71ea61671539fc89e9d1943af768a50af3c3488e2f4f3320af4cac218f4838f2

Sharing

Copy URL Twitter E-mail

General

Target

71ea61671539fc89e9d1943af768a50af3c3488e2f4f3320af4cac218f4838f2
Size

849KB
MD5

5c2bde6ebfd145cd071f6461447fd548
SHA1

0ad8846ffdd696d985d74cac30f92ab9668bc199
SHA256

71ea61671539fc89e9d1943af768a50af3c3488e2f4f3320af4cac218f4838f2
SHA512

fded39660ac0ec306096a53f69cb599795cba49f52024b9b842ce1959f6b765598c27055a1fcb94a7b85d1dd65081401d13db1670a6d65518ac1b9ab62aefe88
SSDEEP

12288:uO8JgPMfSwcE0dr651XpARDKT+5Zw53T0gYYpCQing3A+:uO8QMfPIrk5pzYZwT0gYYUngQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71ea61671539fc89e9d1943af768a50af3c3488e2f4f3320af4cac218f4838f2

Files

71ea61671539fc89e9d1943af768a50af3c3488e2f4f3320af4cac218f4838f2
.exe windows:6 windows x64

857b6a4f82ee49a8e32ee4e4df331ec2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
CopyFileA
CreateMutexW
GetModuleFileNameW
lstrcmpiW
CreateDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
HeapDestroy
HeapSize
HeapReAlloc
SetLastError
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetFileAttributesW
MultiByteToWideChar
TlsGetValue
VerSetConditionMask
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
SetWaitableTimer
QueueUserAPC
TerminateThread
TlsSetValue
GetSystemTimeAsFileTime
WaitForMultipleObjects
Sleep
GetTempPathW
GetFileAttributesExW
ReadFile
SetFilePointerEx
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
OpenProcess
VirtualAllocEx
VirtualFreeEx
GetModuleHandleA
CreateToolhelp32Snapshot
Module32FirstW
Process32FirstW
Process32NextW
SetEndOfFile
WriteConsoleW
GetProcAddress
GetModuleHandleW
DeleteFileW
CloseHandle
CreateFileW
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
GetTempFileNameW
TlsFree
SetStdHandle
ReadConsoleW
LoadLibraryW
VirtualProtect
VirtualFree
VirtualAlloc
PostQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
GetLastError
TlsAlloc
LocalFree
WideCharToMultiByte
FormatMessageW
VerifyVersionInfoW
FormatMessageA
GetVersionExW
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetOEMCP
GetACP
IsValidCodePage
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateSemaphoreW
GetTickCount
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
IsDebuggerPresent
OutputDebugStringW
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
GetExitCodeThread
GetStringTypeW
EncodePointer
GetCommandLineW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
CreateThread
ExitThread
GetCPInfo
CreateTimerQueue
IsProcessorFeaturePresent
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation

user32

MessageBoxW

advapi32

ChangeServiceConfig2W
CloseServiceHandle

shell32

ShellExecuteW

shlwapi

PathFileExistsW
PathFileExistsA

httpapi

HttpSendHttpResponse
HttpInitialize
HttpCreateHttpHandle
HttpTerminate
HttpReceiveHttpRequest
HttpAddUrl
HttpSendResponseEntityBody
HttpReceiveRequestEntityBody
HttpRemoveUrl

ws2_32

bind
accept
connect
WSASend
WSARecv
WSAGetLastError
WSASetLastError
setsockopt
ntohl
getsockopt
ioctlsocket
closesocket
WSACleanup
WSAStartup
getsockname
htons
listen
select
WSAIoctl
WSASocketW
getaddrinfo
freeaddrinfo
__WSAFDIsSet
htonl

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringBindingComposeA
RpcBindingFree
NdrClientCall2
RpcStringFreeA
RpcBindingFromStringBindingA
RpcStringFreeW

Sections

.text
Size: 562KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

857b6a4f82ee49a8e32ee4e4df331ec2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

httpapi

ws2_32

rpcrt4

Sections

.text Size: 562KB - Virtual size: 561KB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 29KB - Virtual size: 80KB

.pdata Size: 37KB - Virtual size: 36KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 562KB - Virtual size: 561KB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 29KB - Virtual size: 80KB

.pdata
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 6KB