9bdf4d72bab96b3b36139aa579f95bf4bf0e5305f71bf866678ae7dbfd0396c8

Sharing

Copy URL Twitter E-mail

General

Target

9bdf4d72bab96b3b36139aa579f95bf4bf0e5305f71bf866678ae7dbfd0396c8
Size

1.1MB
MD5

a9561624a87bd76caef1a3ba0666aa4c
SHA1

7730a4e0e62a53af3bc481e645de5d1e10f9283e
SHA256

9bdf4d72bab96b3b36139aa579f95bf4bf0e5305f71bf866678ae7dbfd0396c8
SHA512

494436eda93d040707ad88aeb453137c1008ef5535653417331a3b456a91a45aa8f6939b6d4375d3d886612f6eaab94ca106963608e9a7b3ba5dee9fd092bb61
SSDEEP

24576:OkpdGYh3VFTc+5AHYkt7wJfk5IQn652tOyy/K:rpsY3FTcwAHYywJf8/fKi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bdf4d72bab96b3b36139aa579f95bf4bf0e5305f71bf866678ae7dbfd0396c8

Files

9bdf4d72bab96b3b36139aa579f95bf4bf0e5305f71bf866678ae7dbfd0396c8
.exe windows:6 windows x64

b9f82c35a83ffe43e52a1ec45a47b757

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

advapi32

RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW

ntdll

NtDeviceIoControlFile
NtCreateFile
NtCancelIoFileEx
RtlVirtualUnwind
RtlLookupFunctionEntry
NtReadFile
NtWriteFile
RtlNtStatusToDosError
RtlCaptureContext

user32

GetWindowPlacement
ReleaseCapture
GetMenu
AdjustWindowRectEx
SystemParametersInfoA
RegisterTouchWindow
ShowWindow
SendMessageW
SetWindowLongW
GetActiveWindow
ShowCursor
GetClipCursor
ClipCursor
GetDC
MsgWaitForMultipleObjectsEx
MapVirtualKeyW
SetWindowPlacement
ChangeDisplaySettingsExW
GetKeyboardLayout
GetKeyState
ToUnicodeEx
GetKeyboardState
DispatchMessageW
SendInput
DestroyIcon
SetForegroundWindow
GetUpdateRect
PeekMessageW
InvalidateRgn
TranslateMessage
RegisterRawInputDevices
IsProcessDPIAware
GetWindowLongPtrW
PostThreadMessageW
GetMessageW
CreateWindowExW
RegisterClassExW
RegisterWindowMessageA
GetRawInputData
TrackMouseEvent
ValidateRect
ScreenToClient
PostMessageW
MonitorFromRect
GetSystemMetrics
MapVirtualKeyA
SetWindowLongPtrW
DestroyWindow
SetCapture
LoadCursorW
SetCursor
GetTouchInputInfo
CloseTouchInputHandle
RedrawWindow
DefWindowProcW
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
ClientToScreen
GetClientRect
GetWindowLongW

ole32

RegisterDragDrop
RevokeDragDrop
CoInitializeEx
OleInitialize
CoCreateInstance
CoUninitialize

kernel32

ReleaseSRWLockExclusive
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
GetProcAddress
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
CreateFileW
GetFullPathNameW
GetModuleHandleA
Sleep
GetQueuedCompletionStatusEx
GetFinalPathNameByHandleW
SetLastError
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateNamedPipeW
CreateThread
SetThreadStackGuarantee
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
GetOverlappedResult
ReadFile
WaitForMultipleObjects
GetExitCodeProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
PostQueuedCompletionStatus
SwitchToThread
CloseHandle
GetLastError
SetFileCompletionNotificationModes
CreateIoCompletionPort
AcquireSRWLockExclusive
HeapReAlloc
GetProcessHeap
AddVectoredExceptionHandler
GetCurrentThreadId
HeapAlloc
HeapFree
InitializeSListHead
IsDebuggerPresent
GetCurrentThread
lstrlenW
GetDiskFreeSpaceExW
GetTickCount64
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForSingleObjectEx
IsProcessorFeaturePresent

ws2_32

WSAStartup
WSACleanup
WSASocketW
connect
freeaddrinfo
getsockopt
sendto
recvfrom
recv
send
closesocket
getaddrinfo
ioctlsocket
socket
WSAGetLastError
setsockopt
WSAIoctl
bind

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod

uxtheme

SetWindowTheme

shell32

DragQueryFileW
DragFinish

vcruntime140

__CxxFrameHandler3
__current_exception_context
__current_exception
__C_specific_handler
memmove
memcpy
memset
memcmp

api-ms-win-crt-math-l1-1-0

floor
trunc
round
__setusermatherr

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_initialize_onexit_table
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_exit
exit
_initterm_e
_register_onexit_function
terminate
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_set_app_type

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 750KB - Virtual size: 750KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9f82c35a83ffe43e52a1ec45a47b757

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

bcrypt

advapi32

ntdll

user32

ole32

kernel32

ws2_32

gdi32

dwmapi

winmm

uxtheme

shell32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 750KB - Virtual size: 750KB

.rdata Size: 349KB - Virtual size: 348KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 20KB - Virtual size: 20KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 750KB - Virtual size: 750KB

.rdata
Size: 349KB - Virtual size: 348KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 20KB - Virtual size: 20KB

.reloc
Size: 5KB - Virtual size: 4KB