70bb2ee4b32c8cb7f8039e4970150785353ea49a88987b346011362174285b00

Sharing

Copy URL Twitter E-mail

General

Target

70bb2ee4b32c8cb7f8039e4970150785353ea49a88987b346011362174285b00
Size

719KB
MD5

2282d115b4b9032c78baa59da5801c01
SHA1

869782c5887311cc7233ab9ffafa7970cecde4f9
SHA256

70bb2ee4b32c8cb7f8039e4970150785353ea49a88987b346011362174285b00
SHA512

ad9e9b10d45877a762c54af8ae4cd6bbd3304fb86be9755d024189c372c3a871b6f5d74454a1930779e5b00fc087621ab09274a70ef60f82ae071696241d29a2
SSDEEP

12288:GCprvCMqKF8wJrQ1vLy1mp202XpY82YjrUTZia/3o3nJ:7qMqsrK582Yj4ca/2nJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70bb2ee4b32c8cb7f8039e4970150785353ea49a88987b346011362174285b00

Files

70bb2ee4b32c8cb7f8039e4970150785353ea49a88987b346011362174285b00
.exe windows:6 windows x64

7505df8913e681b1493b8c5f0ec050cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError
NtWriteFile
RtlVirtualUnwind

kernel32

GetCommandLineW
GetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
GetProcAddress
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
AcquireSRWLockExclusive
WaitForSingleObject
TryAcquireSRWLockExclusive
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetLastError
MultiByteToWideChar
WriteConsoleW
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
ReleaseSRWLockShared
ReleaseMutex
CloseHandle
GetFileInformationByHandleEx
GetFileType
SetConsoleTextAttribute
SetConsoleMode
GetConsoleMode
GetConsoleScreenBufferInfo
GetStdHandle
ReleaseSRWLockExclusive
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
IsProcessorFeaturePresent

vcruntime140

_CxxThrowException
memcmp
memset
__CxxFrameHandler3
__C_specific_handler
__current_exception_context
__current_exception
memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
terminate
_get_initial_narrow_environment
_initterm_e
exit
_configure_narrow_argv
_exit
_crt_atexit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_register_onexit_function
_initialize_onexit_table
_initterm

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7505df8913e681b1493b8c5f0ec050cf

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 529KB - Virtual size: 529KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 512B - Virtual size: 792B

.pdata Size: 25KB - Virtual size: 25KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 529KB - Virtual size: 529KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 512B - Virtual size: 792B

.pdata
Size: 25KB - Virtual size: 25KB

.reloc
Size: 3KB - Virtual size: 2KB