c7bfdfc6fd6f8567313b27c1e4b2d3f4ca58fa055eab7103397ee8d4279894bc

Sharing

Copy URL Twitter E-mail

General

Target

c7bfdfc6fd6f8567313b27c1e4b2d3f4ca58fa055eab7103397ee8d4279894bc
Size

4.7MB
MD5

4aa311ce4dc31c6162ebbb265990da65
SHA1

f3fa6562f70ee906afb87e126faf0652d523c485
SHA256

c7bfdfc6fd6f8567313b27c1e4b2d3f4ca58fa055eab7103397ee8d4279894bc
SHA512

30bdae567dcb7f26c00e8f7130004afb662ee02482c3a74c6a541f8c27583d5dca4e95e300e079131c54f30a1986db9b4385f8a75b9642354f1e171f4dc6f54f
SSDEEP

49152:lPIUIuJ8IjGffxpzpvSVNcWl2Sq2QeSxPPypUE4Jr/Fy5woNlzFDfELpJiidPSj0:6o+Rhp8nZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7bfdfc6fd6f8567313b27c1e4b2d3f4ca58fa055eab7103397ee8d4279894bc

Files

c7bfdfc6fd6f8567313b27c1e4b2d3f4ca58fa055eab7103397ee8d4279894bc
.exe windows:6 windows x64

79e9d1d653a711a8e59f92c4b16ef95b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlNtStatusToDosError
NtCancelIoFileEx
RtlPcToFileHeader
NtCreateFile
RtlCaptureContext
RtlLookupFunctionEntry
NtReadFile
NtWriteFile
NtDeviceIoControlFile

kernel32

FlsFree
FlsSetValue
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
RegisterWaitForSingleObject
CloseHandle
SleepConditionVariableSRW
FlsGetValue
SetHandleInformation
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetCurrentProcessId
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
ReleaseSRWLockShared
CreateMutexW
GetLastError
TryAcquireSRWLockExclusive
GetCurrentProcess
DuplicateHandle
GetSystemInfo
DeleteCriticalSection
SetFileCompletionNotificationModes
LeaveCriticalSection
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
WriteFile
EnterCriticalSection
Sleep
GetModuleHandleA
GetProcAddress
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
EncodePointer
FreeEnvironmentStringsW
CompareStringW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
LCMapStringW
RaiseException
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
HeapAlloc
GetProcessHeap
HeapFree
IsProcessorFeaturePresent
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
CreateEventW
CancelIo
GetConsoleMode
GetFileType
GetStartupInfoW
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
SetCurrentDirectoryW
ExitProcess
GetFullPathNameW
HeapSize
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetConsoleOutputCP
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseMutex
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

ws2_32

ioctlsocket
setsockopt
WSAIoctl
WSASend
send
WSAStartup
recv
getsockname
accept
listen
bind
WSASocketW
closesocket
WSACleanup
freeaddrinfo
shutdown
getaddrinfo
WSAGetLastError

advapi32

SystemFunction036

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 901KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79e9d1d653a711a8e59f92c4b16ef95b

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

ws2_32

advapi32

bcrypt

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 901KB - Virtual size: 900KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 254KB - Virtual size: 254KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 901KB - Virtual size: 900KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 254KB - Virtual size: 254KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 16KB - Virtual size: 16KB