528023054ca52f354f06dbfc6945e423a4f43299f6c73a9df39a73a4d0bb6277

Sharing

Copy URL Twitter E-mail

General

Target

528023054ca52f354f06dbfc6945e423a4f43299f6c73a9df39a73a4d0bb6277
Size

1.5MB
MD5

21fd6449455867eb833aceabf1a87da5
SHA1

c0837547ea9d280bea5ae8f78016c3fbb592d900
SHA256

528023054ca52f354f06dbfc6945e423a4f43299f6c73a9df39a73a4d0bb6277
SHA512

25bef940c08823ff82bb3aa803df736cf60b5fe0563dfbd840fa46abfeb7efa2ca9bb5838d6c8a85ebdbb3620a076ede46966c6824f8b4eeb566dc0f186b6de9
SSDEEP

24576:RPM6PZ113dMtp7FQb4uXCv8EGAoKDytnekZ7XpKOywjWP+NNf+o0O1:Rl1iRQb4uc84DdAXvqGNN+2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
528023054ca52f354f06dbfc6945e423a4f43299f6c73a9df39a73a4d0bb6277

Files

528023054ca52f354f06dbfc6945e423a4f43299f6c73a9df39a73a4d0bb6277
.exe windows:6 windows x64

3c3be5edeaef4d77df526733821abc11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

ws2_32

ntohs
WSASend
WSAStartup
getsockname
socket
WSARecv
WSAGetOverlappedResult
setsockopt
WSAGetLastError
closesocket
WSADuplicateSocketW
WSASocketW
getservbyname

shlwapi

PathMatchSpecW

kernel32

HeapAlloc
ReadConsoleW
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
PeekNamedPipe
GetConsoleOutputCP
SetConsoleMode
SetConsoleOutputCP
SetHandleInformation
GetCurrentProcess
GetStdHandle
TerminateProcess
SetEndOfFile
GetCurrentThreadId
DuplicateHandle
GetTickCount64
GetLastError
CloseHandle
SetFilePointerEx
GetCurrentProcessId
CreateProcessW
GetFileType
OpenThread
FlushFileBuffers
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetDriveTypeW
CreateDirectoryW
SetWaitableTimer
GetConsoleScreenBufferInfo
CreateWaitableTimerW
SetFileTime
WaitForSingleObject
CreateFileW
GetProcAddress
LocalFree
GetComputerNameW
FreeLibrary
WideCharToMultiByte
GetExitCodeProcess
ExpandEnvironmentStringsW
GetSystemDirectoryW
FlsGetValue
MultiByteToWideChar
FillConsoleOutputCharacterA
SetConsoleTextAttribute
SetConsoleScreenBufferSize
ScrollConsoleScreenBufferA
GetConsoleCursorInfo
SetConsoleWindowInfo
GetConsoleMode
SetConsoleCursorInfo
ReadConsoleInputW
CreateFileA
FillConsoleOutputAttribute
WriteConsoleW
Beep
GetConsoleWindow
SetConsoleCursorPosition
ReadConsoleOutputA
CancelIo
CreateNamedPipeA
DeviceIoControl
WriteFileEx
GetFileInformationByHandle
GetFileAttributesExW
ReadFileEx
SleepEx
SetEvent
ResetEvent
VerSetConditionMask
VerifyVersionInfoW
CreateEventA
SetConsoleCtrlHandler
QueueUserAPC
GetFinalPathNameByHandleW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
ReadFile
WriteFile
CancelSynchronousIo
CancelIoEx
CancelWaitableTimer
CreateWaitableTimerA
GetSystemTime
SystemTimeToFileTime
GetCurrentDirectoryW
SetEnvironmentVariableW
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
HeapReAlloc
GetTimeZoneInformation
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileSizeEx
HeapSize
HeapFree
WriteConsoleOutputA
FlsAlloc
GetWindowsDirectoryW
LoadLibraryExW
GetFullPathNameW
SetFileAttributesW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetStdHandle

user32

GetWindowPlacement
ShowWindow

advapi32

RegCloseKey
RegOpenKeyExW
ConvertSidToStringSidW
LookupAccountSidW
RegQueryValueExW
GetSidIdentifierAuthority
GetAce
CreateWellKnownSid
CopySid
GetNamedSecurityInfoW
IsWellKnownSid
IsValidSid
IsValidSecurityDescriptor
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLengthSid
IsValidAcl
LookupAccountNameW
GetTokenInformation

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c3be5edeaef4d77df526733821abc11

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ws2_32

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 333KB - Virtual size: 332KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 4KB - Virtual size: 210KB

.pdata Size: 12KB - Virtual size: 12KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 192KB - Virtual size: 192KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 333KB - Virtual size: 332KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 4KB - Virtual size: 210KB

.pdata
Size: 12KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 192KB - Virtual size: 192KB

.reloc
Size: 2KB - Virtual size: 2KB