9563247829ea52dc33b787bcf5f6554ec512b0345bf6bb9f681c2083e41ae5ef

Sharing

Copy URL Twitter E-mail

General

Target

9563247829ea52dc33b787bcf5f6554ec512b0345bf6bb9f681c2083e41ae5ef
Size

1.2MB
MD5

a1d54f9aede6c668172681e55b4e4b67
SHA1

779e12cf6b6ab49c456a62110d4f8b8cc944eca2
SHA256

9563247829ea52dc33b787bcf5f6554ec512b0345bf6bb9f681c2083e41ae5ef
SHA512

8e88fb4e8213f39b1e67e85ee728a789e796399847ab94f285d715bf4d4aac6c3e731be89579f4814dcd720d8f9ff1f6d6e875cc78f26c9ea431696ff8c9a94e
SSDEEP

24576:x9AAEqdVtwdPVDfiyamtkKAfNQn652DOuv7K:DdVtwdNDfiyXk5YVb7K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9563247829ea52dc33b787bcf5f6554ec512b0345bf6bb9f681c2083e41ae5ef

Files

9563247829ea52dc33b787bcf5f6554ec512b0345bf6bb9f681c2083e41ae5ef
.exe windows:6 windows x64

e82fc55eace805440a979c6f465bcdd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

advapi32

RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
RtlVirtualUnwind
RtlLookupFunctionEntry
NtCancelIoFileEx
RtlCaptureContext
NtReadFile

kernel32

GetModuleHandleW
HeapFree
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
IsDebuggerPresent
UnhandledExceptionFilter
GetDiskFreeSpaceExW
GetTickCount64
Sleep
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
AcquireSRWLockExclusive
CloseHandle
GetCurrentThreadId
GetProcessHeap
HeapAlloc
HeapReAlloc
SetLastError
GetFinalPathNameByHandleW
InitializeSListHead
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
lstrlenW
SwitchToThread
PostQueuedCompletionStatus
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
FormatMessageW
GetCurrentProcess
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetEnvironmentVariableW
CreateFileW
GetFullPathNameW
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentDirectoryW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetHandleInformation
WriteFileEx
SleepEx
ReadFileEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
CreateEventW
CancelIo
GetOverlappedResult
ReadFile
ExitProcess
WaitForMultipleObjects
GetExitCodeProcess
IsProcessorFeaturePresent

user32

GetMonitorInfoW
PostThreadMessageW
MsgWaitForMultipleObjectsEx
DestroyIcon
GetRawInputData
ValidateRect
GetUpdateRect
SystemParametersInfoA
SetWindowLongPtrW
MapVirtualKeyW
AdjustWindowRectEx
GetKeyboardState
PostMessageW
ChangeDisplaySettingsExW
SetWindowPlacement
GetWindowPlacement
GetMenu
ShowWindow
SendMessageW
SetWindowLongW
ReleaseCapture
GetActiveWindow
ShowCursor
GetClipCursor
ClipCursor
ToUnicodeEx
SendInput
GetWindowLongPtrW
RedrawWindow
RegisterWindowMessageA
DefWindowProcW
GetSystemMetrics
SetForegroundWindow
GetKeyState
RegisterTouchWindow
GetDC
MonitorFromWindow
IsProcessDPIAware
DispatchMessageW
TranslateMessage
RegisterRawInputDevices
GetMessageW
CreateWindowExW
RegisterClassExW
SetWindowPos
GetCursorPos
ClientToScreen
GetClientRect
GetWindowLongW
CloseTouchInputHandle
GetTouchInputInfo
SetCursor
LoadCursorW
SetCapture
DestroyWindow
MapVirtualKeyA
MonitorFromRect
ScreenToClient
GetKeyboardLayout
TrackMouseEvent
InvalidateRgn
PeekMessageW

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ole32

RevokeDragDrop
CoUninitialize
CoCreateInstance
RegisterDragDrop
OleInitialize
CoInitializeEx

ws2_32

closesocket
send
WSAGetLastError
connect
freeaddrinfo
recv
bind
WSAIoctl
sendto
recvfrom
socket
setsockopt
getsockopt
ioctlsocket
getaddrinfo
WSAStartup
WSACleanup
WSASocketW

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps

uxtheme

SetWindowTheme

shell32

DragQueryFileW
DragFinish

vcruntime140

memcpy
__CxxFrameHandler3
memmove
memcmp
memset
__C_specific_handler
__current_exception_context
__current_exception

api-ms-win-crt-math-l1-1-0

floor
trunc
__setusermatherr
round

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initterm_e
exit
_seh_filter_exe
_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e82fc55eace805440a979c6f465bcdd4

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

bcrypt

advapi32

ntdll

kernel32

user32

gdi32

dwmapi

ole32

ws2_32

winmm

uxtheme

shell32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 708KB - Virtual size: 707KB

.rdata Size: 458KB - Virtual size: 457KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 19KB - Virtual size: 18KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 708KB - Virtual size: 707KB

.rdata
Size: 458KB - Virtual size: 457KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 19KB - Virtual size: 18KB

.reloc
Size: 5KB - Virtual size: 4KB