633bf9acef121d5fe4dff451c0fbe4417f039bde68b0616076b29fee5327dbed

Sharing

Copy URL

Twitter E-mail

General

Target

633bf9acef121d5fe4dff451c0fbe4417f039bde68b0616076b29fee5327dbed
Size

994KB
MD5

8dbadcc853a36a8d8aa22dd56b7f7b88
SHA1

5fbd0ca89d9372cdf7ee68656a46e83e928779ff
SHA256

633bf9acef121d5fe4dff451c0fbe4417f039bde68b0616076b29fee5327dbed
SHA512

25ef5668a33d1f1937c9551fa8b2340c40985ca6723a67e5b6ab7a5ee309e7ab967d14aae5032ad93b64a474427693d208a610d3cea4014e8b9324c5cacbfd93
SSDEEP

24576:obh2ACfaWL7obQQnBaSZAiOEbi4qbgnTAajW1+P:obh2pfaW7onBEEBqsnTXjdP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
633bf9acef121d5fe4dff451c0fbe4417f039bde68b0616076b29fee5327dbed

Files

633bf9acef121d5fe4dff451c0fbe4417f039bde68b0616076b29fee5327dbed
.exe windows:6 windows x64

37522b842608635951d6112bd3b9672a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesExW
GetCurrentProcessId
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
GetCommandLineA
WriteFile
AcquireSRWLockExclusive
GetLastError
SetLastError
FormatMessageW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
GetDriveTypeW
LoadLibraryExW
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
EncodePointer
RaiseException
Sleep
RtlPcToFileHeader
RtlUnwindEx
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
WaitForSingleObjectEx
SetHandleInformation
SetStdHandle
ReleaseSRWLockExclusive
GetProcAddress
GetModuleHandleW
GetTimeZoneInformation
SetEndOfFile
GetEnvironmentVariableA
SleepEx
VerSetConditionMask
VerifyVersionInfoW
GetFileSizeEx
ReadFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
HeapSize
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
QueryPerformanceFrequency
FreeEnvironmentStringsW
ReleaseMutex
FindClose
ReleaseSRWLockShared
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
QueryPerformanceCounter
GetCurrentThreadId
GetCommandLineW
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
TryAcquireSRWLockExclusive
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
CreateDirectoryW
FindFirstFileW
DeleteFileW
CreateEventW
GetOverlappedResult
CancelIo
GetConsoleMode
GetFileType
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
WriteConsoleW
ReadConsoleW
CreateThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
GetSystemTimeAsFileTime
CreateFileA
RtlVirtualUnwind
CloseHandle
RtlUnwind

advapi32

CryptCreateHash
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextA
RegCloseKey
CryptDestroyHash
CryptHashData
SystemFunction036
CryptReleaseContext
CryptGetHashParam

crypt32

CryptStringToBinaryA
CertGetEnhancedKeyUsage
CertCloseStore
CertOpenStore
PFXImportCertStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
CertFreeCertificateContext
CertFindCertificateInStore
CertDuplicateCertificateContext

ws2_32

__WSAFDIsSet
socket
htons
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
select
freeaddrinfo
WSAIoctl
setsockopt
htonl
send
recv
getsockopt
getpeername
getsockname
accept
listen
ioctlsocket
connect
bind
WSASocketW
closesocket
getaddrinfo
WSACloseEvent
WSACreateEvent

bcrypt

BCryptGenRandom

ntdll

NtWriteFile
NtReadFile
RtlNtStatusToDosError

Sections

.text
Size: 722KB - Virtual size: 722KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37522b842608635951d6112bd3b9672a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

crypt32

ws2_32

bcrypt

ntdll

Sections

.text Size: 722KB - Virtual size: 722KB

.rdata Size: 216KB - Virtual size: 216KB

.data Size: 5KB - Virtual size: 10KB

.pdata Size: 33KB - Virtual size: 33KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 722KB - Virtual size: 722KB

.rdata
Size: 216KB - Virtual size: 216KB

.data
Size: 5KB - Virtual size: 10KB

.pdata
Size: 33KB - Virtual size: 33KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 5KB - Virtual size: 4KB