d46e966d978515b900ae003dc3b56225199de590e62165bb073138935e9b4294

Sharing

Copy URL Twitter E-mail

General

Target

d46e966d978515b900ae003dc3b56225199de590e62165bb073138935e9b4294
Size

4.6MB
MD5

078b3ab17372d9f6568dae2be29393e1
SHA1

0539bac46f6aeaa1910a54a24acde9f5e5a1ca5a
SHA256

d46e966d978515b900ae003dc3b56225199de590e62165bb073138935e9b4294
SHA512

a147caeeb7bdcf84d40facb54b69793b8a4eb9fc8ea3e806226f44a9eb2e718fb4e027560c8f3b4cb872bb05cc691b7ee812372b26cce4379e191f5dc88e00e0
SSDEEP

98304:CYZ3vg29zj+z/cB+e5/9uPfdly37pltV9:CYhvgen+z/c/0fdl2JV9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d46e966d978515b900ae003dc3b56225199de590e62165bb073138935e9b4294

Files

d46e966d978515b900ae003dc3b56225199de590e62165bb073138935e9b4294
.exe windows:6 windows x64

e29812e4d707ec43bda440dca1652c1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FlsGetValue
GetProcessHeap
HeapFree
FlsSetValue
FlsFree
GetLastError
HeapAlloc
OpenProcess
FlsAlloc
LocalFree
GetSystemTimes
GetProcessIoCounters
VirtualQueryEx
ReadProcessMemory
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
CreateFileW
GetProcessTimes
GetDiskFreeSpaceExW
GetLogicalDrives
AcquireSRWLockExclusive
CompareStringW
LCMapStringW
IsValidCodePage
FindFirstFileExW
GetSystemInfo
GetCommandLineA
GetModuleHandleExW
WriteFile
LoadLibraryExW
HeapSize
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GlobalMemoryStatusEx
SleepConditionVariableSRW
EnumSystemGeoID
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
TlsFree
TlsAlloc
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
FormatMessageW
DeleteCriticalSection
GetConsoleOutputCP
EnterCriticalSection
GetTickCount64
FreeEnvironmentStringsW
ReleaseMutex
FindClose
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentProcessId
SwitchToThread
Sleep
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
GetStdHandle
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexA
FindNextFileW
GetConsoleMode
GetFileType
EncodePointer
GetModuleHandleW
GetModuleFileNameW
ExitProcess
LeaveCriticalSection
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
CloseHandle

user32

GetCursorPos

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCollectQueryData
PdhOpenQueryA

powrprof

CallNtPowerInformation

ntdll

NtWriteVirtualMemory
NtAllocateVirtualMemory
RtlGetVersion
NtQueryInformationProcess
NtProtectVirtualMemory
NtQuerySystemInformation

advapi32

SystemFunction036
GetTokenInformation
LookupAccountSidW
CopySid
GetLengthSid
IsValidSid
OpenProcessToken

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear

iphlpapi

GetAdaptersAddresses
GetIfEntry2
FreeMibTable
GetIfTable2

netapi32

NetApiBufferFree
NetUserGetInfo
NetUserGetLocalGroups
NetUserEnum

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

bcrypt

BCryptGenRandom

psapi

GetPerformanceInfo
GetModuleFileNameExW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e29812e4d707ec43bda440dca1652c1b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

pdh

powrprof

ntdll

advapi32

shell32

ole32

oleaut32

iphlpapi

netapi32

secur32

bcrypt

psapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 3KB - Virtual size: 13KB

.pdata Size: 66KB - Virtual size: 66KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 212KB - Virtual size: 212KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 3KB - Virtual size: 13KB

.pdata
Size: 66KB - Virtual size: 66KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 212KB - Virtual size: 212KB

.reloc
Size: 26KB - Virtual size: 25KB