e94ad72466e8ac0263ddbf31dee836c9a482f0e7314406aff3484aaab7162eb0

Sharing

Copy URL Twitter E-mail

General

Target

e94ad72466e8ac0263ddbf31dee836c9a482f0e7314406aff3484aaab7162eb0
Size

7.8MB
MD5

fd5f8a0318fdfd8d1407661a9ee8cdc7
SHA1

9ffda23cc55de06cca6ba028c728edc83634f26b
SHA256

e94ad72466e8ac0263ddbf31dee836c9a482f0e7314406aff3484aaab7162eb0
SHA512

737783401e1bd5a58b5f879d1fdee2adcfb66005c3a7764599050d7339fc5cbcb14ce95f07be74f3eafe7988bb90bc04c9c7220b12566963c524fb09cf221f27
SSDEEP

98304:oVr4DbqfI5PUMOIo11vTKj9n1T1xB/4gKp8itUBU6H+Z31N+60t6yiugGDRt2sE0:oiDeQ5PBi11AfxN4WHiuNRt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e94ad72466e8ac0263ddbf31dee836c9a482f0e7314406aff3484aaab7162eb0

Files

e94ad72466e8ac0263ddbf31dee836c9a482f0e7314406aff3484aaab7162eb0
.exe windows:6 windows x64

af3cdd4ad79816fecc874a8ced71ead2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
CreateWaitableTimerW
Sleep
CancelWaitableTimer
SetWaitableTimer
CreateEventW
WaitForSingleObject
ResetEvent
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
SetUnhandledExceptionFilter
SetDefaultDllDirectories
CreateFileW
CreateDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
GetProcAddress
GetModuleHandleW
ProcessIdToSessionId
GetCurrentProcessId
CreateEventA
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
SetDllDirectoryW
OOBEComplete
RegisterWaitUntilOOBECompleted
UnregisterWaitUntilOOBECompleted
DecodePointer
GetGeoInfoW
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
LockFile
UnlockFileEx
MapViewOfFile
CreateFileMappingW
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
CreateMutexW
WriteConsoleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
MultiByteToWideChar
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetTickCount64
CreateHardLinkW
DuplicateHandle
TerminateThread
CreateSemaphoreA
GetStringTypeExW
LCMapStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetUserDefaultLCID
GetLocaleInfoEx
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetLongPathNameW
GetTempFileNameW
SetFilePointer
GetTempPathW
IsWow64Process
CopyFileW
MoveFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
OpenEventW
OpenProcess
LocalAlloc
QueryFullProcessImageNameW
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
GetUserGeoID
GetVersionExW
GetModuleFileNameW
GetCurrentPackageFamilyName
LoadLibraryExW
EnumResourceNamesW
OutputDebugStringW
GetCurrentThread
GetThreadLocale
SetThreadLocale
GetExitCodeProcess
GetFileAttributesW
GetFileSizeEx
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
CreateThread
SetThreadPriority
GetThreadPriority
GetExitCodeThread
InitializeCriticalSection
TryEnterCriticalSection
ReleaseMutex
CreateMutexA
FindResourceExW
GetFileSize
DosDateTimeToFileTime
CompareStringW
GlobalFree
FreeConsole
AttachConsole
GetConsoleDisplayMode
CreateDirectoryA
IsDebuggerPresent
InitializeSRWLock
TryAcquireSRWLockExclusive
GetStringTypeW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
ExitProcess
GetModuleHandleExW
GetDriveTypeW
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
GetModuleFileNameA
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
SetEndOfFile
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
GetTimeZoneInformation
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
OutputDebugStringA
CloseHandle

