79dc27778eef2efed781951ce64fc6ad0bd54b9915ad371310ece13cb3cc241f

Sharing

Copy URL Twitter E-mail

General

Target

79dc27778eef2efed781951ce64fc6ad0bd54b9915ad371310ece13cb3cc241f
Size

1.2MB
MD5

1dd132b739b4e977c8d3f1aae73327e9
SHA1

b2d2e1d7fa622c20bee72c5ab70a98e91fedf8bb
SHA256

79dc27778eef2efed781951ce64fc6ad0bd54b9915ad371310ece13cb3cc241f
SHA512

88e7030631afd8d93fb71cf22059f1105ce4f52a671d816c8385201a4a6dfb67b2e406e33400d722e06cd8e0b09b8cd0b31c7d7eac3a26925b83f1a0b93e3bf7
SSDEEP

24576:d7h1WW9hsOf1KHhq+rpp1g4F8Af1Qn652MOu:hCW97f1KBq+rpg4Jw2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79dc27778eef2efed781951ce64fc6ad0bd54b9915ad371310ece13cb3cc241f

Files

79dc27778eef2efed781951ce64fc6ad0bd54b9915ad371310ece13cb3cc241f
.exe windows:6 windows x64

f725af44ea22bdb6da6027c7061a0736

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

advapi32

RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
RtlVirtualUnwind
RtlLookupFunctionEntry
NtCancelIoFileEx
RtlCaptureContext
NtReadFile

kernel32

HeapFree
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
GetModuleHandleW
GetTickCount64
Sleep
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
AcquireSRWLockExclusive
CloseHandle
GetCurrentThreadId
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapReAlloc
SetLastError
GetFinalPathNameByHandleW
GetDiskFreeSpaceExW
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
lstrlenW
SwitchToThread
PostQueuedCompletionStatus
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
FormatMessageW
CreateFileW
GetFullPathNameW
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentDirectoryW
GetSystemTimeAsFileTime
QueryPerformanceFrequency
SetHandleInformation
WriteFileEx
SleepEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateNamedPipeW
CreateThread
ReadFileEx
CreateEventW
CancelIo
GetOverlappedResult
ReadFile
ExitProcess
WaitForMultipleObjects
GetExitCodeProcess
QueryPerformanceCounter
IsProcessorFeaturePresent

user32

AdjustWindowRectEx
GetMenu
ToUnicodeEx
DestroyIcon
GetRawInputData
ValidateRect
GetUpdateRect
SystemParametersInfoA
PostMessageW
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetWindowLongPtrW
ChangeDisplaySettingsExW
SetWindowPlacement
GetWindowPlacement
RedrawWindow
ShowWindow
SendMessageW
SetWindowLongW
ReleaseCapture
GetActiveWindow
ShowCursor
GetClipCursor
ClipCursor
RegisterWindowMessageA
DefWindowProcW
GetSystemMetrics
RegisterTouchWindow
GetDC
MonitorFromWindow
MapVirtualKeyW
SendInput
MsgWaitForMultipleObjectsEx
SetForegroundWindow
SetWindowPos
InvalidateRgn
IsProcessDPIAware
DispatchMessageW
TranslateMessage
RegisterRawInputDevices
GetMessageW
CreateWindowExW
RegisterClassExW
GetMonitorInfoW
GetCursorPos
ClientToScreen
GetClientRect
GetWindowLongW
CloseTouchInputHandle
GetTouchInputInfo
SetCursor
LoadCursorW
SetCapture
DestroyWindow
MapVirtualKeyA
MonitorFromRect
ScreenToClient
PostThreadMessageW
TrackMouseEvent
SetWindowLongPtrW
PeekMessageW

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

ole32

RevokeDragDrop
CoUninitialize
CoCreateInstance
RegisterDragDrop
OleInitialize
CoInitializeEx

ws2_32

send
closesocket
recv
bind
WSAGetLastError
connect
WSAIoctl
WSACleanup
sendto
recvfrom
socket
setsockopt
getsockopt
ioctlsocket
freeaddrinfo
getaddrinfo
WSAStartup
WSASocketW

winmm

timeBeginPeriod
timeEndPeriod
timeGetDevCaps

uxtheme

SetWindowTheme

shell32

DragQueryFileW
DragFinish

vcruntime140

memcpy
memmove
memcmp
memset
__CxxFrameHandler3
__C_specific_handler
__current_exception_context
__current_exception

api-ms-win-crt-math-l1-1-0

trunc
round
floor
__setusermatherr

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

terminate
_configure_narrow_argv
_seh_filter_exe
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_set_app_type
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_c_exit
_cexit
__p___argv
__p___argc
_initterm
_exit
exit
_initterm_e

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f725af44ea22bdb6da6027c7061a0736

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

bcrypt

advapi32

ntdll

kernel32

user32

gdi32

dwmapi

ole32

ws2_32

winmm

uxtheme

shell32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 713KB - Virtual size: 712KB

.rdata Size: 460KB - Virtual size: 459KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 19KB - Virtual size: 19KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 713KB - Virtual size: 712KB

.rdata
Size: 460KB - Virtual size: 459KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 19KB - Virtual size: 19KB

.reloc
Size: 5KB - Virtual size: 4KB