299d6c9b66c0521d4c93455272ea01ce3312fbeaed171cd7213124188ad5f6d8

Sharing

Copy URL Twitter E-mail

General

Target

299d6c9b66c0521d4c93455272ea01ce3312fbeaed171cd7213124188ad5f6d8
Size

684KB
MD5

f7fd0776247745d645b23dc66dba608f
SHA1

585441892c331351747fa447da17cca702b92033
SHA256

299d6c9b66c0521d4c93455272ea01ce3312fbeaed171cd7213124188ad5f6d8
SHA512

51442967df90eb4b06dcc2b51388d2f68b6eb8f5b7542770bfa255d705a97d4dc1a622fe930efc42c1370d0b452fa4e77d585358acfd17436e27a3bee095b01f
SSDEEP

12288:c2RuOB7O7PPRtJI570toL4gHfOVnIlhSMXlFbJVOgTvB:XBwyl0SLNmVnIlhSMXlxfzB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
299d6c9b66c0521d4c93455272ea01ce3312fbeaed171cd7213124188ad5f6d8

Files

299d6c9b66c0521d4c93455272ea01ce3312fbeaed171cd7213124188ad5f6d8
.exe windows:6 windows x64

ca8934eca568e2f53991570d74eef711

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSEnumerateProcessesW
WTSQueryUserToken
WTSFreeMemory

userenv

DestroyEnvironmentBlock
GetAppContainerFolderPath
DeleteAppContainerProfile
CreateEnvironmentBlock
CreateAppContainerProfile

kernel32

DeleteProcThreadAttributeList
UpdateProcThreadAttribute
GetModuleHandleW
GetProcAddress
LocalFree
InitializeProcThreadAttributeList
SetLastError
SleepEx
GetTickCount64
IsValidCodePage
CreateProcessW
GetProcessHeap
HeapFree
HeapAlloc
GetExitCodeProcess
GetCurrentProcessId
GetCurrentDirectoryW
CloseHandle
GetLastError
OpenProcess
GetFileAttributesW
WaitForSingleObject
GetProcessId
SetConsoleCtrlHandler
GetACP
GetOEMCP
SetEnvironmentVariableW
FlushFileBuffers
GetConsoleOutputCP
HeapSize
HeapReAlloc
SetEndOfFile
GetCurrentProcess
WriteConsoleW
GetStringTypeW
ReadConsoleW
DeviceIoControl
GetFinalPathNameByHandleW
GetModuleFileNameW
CreateFileW
GetFullPathNameW
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadFile
GetFileInformationByHandleEx
WriteFile
DeleteFileW
MoveFileExW
SetFilePointerEx
ExpandEnvironmentStringsW
MultiByteToWideChar
FormatMessageW
GetStdHandle
SetConsoleMode
GetConsoleMode
RtlUnwind
GetFileType
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetStdHandle
GetCPInfo
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
LookupPrivilegeValueW
GetTokenInformation
AdjustTokenPrivileges
SetThreadToken
ConvertStringSidToSidW
SetTokenInformation
GetLengthSid
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
ConvertSidToStringSidW
IsWellKnownSid
CreateWellKnownSid
CopySid
AllocateAndInitializeSid
FreeSid
CheckTokenMembership

shell32

ShellExecuteExW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

Sections

.text
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca8934eca568e2f53991570d74eef711

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

userenv

kernel32

advapi32

shell32

ole32

Sections

.text Size: 354KB - Virtual size: 353KB

.rdata Size: 246KB - Virtual size: 245KB

.data Size: 5KB - Virtual size: 9KB

.pdata Size: 15KB - Virtual size: 14KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 354KB - Virtual size: 353KB

.rdata
Size: 246KB - Virtual size: 245KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 15KB - Virtual size: 14KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 2KB - Virtual size: 2KB