gdiplus

GdipFlush
GdipSetImageAttributesColorMatrix
GdipAlloc
GdiplusShutdown
GdipMeasureString
GdipCreateFromHWND
GdipCreateStringFormat
GdipDeletePen
GdipDeleteStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathLine
GdipClosePathFigures
GdipDeletePath
GdipCreatePath
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipSetCompositingQuality
GdipCreateFromHDC
GdipCreateFromHWNDICM
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetPixelOffsetMode
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipSaveImageToFile
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetCompositingMode
GdipDeleteGraphics
GdipSetImageAttributesWrapMode
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipSetClipRectI
GdipDrawImageRectRect
GdipDrawImage
GdipFillPath
GdipFillEllipse
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipFree
GdipFillRectangle
GdipGraphicsClear
GdipDrawRectangle
GdipDrawLines
GdipDrawLine
GdipCreatePen1
GdipSetTextRenderingHint

wldap32

ord211
ord46
ord200
ord60
ord301
ord45
ord50
ord30
ord79
ord33
ord41
ord22
ord26
ord27
ord32
ord143
ord35
ord217

normaliz

IdnToAscii

dbghelp

MiniDumpWriteDump

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

secur32

GetUserNameExW

netapi32

NetApiBufferFree
NetGetJoinInformation

gdi32

SelectObject
CreateDIBSection
GetObjectW
DeleteObject
CreateCompatibleDC
GetDIBits
CreateBitmap
DeleteDC

advapi32

CryptHashData
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
RegDeleteTreeW
RegCopyTreeW
AddAccessAllowedAceEx
AddAce
DuplicateTokenEx
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorSacl
GetTokenInformation
InitializeAcl
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW
RegCloseKey
GetUserNameW
ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
SetSecurityInfo
LookupAccountNameW
CryptGetHashParam
GetSidSubAuthority
OpenThreadToken
RegOpenKeyW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW

shell32

SHEvaluateSystemCommandTemplate
SHQueryUserNotificationState
ShellExecuteExW
SHGetSettings
SHGetDesktopFolder
SHGetKnownFolderPath
SHGetFolderPathW
SHCreateDirectoryExW
SHGetMalloc
SHGetFileInfoW
SHFileOperationW
ShellExecuteW
SHAppBarMessage
CommandLineToArgvW
SHBindToParent

ole32

PropVariantClear
StringFromGUID2
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysStringLen
VariantCopy
SysAllocStringLen

bcrypt

BCryptGenRandom

msi

ord173
ord217

rpcrt4

UuidCreateSequential
UuidToStringW
RpcStringFreeW

wininet

InternetQueryOptionW
DeleteUrlCacheEntryW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData

crypt32

CryptQueryObject
CryptVerifyMessageSignature
CertGetNameStringW
CryptMsgGetParam
CryptMsgClose
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenSystemStoreA

userenv

ExpandEnvironmentStringsForUserW
GetUserProfileDirectoryW

shlwapi

StrChrIW
AssocQueryStringW
PathGetArgsW
ord487
SHRegDuplicateHKey
ord176
PathFileExistsW
StrRetToBufW

ws2_32

ntohs
WSASetLastError
WSAStartup
WSACleanup
setsockopt
WSAIoctl
htons
socket
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
WSAGetLastError
ioctlsocket
gethostname
gethostbyname
getnameinfo
getpeername
getsockopt
send
WSACloseEvent
closesocket
WSAWaitForMultipleEvents
WSACreateEvent
WSAEnumNetworkEvents
WSASetEvent
WSAResetEvent
WSAEventSelect

version

VerQueryValueW

comdlg32

GetSaveFileNameW

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 600KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af3cdd4ad79816fecc874a8ced71ead2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdiplus

wldap32

normaliz

dbghelp

wtsapi32

secur32

netapi32

gdi32

advapi32

shell32

ole32

oleaut32

bcrypt

msi

rpcrt4

wininet

winhttp

wintrust

crypt32

userenv

shlwapi

ws2_32

version

comdlg32

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 49KB - Virtual size: 84KB

.pdata Size: 289KB - Virtual size: 288KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 188KB - Virtual size: 187KB

.reloc Size: 600KB - Virtual size: 604KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 49KB - Virtual size: 84KB

.pdata
Size: 289KB - Virtual size: 288KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 188KB - Virtual size: 187KB

.reloc
Size: 600KB - Virtual size: 604KB