a9ba9bfae300c323ab196355e26bfb37a41f278c6b0390d7e2f6a093f7d68b7f

Sharing

Copy URL Twitter E-mail

General

Target

a9ba9bfae300c323ab196355e26bfb37a41f278c6b0390d7e2f6a093f7d68b7f
Size

1017KB
MD5

754a17439d1b6646f9cff7a5a5d4acc6
SHA1

869f9f063b5b78b728993970ed6f50c0f752980f
SHA256

a9ba9bfae300c323ab196355e26bfb37a41f278c6b0390d7e2f6a093f7d68b7f
SHA512

ffbaf0b334bd18140e469fe353d146b0193a7b9aedd92ff63a89fd0e0f9001477a795ab1d7f88dd102bb00865ba8d2d9e09217fcf4876039b0494be33642f2a6
SSDEEP

24576:bPrgm61OL+NA608NgsQ1CQcv6rWH5Byu:JD6duF1RcaWZByu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9ba9bfae300c323ab196355e26bfb37a41f278c6b0390d7e2f6a093f7d68b7f

Files

a9ba9bfae300c323ab196355e26bfb37a41f278c6b0390d7e2f6a093f7d68b7f
.exe windows:6 windows x64

c42e409f268af3af25c7d88fb4a6afaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SystemFunction036

kernel32

AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SwitchToThread
GetCommandLineW
HeapFree
SetLastError
GetModuleFileNameW
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapReAlloc
CloseHandle
TryAcquireSRWLockExclusive
PostQueuedCompletionStatus
WakeConditionVariable
GetStdHandle
GetFileInformationByHandleEx
GetConsoleMode
WakeAllConditionVariable
LeaveCriticalSection
SleepConditionVariableSRW
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
GetEnvironmentVariableW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
WriteFile
WriteConsoleW
TlsAlloc
GetModuleHandleW
FormatMessageW
ReadFile
ReadConsoleW
InitializeCriticalSection
EnterCriticalSection
SetHandleInformation
ExitProcess
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
CreateThread
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
DeleteCriticalSection
InitOnceExecuteOnce
GetTickCount64
SetFileCompletionNotificationModes
CreateFileW
SetFilePointerEx
GetFileSizeEx
HeapSize
GetConsoleOutputCP
FlushFileBuffers
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetFileType
GetModuleHandleExW
GetCommandLineA
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW

ws2_32

WSAIoctl
WSACleanup
getsockname
WSASocketW
freeaddrinfo
getaddrinfo
WSAStartup
shutdown
WSAGetLastError
recv
getpeername
accept
ioctlsocket
listen
closesocket
bind
send

Sections

.text
Size: 789KB - Virtual size: 789KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c42e409f268af3af25c7d88fb4a6afaa

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ws2_32

Sections

.text Size: 789KB - Virtual size: 789KB

.rdata Size: 187KB - Virtual size: 186KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 28KB - Virtual size: 28KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 789KB - Virtual size: 789KB

.rdata
Size: 187KB - Virtual size: 186KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 28KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 7KB - Virtual size: 7KB