twitter E-mail

General

Target

b9c46934be90fdc7b8591ea8940ef8c98ff34808f8e5ce537ddb8635ec2e0c73
Size

17KB
MD5

c680b321cf64397953aff646264f6418
SHA1

72eb2c77fe1c599dcdf84ddb7389893290135f5f
SHA256

b9c46934be90fdc7b8591ea8940ef8c98ff34808f8e5ce537ddb8635ec2e0c73
SHA512

0192717e2733905f9de989af513971fe86747cf83a3a55470333af43bd32cb4e9c94091b7e6e981b537270cd17a5e555de1e87c4d10de7feacb3976a7d06d874
SSDEEP

384:amFgl357d06Q7iLPXwuIWE25TRLU8bsl7UBndqVn:i57O6UIdU84IE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9c46934be90fdc7b8591ea8940ef8c98ff34808f8e5ce537ddb8635ec2e0c73

Files

b9c46934be90fdc7b8591ea8940ef8c98ff34808f8e5ce537ddb8635ec2e0c73
.exe windows:5 windows x64

8cabaf65957e46afab0fccf37ccdeecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateThread
VirtualAllocEx
GetCurrentProcess
WaitForSingleObject
CreateEventW
ExitProcess
GetCurrentProcessId
GetCurrentThreadId
WaitForMultipleObjects
Sleep
GetModuleFileNameW
lstrlenA
GetTickCount
QueryPerformanceCounter
DecodePointer
SetUnhandledExceptionFilter
EncodePointer
GetStartupInfoW
GetSystemTimeAsFileTime

user32

GetCursorPos

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

shell32

ShellExecuteExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
VariantInit
SafeArrayUnaccessData

opencl

clReleaseKernel
clReleaseMemObject
clReleaseCommandQueue
clReleaseProgram
clReleaseContext
clEnqueueReadBuffer
clBuildProgram
clGetContextInfo
clCreateCommandQueue
clGetPlatformIDs
clCreateContextFromType
clCreateUserEvent
clCreateKernel
clEnqueueNDRangeKernel
clEnqueueWriteBuffer
clCreateProgramWithSource
clSetKernelArg
clCreateBuffer

msvcr100

__wgetmainargs
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
_amsg_exit
_onexit

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cabaf65957e46afab0fccf37ccdeecd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

opencl

msvcr100

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 200B

.pdata Size: 512B - Virtual size: 312B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 200B

.pdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 36B