a4e513bd8195662b8eb847271a85423011fc9ddb4393dcfeedd9f9ca7594f734

Sharing

Copy URL

Twitter E-mail

General

Target

a4e513bd8195662b8eb847271a85423011fc9ddb4393dcfeedd9f9ca7594f734
Size

1.3MB
MD5

9c39566329dffae5df1e7af7e264b004
SHA1

341ea1338d594cc66a22676e040c790c4b1332dd
SHA256

a4e513bd8195662b8eb847271a85423011fc9ddb4393dcfeedd9f9ca7594f734
SHA512

26ce2a3bf31a5a4f6fb6db018567871292ef7ed18ad2f81ecfb5006de6f8b42a1e0d8b0204985c9c5a0346e582252f4040c6c581cbc42ad776b5f1018cf7766b
SSDEEP

24576:WiBJjUmry1OL89MdFVzZ85O6EQFvcQsx4MWf1701eGtVTV/rIYkz:WiBJjUmrgOL8ud3zZ85O6EssRecVTJri

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4e513bd8195662b8eb847271a85423011fc9ddb4393dcfeedd9f9ca7594f734

Files

a4e513bd8195662b8eb847271a85423011fc9ddb4393dcfeedd9f9ca7594f734
.exe windows:6 windows x64

b664cc4a7fb9a09cf76ab79d8045d4d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

crypt32

CryptQueryObject
CertCloseStore
CertFreeCertificateContext
CryptMsgClose
CertGetNameStringW
CertFindCertificateInStore
CryptDecodeObject
CryptMsgGetParam

wintrust

WinVerifyTrust

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

mfc140u

ord2370
ord4794
ord4800
ord4806
ord4788
ord4843
ord4776
ord1755
ord1734
ord1748
ord1722
ord1700
ord11940
ord11944
ord13513
ord3173
ord8947
ord10691
ord9159
ord6729
ord8656
ord14209
ord11625
ord3713
ord3718
ord11771
ord8830
ord11415
ord11414
ord5451
ord9979
ord9975
ord9977
ord9978
ord9976
ord14360
ord7913
ord9946
ord3209
ord3212
ord8900
ord9941
ord7922
ord5227
ord7450
ord7461
ord7460
ord5062
ord5229
ord5083
ord5555
ord5339
ord9041
ord14211
ord5363
ord5080
ord6361
ord3803
ord2212
ord8441
ord3951
ord1089
ord6614
ord983
ord13545
ord6122
ord14289
ord6123
ord14290
ord6121
ord14288
ord7719
ord12212
ord14088
ord11665
ord11664
ord2011
ord7668
ord12625
ord3949
ord4011
ord9089
ord14216
ord7650
ord14210
ord12223
ord12222
ord2439
ord10070
ord5183
ord8023
ord7716
ord4445
ord12544
ord12606
ord10124
ord11929
ord8084
ord1450
ord7393
ord8167
ord11901
ord11933
ord7920
ord11921
ord5706
ord3731
ord2967
ord4352
ord9384
ord2187
ord4725
ord2479
ord13999
ord878
ord1369
ord2222
ord4853
ord446
ord3071
ord5582
ord3307
ord3308
ord10163
ord4360
ord11085
ord10704
ord8731
ord11854
ord8901
ord2697
ord13397
ord6000
ord11813
ord10727
ord7233
ord4828
ord4767
ord11850
ord4752
ord4814
ord3172
ord3278
ord3279
ord3812
ord11806
ord2629
ord5723
ord13354
ord13761
ord11406
ord6631
ord4859
ord14217
ord4086
ord7651
ord4782
ord5552
ord4837
ord6285

kernel32

InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
FileTimeToLocalFileTime
DeleteCriticalSection
CreateMutexW
Sleep
WritePrivateProfileStringW
GetPrivateProfileIntW
HeapAlloc
GetModuleFileNameW
GetProcessId
WaitForSingleObject
OpenProcess
FileTimeToSystemTime
HeapFree
OutputDebugStringW
lstrcmpA
SystemTimeToFileTime
SetLastError
CloseHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
CreateEventW
GetModuleHandleW
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetProcAddress

user32

SetWindowLongW
GetClientRect
LoadIconW
GetSubMenu
SetForegroundWindow
IsIconic
GetCursorPos
FindWindowW
LoadMenuW
PostMessageW
SendMessageW
GetSystemMetrics
PostQuitMessage
DrawIcon
EnableWindow

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

vcruntime140

memset
__std_exception_destroy
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
memmove
__std_terminate
__std_exception_copy
memcpy

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vsscanf

api-ms-win-crt-string-l1-1-0

_stricmp
wcscpy_s
strncpy_s
_wcsicmp
_wcsnicmp
wcsncpy_s

api-ms-win-crt-runtime-l1-1-0

exit
_invalid_parameter_noinfo_noreturn
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_app_type
_exit
_initialize_wide_environment
_initterm_e
_initterm
_get_wide_winmain_command_line
_configure_wide_argv

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b664cc4a7fb9a09cf76ab79d8045d4d9

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

crypt32

wintrust

shlwapi

mfc140u

kernel32

user32

advapi32

shell32

comctl32

psapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 7KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 7KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1.2MB - Virtual size: 1.8MB