013cb9a5dfe3c061eac8bd6c4f7337c68c7679769712ce686932a165b0dd52b7

Sharing

Copy URL Twitter E-mail

General

Target

013cb9a5dfe3c061eac8bd6c4f7337c68c7679769712ce686932a165b0dd52b7
Size

1.4MB
MD5

3f6740848a130164b04e89dac11f1947
SHA1

22a6964883f3c38a86b9be382091f92a2e76805b
SHA256

013cb9a5dfe3c061eac8bd6c4f7337c68c7679769712ce686932a165b0dd52b7
SHA512

63c854191c31fef9397dd6df2b5c106daa372920cdd9c62a60276da3a5759d15dc69f0f83af99b6e74a55954ac60f5d7b887fb04ca9046e20792743d9301ece0
SSDEEP

24576:9alpTgy3RNFENyTF9PErLOu5uI8AfzQn652xO6s:9aXgy3RNKMZ9srLOu5F3Gjc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
013cb9a5dfe3c061eac8bd6c4f7337c68c7679769712ce686932a165b0dd52b7

Files

013cb9a5dfe3c061eac8bd6c4f7337c68c7679769712ce686932a165b0dd52b7
.exe windows:6 windows x64

ccf3d843ddab475fe9cfa0acb0f84c76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
RtlLookupFunctionEntry
NtReadFile
RtlCaptureContext
RtlVirtualUnwind

kernel32

GetLastError
WakeAllConditionVariable
AddVectoredExceptionHandler
SetHandleInformation
SetThreadStackGuarantee
GetModuleHandleA
WriteFileEx
GetCurrentThread
GetStdHandle
GetConsoleMode
GetQueuedCompletionStatusEx
MultiByteToWideChar
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
CreateFileW
GetFullPathNameW
GetFinalPathNameByHandleW
SetLastError
TryAcquireSRWLockExclusive
SetFileCompletionNotificationModes
IsProcessorFeaturePresent
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateIoCompletionPort
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
CreateEventW
CancelIo
GetOverlappedResult
ReadFile
WaitForMultipleObjects
GetExitCodeProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentDirectoryW
AcquireSRWLockShared
ReleaseSRWLockShared
SleepConditionVariableSRW
WakeConditionVariable
HeapAlloc
ReleaseSRWLockExclusive
SwitchToThread
PostQueuedCompletionStatus
GetDiskFreeSpaceExW
AcquireSRWLockExclusive
HeapReAlloc
WaitForSingleObject
CloseHandle
GetProcessHeap
HeapFree
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
GetEnvironmentStringsW

ws2_32

bind
getsockopt
closesocket
WSAIoctl
setsockopt
ioctlsocket
WSASocketW
getsockname
WSAGetLastError
getpeername
connect
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
send
shutdown
WSASend

crypt32

CertDuplicateStore
CertDuplicateCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateChain

secur32

FreeContextBuffer
AcquireCredentialsHandleA
DecryptMessage
QueryContextAttributesW
InitializeSecurityContextW
AcceptSecurityContext
FreeCredentialsHandle
EncryptMessage
ApplyControlToken
DeleteSecurityContext

advapi32

RegCloseKey
SystemFunction036
RegQueryValueExW
RegOpenKeyExW

bcrypt

BCryptGenRandom

vcruntime140

__current_exception_context
__C_specific_handler
memcmp
__CxxFrameHandler3
memmove
memset
memcpy
__current_exception

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
__p___argc
_configure_narrow_argv
_exit
_initialize_narrow_environment
terminate
_crt_atexit
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_initialize_onexit_table
__p___argv
_register_onexit_function
_cexit
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 826KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 558KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccf3d843ddab475fe9cfa0acb0f84c76

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

ws2_32

crypt32

secur32

advapi32

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 826KB - Virtual size: 826KB

.rdata Size: 558KB - Virtual size: 557KB

.data Size: 512B - Virtual size: 792B

.pdata Size: 23KB - Virtual size: 23KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 826KB - Virtual size: 826KB

.rdata
Size: 558KB - Virtual size: 557KB

.data
Size: 512B - Virtual size: 792B

.pdata
Size: 23KB - Virtual size: 23KB

.reloc
Size: 7KB - Virtual size: 6KB