d0689e41b3c16c0d6bafe867879eab4ce12e9b07bde269af8474a30ddb9ee7c1

Sharing

Copy URL Twitter E-mail

General

Target

d0689e41b3c16c0d6bafe867879eab4ce12e9b07bde269af8474a30ddb9ee7c1
Size

2.5MB
MD5

71ad153618b8d65fc5a5681b228318e1
SHA1

f8e787d7f4fcb00b477d28676e51c6a045ab9bbe
SHA256

d0689e41b3c16c0d6bafe867879eab4ce12e9b07bde269af8474a30ddb9ee7c1
SHA512

224f3c425dccdcd1c8a3290d57aa01afb905deb3e581f72f0747a1a60afa91c0c9411dc8f922a7baae6e1a6f93ac9a3e47171f5cf6603e7e7bf798efb51b11fe
SSDEEP

49152:CkA3+KM8oIkaH+DfBjVz9ttrdI9ZJ4tcsfTR+dBP2loNL:OlWt4GtfAdYloh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0689e41b3c16c0d6bafe867879eab4ce12e9b07bde269af8474a30ddb9ee7c1

Files

d0689e41b3c16c0d6bafe867879eab4ce12e9b07bde269af8474a30ddb9ee7c1
.exe windows:5 windows x64

8fbdcac73774c9139930d96a3a254ae6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFindFileNameW
SHGetValueA
PathRemoveFileSpecW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

WSAGetLastError
WSACleanup
recv
send
WSASetLastError
closesocket

kernel32

Sleep
GetLastError
CloseHandle
LocalFree
GetTickCount
InitializeCriticalSectionAndSpinCount
OpenEventW
RaiseException
DecodePointer
DeleteCriticalSection
CreateFileW
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
ReadFile
SetNamedPipeHandleState
WriteFile
GetModuleFileNameW
CreateNamedPipeW
WaitForSingleObject
CreateEventW
SetEvent
SetCurrentDirectoryW
ConnectNamedPipe
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
CreateProcessW
VirtualFree
VirtualAlloc
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
GetModuleHandleA
LoadLibraryExA
FindResourceA
LockResource
LoadResource
FreeLibrary
lstrcmpiW
CreateMutexW
OpenProcess
ReleaseMutex
GetSystemDirectoryW
SetFileAttributesW
DeleteFileW
MultiByteToWideChar
GetCurrentThreadId
ResetEvent
UnhandledExceptionFilter
VerSetConditionMask
OpenMutexW
MapViewOfFileEx
VerifyVersionInfoW
GetTickCount64
SetLastError
GetFileType
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteFiber
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
ConvertFiberToThread
FindClose
FindFirstFileA
FindNextFileA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
GetDriveTypeW
SetEndOfFile
GetFileAttributesExW
GetModuleHandleExW
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetCurrentProcess
SwitchToThread
ResumeThread
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
SetConsoleCtrlHandler
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetConsoleCP
SetFilePointerEx
GetCurrentDirectoryW
GetFullPathNameW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
GetFileAttributesW
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryW
UnregisterWaitEx
GetStringTypeW
TryEnterCriticalSection
WaitForSingleObjectEx
GetCurrentThread
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
QueryDepthSList

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

shell32

SHGetSpecialFolderPathA

advapi32

CryptReleaseContext
CryptAcquireContextW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
OpenProcessToken
StartServiceW
ChangeServiceConfigW
OpenServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
CryptGenRandom

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 729KB - Virtual size: 729KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fbdcac73774c9139930d96a3a254ae6

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

ws2_32

kernel32

user32

shell32

advapi32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 729KB - Virtual size: 729KB

.data Size: 33KB - Virtual size: 49KB

.pdata Size: 88KB - Virtual size: 88KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 28KB

.tvm0 Size: 136KB - Virtual size: 136KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 729KB - Virtual size: 729KB

.data
Size: 33KB - Virtual size: 49KB

.pdata
Size: 88KB - Virtual size: 88KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 28KB

.tvm0
Size: 136KB - Virtual size: 136KB