97194ccb29fbdc6824505481bb5efa241d5618102740b8bfc128d1d6ec320f27

Sharing

Copy URL

Twitter E-mail

General

Target

97194ccb29fbdc6824505481bb5efa241d5618102740b8bfc128d1d6ec320f27
Size

1.3MB
MD5

f46a0735735f929ef0d77cd143ff2230
SHA1

9753296b7d5629acbfcfbf661fe17d6255e28089
SHA256

97194ccb29fbdc6824505481bb5efa241d5618102740b8bfc128d1d6ec320f27
SHA512

3ea706de6b1506ff1c9362691eeb40e8ee0f0ec10460148a1e99abcef3a8a98679e8e1b7f6235db2b4d1670e93ed429b74e7f61bd6cbef78e09bc0ff0259659d
SSDEEP

24576:JAdHsPcRJ/z/C1tSUB5sqjnhMgeiCl7G0nehbGZpbD:2dsPIbK1tT9Dmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97194ccb29fbdc6824505481bb5efa241d5618102740b8bfc128d1d6ec320f27

Files

97194ccb29fbdc6824505481bb5efa241d5618102740b8bfc128d1d6ec320f27
.exe windows:6 windows x64

0e567984116f5d3fc58da7ce99b88fa3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

rpcrt4

RpcServerUseProtseqEpW
I_RpcBindingInqLocalClientPID
RpcServerRegisterIf3
RpcAsyncCompleteCall
RpcMgmtWaitServerListen
RpcServerListen
RpcEpUnregister
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings
RpcMgmtStopServerListening
RpcBindingVectorFree
Ndr64AsyncServerCallAll
NdrClientCall3
NdrAsyncServerCall
NdrServerCall2
RpcServerUnregisterIf
NdrServerCallAll

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-file-l1-1-0

CreateDirectoryW
SetEndOfFile
GetFileType
FlushFileBuffers
FindFirstFileW
CreateFileW
FindNextFileW
FindClose
GetFileAttributesW
ReadFileEx
ReadFile
WriteFile
FindFirstFileExW
SetFilePointerEx
FileTimeToLocalFileTime

api-ms-win-core-localization-l1-2-0

GetCPInfo
GetLocaleInfoEx
LCMapStringEx
GetUserDefaultLCID
EnumSystemLocalesW
GetLocaleInfoW
LCMapStringW
IsValidCodePage
FormatMessageW
GetACP
IsValidLocale
GetOEMCP

api-ms-win-core-handle-l1-1-0

SetHandleInformation
CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleHandleExW

crypt32

CertFindCertificateInStore
CryptMsgOpenToDecode
CryptFindOIDInfo
CertCloseStore
CertOpenStore
CryptQueryObject
CryptMsgGetParam
CryptDecodeObjectEx
CryptDecodeObject
CryptMsgUpdate
CertGetNameStringW
CryptMsgClose

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ResetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
InitializeCriticalSectionEx
TryEnterCriticalSection
TryAcquireSRWLockExclusive
InitializeSRWLock
CreateEventW
OpenEventW
DeleteCriticalSection
CreateMutexW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
CreateWellKnownSid
AllocateAndInitializeSid
DuplicateTokenEx
FreeSid
SetSecurityDescriptorDacl
SetTokenInformation
GetTokenInformation

oleaut32

VariantClear
SysFreeString
VariantInit
VarBstrCmp
VariantChangeType
SysAllocString

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
GetCurrentThreadId
GetExitCodeProcess
TerminateThread
TlsGetValue
CreateProcessW
TlsFree
TerminateProcess
GetCurrentProcessId
CreateThread
GetCurrentProcess
CreateProcessAsUserW
TlsSetValue
ProcessIdToSessionId
ExitProcess
OpenProcessToken
GetStartupInfoW

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetStdHandle
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableW
FreeEnvironmentStringsW
SetStdHandle
GetEnvironmentStringsW

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW
PeekNamedPipe
CreatePipe

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
CreateToolhelp32Snapshot
Process32NextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
CompareStringW
CompareStringEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

userenv

CreateEnvironmentBlock

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
WakeAllConditionVariable
SleepConditionVariableCS
WakeConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable
InitOnceBeginInitialize

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime

wintrust

WinVerifyTrust

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
SetSecurityInfo

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
GetConsoleMode
WriteConsoleW
GetConsoleCP
ReadConsoleW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-service-management-l1-1-0

OpenServiceW
CreateServiceW
DeleteService
OpenSCManagerW
CloseServiceHandle

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

user32

FindWindowW
LoadCursorW
UpdateWindow
wsprintfW
CreateWindowExW
TranslateMessage
CloseWindow
DefWindowProcW
GetMessageW
RegisterPowerSettingNotification
RegisterSuspendResumeNotification
UnregisterPowerSettingNotification
LoadIconW
DispatchMessageW
ShowWindow
SendMessageTimeoutW
RegisterClassExW

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW

shlwapi

PathFileExistsW

wtsapi32

WTSQueryUserToken

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsSetValue
FlsFree
FlsGetValue

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

Sections

.text
Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e567984116f5d3fc58da7ce99b88fa3

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-libraryloader-l1-2-0

crypt32

api-ms-win-core-synch-l1-1-0

api-ms-win-security-base-l1-1-0

oleaut32

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

userenv

api-ms-win-core-com-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-timezone-l1-1-0

wintrust

api-ms-win-power-base-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-base-l1-2-2

api-ms-win-core-console-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-service-management-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-io-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

user32

advapi32

shlwapi

wtsapi32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-datetime-l1-1-0

Sections

.text Size: 507KB - Virtual size: 506KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 17KB - Virtual size: 97KB

.pdata Size: 23KB - Virtual size: 22KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 507KB - Virtual size: 506KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 17KB - Virtual size: 97KB

.pdata
Size: 23KB - Virtual size: 22KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB