c2b53e8f42d7f059762868b2975f0ce1b19d85c0cc0fd8236bc28adde43ae53f

Sharing

Copy URL Twitter E-mail

General

Target

c2b53e8f42d7f059762868b2975f0ce1b19d85c0cc0fd8236bc28adde43ae53f
Size

5.8MB
MD5

6ab1c8b2efd3d10e489d4854fc7d0dc9
SHA1

99d48e42a49374012a808e7f7507f2a12cb823be
SHA256

c2b53e8f42d7f059762868b2975f0ce1b19d85c0cc0fd8236bc28adde43ae53f
SHA512

e10168d45e76b8294b6cd816f6c05767a3028ff757e2d874b6adec5ee002c7c681303372bf22f46b23dd3fb4124ad3e9268d0570b06d29dc411825105b26e9c0
SSDEEP

49152:GHNVxxENVXDHDEkJM64DKbTOU/RyehfVQLoYSkUNwkzoWiBKWCVeJA4ShKnTxpSk:iiPdeAWqX4iBz+6q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2b53e8f42d7f059762868b2975f0ce1b19d85c0cc0fd8236bc28adde43ae53f

Files

c2b53e8f42d7f059762868b2975f0ce1b19d85c0cc0fd8236bc28adde43ae53f
.exe windows:6 windows x64

a414e7565b5d0eb307ed7a5a6c32afdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SystemFunction036

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetHandleInformation
GetCurrentProcessId
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
GetSystemInfo
CloseHandle
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
FreeEnvironmentStringsW
ReleaseMutex
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
DuplicateHandle
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
CreateFileW
GetFinalPathNameByHandleW
CreateEventW
CancelIo
GetConsoleMode
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
CreateThread
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent

ntdll

NtWriteFile
NtCancelIoFileEx
NtReadFile
NtCreateFile
RtlNtStatusToDosError
NtDeviceIoControlFile

ws2_32

send
WSASend
WSAIoctl
getsockopt
recv
ioctlsocket
closesocket
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
shutdown
getpeername
getsockname
bind
setsockopt
WSASocketW
connect

secur32

FreeCredentialsHandle
AcquireCredentialsHandleA
ApplyControlToken
QueryContextAttributesW
DeleteSecurityContext
EncryptMessage
DecryptMessage
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext

crypt32

CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateStore
CertCloseStore

bcrypt

BCryptGenRandom

vcruntime140

memmove
memcpy
memset
memcmp
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
__p___argc
__p___argv
_set_app_type
_seh_filter_exe
_cexit
_c_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a414e7565b5d0eb307ed7a5a6c32afdf

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

ws2_32

secur32

crypt32

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 299KB - Virtual size: 299KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 299KB - Virtual size: 299KB

.reloc
Size: 25KB - Virtual size: 24KB