ba321a58402ec911ec65da596be56952cb53e743aa25f048c577f4e52d7e2b9c

Sharing

Copy URL Twitter E-mail

General

Target

ba321a58402ec911ec65da596be56952cb53e743aa25f048c577f4e52d7e2b9c
Size

129KB
MD5

347a71ecbd5f31f0c892c6ece6b5f419
SHA1

6d37d0237b1cc3fef420d5d0cb76af4100bd237d
SHA256

ba321a58402ec911ec65da596be56952cb53e743aa25f048c577f4e52d7e2b9c
SHA512

f5da586a035bf4e98e6a816a50c257ac9c8747c60dc5a93846860ee2ef9e22fe3a47c73f716f846df1b11f3fd23ef42e0476dd57e06d61216276a3699c99074d
SSDEEP

3072:enQ1EVJpj2pwDonynxc7H//ACwd1M+hYWovpFbLbArTI1:cQ1MhyQzIlpUTI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba321a58402ec911ec65da596be56952cb53e743aa25f048c577f4e52d7e2b9c

Files

ba321a58402ec911ec65da596be56952cb53e743aa25f048c577f4e52d7e2b9c
.exe windows:5 windows x64

3ee2418783171c17844a51dcb77a7f28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile
LoadUserProfileW

user32

LoadStringW
RegisterServicesProcess

advapi32

RegSetValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RevertToSelf
LogonUserW
ImpersonateLoggedOnUser
CreateProcessAsUserW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegFlushKey
LsaClose
LsaOpenPolicy
LsaStorePrivateData
SystemFunction005
SystemFunction028
RegEnumValueW
AdjustTokenPrivileges

rpcrt4

NdrServerCall2
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerListen

msvcrt

__lconv_init
_wcmdln
__winitenv
_initterm
_fpreset
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__setusermatherr
malloc
__C_specific_handler
wcsncpy
memmove
strlen
time
strcpy
_wcsicmp
wcsstr
wcschr
_vsnwprintf
swprintf
wcslen
wcscpy
wcscat
memset
memcpy
signal
_wcsnicmp

kernel32

GetTickCount
QueryPerformanceCounter
GetModuleHandleA
LoadLibraryW
TlsGetValue
CancelIo
GetSystemTimeAsFileTime
GetCurrentThreadId
Sleep
SetUnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
OpenEventW
GetCurrentProcessId
ExitThread
CreateEventW
WideCharToMultiByte
MultiByteToWideChar
SetLastError
WriteFile
WaitForSingleObject
ResumeThread
ReadFile
LeaveCriticalSection
InitializeCriticalSection
GetOverlappedResult
GetModuleHandleW
SetEvent
EnterCriticalSection
DeleteCriticalSection
CreateProcessW
CreateNamedPipeW
ConnectNamedPipe
CloseHandle
SetProcessShutdownParameters
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
ExpandEnvironmentStringsW
SetConsoleCtrlHandler

ntdll

NtQueryDirectoryObject
RtlAddAuditAccessAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlInitializeSid
RtlLengthRequiredSid
RtlLengthSid
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlSubAuthoritySid
RtlSetProcessIsCritical
RtlNtStatusToDosError
RtlAllocateHeap
RtlFreeHeap
RtlLengthSecurityDescriptor
RtlInitUnicodeString
DbgPrint
NtClose
NtOpenDirectoryObject
RtlAddAccessAllowedAce
RtlAssert
RtlFreeUnicodeString
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlDeleteResource
RtlInitializeResource
RtlReleaseResource
RtlQueryRegistryValues
RtlAdjustPrivilege
NtLoadDriver
NtUnloadDriver
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlAreAllAccessesGranted
RtlMapGenericMask
RtlValidSecurityDescriptor
RtlQuerySecurityObject
RtlSetSecurityObject
RtlCreateUnicodeStringFromAsciiz
RtlDosPathNameToNtPathName_U
RtlAbsoluteToSelfRelativeSD

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ee2418783171c17844a51dcb77a7f28

Headers

DLL Characteristics

File Characteristics

Imports

userenv

user32

advapi32

rpcrt4

msvcrt

kernel32

ntdll

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 316B