ec3f6be7e4e45c621b02bf91d17382376da66d56657e9ade1643b34e2870fbad

Sharing

Copy URL

Twitter E-mail

General

Target

ec3f6be7e4e45c621b02bf91d17382376da66d56657e9ade1643b34e2870fbad
Size

46KB
MD5

befd8c3f17e52db18f0e728b365ac273
SHA1

222cdccf5994eb0350c0982a4f94ee240a2682cd
SHA256

ec3f6be7e4e45c621b02bf91d17382376da66d56657e9ade1643b34e2870fbad
SHA512

fe09dea4a84db3efc402fd1e192ec3ad6d0c3e1b9e2c29d05a10cae57a578b0ada79b1ddb55781795ee22a32e5d9d67fd3b5af86c982517b88a4189de7074c1d
SSDEEP

768:kA5ezPLk2imuuahqYgvHs0qCGkmXWaB6C9XoKbinZN7YLCrgrVWa3ydp:v5ezPwLfzkmPsZbMOAAa3ydp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec3f6be7e4e45c621b02bf91d17382376da66d56657e9ade1643b34e2870fbad

Files

ec3f6be7e4e45c621b02bf91d17382376da66d56657e9ade1643b34e2870fbad
.exe windows:6 windows x64

01b821958ca3ce778a806c1a2fa7fa4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
CreateFileA
GetFileSize
SetFilePointer
WriteFile
ExpandEnvironmentStringsA
CreateDirectoryA
GetFileAttributesA
ReadFile
GetCurrentProcess
TerminateThread
CreateProcessA
GetTickCount
GetWindowsDirectoryA
lstrcatA
lstrlenA
VirtualProtect
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
GetCurrentThreadId
lstrcmpiA
CreateToolhelp32Snapshot
Process32First
Process32Next
DeleteFileA
GetDiskFreeSpaceExA
GetDriveTypeA
OpenEventA
ExitProcess
lstrcpyA
GlobalMemoryStatusEx
GetLocalTime
GetSystemInfo
GetVersionExA
GetModuleFileNameA
CopyFileA
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
Sleep
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
CancelIo
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
CloseHandle

user32

wsprintfA
ExitWindowsEx
OpenDesktopA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetThreadDesktop
GetUserObjectInformationA
GetMessageA
PostThreadMessageA
GetInputState

advapi32

CreateServiceA
StartServiceA
StartServiceCtrlDispatcherA
OpenServiceA
OpenSCManagerA
LockServiceDatabase
CloseServiceHandle
ChangeServiceConfig2A
RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
UnlockServiceDatabase

shell32

ShellExecuteA

ws2_32

connect
htons
ntohs
recv
closesocket
select
send
gethostname
setsockopt
socket
gethostbyname
getsockname
WSAStartup
WSACleanup
WSAIoctl

vcruntime140

_CxxThrowException
memcmp
memmove
memset
__CxxFrameHandler3
__C_specific_handler
__vcrt_InitializeCriticalSectionEx
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_set_new_mode
free
_callnewh

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_beginthreadex
terminate
_exit
exit
_configure_narrow_argv
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01b821958ca3ce778a806c1a2fa7fa4c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wininet

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 64B

.rsrc Size: 1024B - Virtual size: 928B

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 64B

.rsrc
Size: 1024B - Virtual size: 928B