7cca19af403e31007dc015b16ffa75ec9f01de30ffbae9727db14c70c8400864

Sharing

Copy URL

Twitter E-mail

General

Target

7cca19af403e31007dc015b16ffa75ec9f01de30ffbae9727db14c70c8400864
Size

946KB
MD5

52ea8d1b10d5db4e33646547af732a9b
SHA1

34ce8ae2284267d9755cf8ee21f906603a2d16c2
SHA256

7cca19af403e31007dc015b16ffa75ec9f01de30ffbae9727db14c70c8400864
SHA512

811c84bdac59077a25f853cda910a8c9812ea44bdf38ec5a3a50befce10fe090c00227b021572323e523e467f85c51002d75f83c49e4a353194855f2f649ea76
SSDEEP

12288:eyuU+2gf6ojJRBFvNPNpVwOFEq30SXfHL2rn65hYlLHWiOaC+T:e1rZjLBFvJFEAfrQn652tOa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7cca19af403e31007dc015b16ffa75ec9f01de30ffbae9727db14c70c8400864

Files

7cca19af403e31007dc015b16ffa75ec9f01de30ffbae9727db14c70c8400864
.exe windows:6 windows x64

42fe79373cd1a6d479e49328264a11af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

advapi32

RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
RtlVirtualUnwind
RtlLookupFunctionEntry
NtCancelIoFileEx
NtReadFile
RtlCaptureContext

kernel32

GetModuleHandleW
AddVectoredExceptionHandler
HeapFree
InitializeSListHead
AcquireSRWLockExclusive
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetDiskFreeSpaceExW
GetTickCount64
Sleep
ReleaseSRWLockExclusive
CloseHandle
GetLastError
GetProcessHeap
HeapAlloc
HeapReAlloc
GetCurrentThreadId
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetFileCompletionNotificationModes
IsDebuggerPresent
lstrlenW
LoadLibraryA
GetModuleHandleA
GetProcAddress
WriteFileEx
SleepEx
ReadFileEx
FormatMessageW
GetConsoleMode
WaitForSingleObject
GetStdHandle
MultiByteToWideChar
WriteConsoleW
CompareStringOrdinal
TryAcquireSRWLockExclusive
SetThreadStackGuarantee
GetCurrentThread
SetLastError
CreateThread
GetEnvironmentVariableW
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileW
GetFullPathNameW
GetCurrentProcess
DuplicateHandle
SwitchToThread
GetSystemTimeAsFileTime
GetExitCodeProcess
WaitForMultipleObjects
ExitProcess
SetHandleInformation
CancelIo
ReadFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessW
GetFileAttributesW
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateEventW
GetOverlappedResult
IsProcessorFeaturePresent

user32

GetCursorPos
GetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RedrawWindow
DestroyIcon
GetRawInputData
ValidateRect
GetUpdateRect
SystemParametersInfoA
DefWindowProcW
AdjustWindowRectEx
GetMenu
GetSystemMetrics
ChangeDisplaySettingsExW
SetWindowPlacement
GetWindowPlacement
ToUnicodeEx
ShowWindow
SendMessageW
SetWindowLongW
ReleaseCapture
GetActiveWindow
ShowCursor
GetClipCursor
ClipCursor
GetKeyState
RegisterTouchWindow
GetDC
MonitorFromWindow
GetKeyboardLayout
IsProcessDPIAware
RegisterWindowMessageA
SetWindowLongPtrW
PostThreadMessageW
MapVirtualKeyW
SendInput
SetForegroundWindow
DispatchMessageW
TranslateMessage
RegisterRawInputDevices
GetMessageW
CreateWindowExW
RegisterClassExW
GetMonitorInfoW
SetWindowPos
ClientToScreen
GetClientRect
GetWindowLongW
CloseTouchInputHandle
GetTouchInputInfo
SetCursor
LoadCursorW
SetCapture
DestroyWindow
MapVirtualKeyA
GetKeyboardState
MonitorFromRect
ScreenToClient
PeekMessageW
TrackMouseEvent
InvalidateRgn
PostMessageW

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

ole32

RevokeDragDrop
CoUninitialize
CoCreateInstance
RegisterDragDrop
OleInitialize
CoInitializeEx

ws2_32

WSAIoctl
closesocket
socket
WSAGetLastError
connect
recv
bind
ioctlsocket
sendto
recvfrom
getaddrinfo
setsockopt
getsockopt
WSAStartup
WSACleanup
freeaddrinfo
WSASocketW
send

winmm

timeEndPeriod
timeGetDevCaps
timeBeginPeriod

uxtheme

SetWindowTheme

shell32

DragQueryFileW
DragFinish

vcruntime140

memcpy
memmove
memcmp
memset
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-math-l1-1-0

round
floor
trunc
__setusermatherr

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initterm
_set_app_type
_crt_atexit
_register_onexit_function
_initterm_e
_initialize_onexit_table
exit
_seh_filter_exe
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42fe79373cd1a6d479e49328264a11af

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

bcrypt

advapi32

ntdll

kernel32

user32

gdi32

dwmapi

ole32

ws2_32

winmm

uxtheme

shell32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 550KB - Virtual size: 550KB

.rdata Size: 378KB - Virtual size: 378KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 12KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 550KB - Virtual size: 550KB

.rdata
Size: 378KB - Virtual size: 378KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 12KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB