ed735b3fc82a759f9a00a0d0d11d5e49b22261b380c17960acc680f410d84d95

Sharing

Copy URL Twitter E-mail

General

Target

ed735b3fc82a759f9a00a0d0d11d5e49b22261b380c17960acc680f410d84d95
Size

1.2MB
MD5

57f24641073640029251a60bc431a1c0
SHA1

356199326adeca440c8cebb67df1f3388f3d5b5c
SHA256

ed735b3fc82a759f9a00a0d0d11d5e49b22261b380c17960acc680f410d84d95
SHA512

1141b86ed85f6a370e7b2bdfb8cafed07c2a7050e46a7b2e7d66b9ec187d74ea5323428f71699ca80037578b9a0aa50c874bb41bb94442dcc960ad8b47048c99
SSDEEP

24576:zwCylI7qtX92y9fpyqS1sKAfNQn652DOuv7:f7qtX9d9fpy7s5YVb7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed735b3fc82a759f9a00a0d0d11d5e49b22261b380c17960acc680f410d84d95

Files

ed735b3fc82a759f9a00a0d0d11d5e49b22261b380c17960acc680f410d84d95
.exe windows:6 windows x64

e82fc55eace805440a979c6f465bcdd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

advapi32

RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
RtlVirtualUnwind
RtlLookupFunctionEntry
NtCancelIoFileEx
RtlCaptureContext
NtReadFile

kernel32

GetModuleHandleW
HeapFree
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
IsDebuggerPresent
UnhandledExceptionFilter
GetDiskFreeSpaceExW
GetTickCount64
Sleep
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
AcquireSRWLockExclusive
CloseHandle
GetCurrentThreadId
GetProcessHeap
HeapAlloc
HeapReAlloc
SetLastError
GetFinalPathNameByHandleW
InitializeSListHead
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
lstrlenW
SwitchToThread
PostQueuedCompletionStatus
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
FormatMessageW
GetCurrentProcess
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetEnvironmentVariableW
CreateFileW
GetFullPathNameW
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentDirectoryW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetHandleInformation
WriteFileEx
SleepEx
ReadFileEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
CreateEventW
CancelIo
GetOverlappedResult
ReadFile
ExitProcess
WaitForMultipleObjects
GetExitCodeProcess
IsProcessorFeaturePresent

user32

GetMonitorInfoW
PostThreadMessageW
MsgWaitForMultipleObjectsEx
DestroyIcon
GetRawInputData
ValidateRect
GetUpdateRect
SystemParametersInfoA
SetWindowLongPtrW
MapVirtualKeyW
AdjustWindowRectEx
GetKeyboardState
PostMessageW
ChangeDisplaySettingsExW
SetWindowPlacement
GetWindowPlacement
GetMenu
ShowWindow
SendMessageW
SetWindowLongW
ReleaseCapture
GetActiveWindow
ShowCursor
GetClipCursor
ClipCursor
ToUnicodeEx
SendInput
GetWindowLongPtrW
RedrawWindow
RegisterWindowMessageA
DefWindowProcW
GetSystemMetrics
SetForegroundWindow
GetKeyState
RegisterTouchWindow
GetDC
MonitorFromWindow
IsProcessDPIAware
DispatchMessageW
TranslateMessage
RegisterRawInputDevices
GetMessageW
CreateWindowExW
RegisterClassExW
SetWindowPos
GetCursorPos
ClientToScreen
GetClientRect
GetWindowLongW
CloseTouchInputHandle
GetTouchInputInfo
SetCursor
LoadCursorW
SetCapture
DestroyWindow
MapVirtualKeyA
MonitorFromRect
ScreenToClient
GetKeyboardLayout
TrackMouseEvent
InvalidateRgn
PeekMessageW

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ole32

RevokeDragDrop
CoUninitialize
CoCreateInstance
RegisterDragDrop
OleInitialize
CoInitializeEx

ws2_32

closesocket
send
WSAGetLastError
connect
freeaddrinfo
recv
bind
WSAIoctl
sendto
recvfrom
socket
setsockopt
getsockopt
ioctlsocket
getaddrinfo
WSAStartup
WSACleanup
WSASocketW

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps

uxtheme

SetWindowTheme

shell32

DragQueryFileW
DragFinish

vcruntime140

memcpy
__CxxFrameHandler3
memmove
memcmp
memset
__C_specific_handler
__current_exception_context
__current_exception

api-ms-win-crt-math-l1-1-0

floor
trunc
__setusermatherr
round

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initterm_e
exit
_seh_filter_exe
_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e82fc55eace805440a979c6f465bcdd4

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

bcrypt

advapi32

ntdll

kernel32

user32

gdi32

dwmapi

ole32

ws2_32

winmm

uxtheme

shell32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 708KB - Virtual size: 707KB

.rdata Size: 458KB - Virtual size: 457KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 19KB - Virtual size: 18KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 708KB - Virtual size: 707KB

.rdata
Size: 458KB - Virtual size: 457KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 19KB - Virtual size: 18KB

.reloc
Size: 5KB - Virtual size: 4KB