0e2c3c46e07d7d73f55b3d1c700af8a16f983ae66f93b7019109c58d2205506b

Sharing

Copy URL

Twitter E-mail

General

Target

0e2c3c46e07d7d73f55b3d1c700af8a16f983ae66f93b7019109c58d2205506b
Size

419KB
MD5

278a571b43e32507f1b002ad9ae79bd9
SHA1

475ae897ffb2725536c76b9e73ff6b49a7bc889d
SHA256

0e2c3c46e07d7d73f55b3d1c700af8a16f983ae66f93b7019109c58d2205506b
SHA512

d19f65b3ce656ac69e132cb814315ae0868c9becc9ade2bd552c61df4a6af7227d833ed1b355b458be1b616751de5388915446723fcad81042be537b8905edcf
SSDEEP

6144:9LxNHizKOpwX97k4l2fhCI1hSMXlBXBWgMOOP9i/EH:tH2K48SUI1hSMXlFyw/Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e2c3c46e07d7d73f55b3d1c700af8a16f983ae66f93b7019109c58d2205506b

Files

0e2c3c46e07d7d73f55b3d1c700af8a16f983ae66f93b7019109c58d2205506b
.exe windows:6 windows x64

5681414e0b2bbea7934f96fe4e27999e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

SetFilePointerEx
GetCurrentProcessId
GetCurrentProcess
CreateProcessW
GetProcessId
LocalFree
CreateFileW
HeapFree
GetProcessHeap
SetLastError
SleepEx
GetTickCount64
GetStringTypeW
WriteFile
GetExitCodeProcess
SetCurrentDirectoryW
FreeConsole
CloseHandle
AttachConsole
GetLastError
OpenProcess
WaitForSingleObject
GetEnvironmentVariableW
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleOutputCP
HeapSize
HeapReAlloc
HeapAlloc
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExpandEnvironmentStringsW
GetModuleFileNameW
MultiByteToWideChar
FormatMessageW
GetModuleHandleW
GetFileInformationByHandleEx
GetStdHandle
SetConsoleMode
GetConsoleMode
WriteConsoleW
GetFileType
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetStdHandle
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetTimeZoneInformation
WideCharToMultiByte
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

advapi32

StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
LookupPrivilegeValueW
IsWellKnownSid
GetTokenInformation
AdjustTokenPrivileges
SetThreadToken
ConvertStringSidToSidW
SetTokenInformation
GetLengthSid
FreeSid
DuplicateTokenEx
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
CreateProcessAsUserW

shell32

ShellExecuteExW

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5681414e0b2bbea7934f96fe4e27999e

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

userenv

kernel32

advapi32

shell32

Sections

.text Size: 163KB - Virtual size: 162KB

.rdata Size: 187KB - Virtual size: 186KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 53KB - Virtual size: 53KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 163KB - Virtual size: 162KB

.rdata
Size: 187KB - Virtual size: 186KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 53KB - Virtual size: 53KB

.reloc
Size: 2KB - Virtual size: 1KB