264a599f23c1e3944d2649a7571827acf3c83104fc3ea4f8c4a82d5a31bbc48e

Sharing

Copy URL Twitter E-mail

General

Target

264a599f23c1e3944d2649a7571827acf3c83104fc3ea4f8c4a82d5a31bbc48e
Size

378KB
MD5

94213020dc6ccedb476574dcb881041c
SHA1

72de0728b802f9f699dcd30ae6ed11722076b01f
SHA256

264a599f23c1e3944d2649a7571827acf3c83104fc3ea4f8c4a82d5a31bbc48e
SHA512

53f7d1a0cf092cc131a32b0c91b07d4c83e280a93ba7a82532d366edf3b83caaebc345817f2c109432f77626a7a33cd0861e91196082a27121f0985ec3bc6f74
SSDEEP

6144:aK7NAF5y5zerJBbHnV/FBwmyMX+pCAdL6hfhhS3p4sdLwuMeQP4pP5qwtv:/7NAFOzezBwmyMX+pCAdAfduGSL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
264a599f23c1e3944d2649a7571827acf3c83104fc3ea4f8c4a82d5a31bbc48e

Files

264a599f23c1e3944d2649a7571827acf3c83104fc3ea4f8c4a82d5a31bbc48e
.exe windows:5 windows x64

47365ecd88bfdfcf724c60a6cabeeb77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
GetModuleFileNameW
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameA
GetCommandLineA
RtlLookupFunctionEntry
GetACP
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
OutputDebugStringA
OutputDebugStringW
CloseHandle
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
CreateFileW
GetCommandLineW
RtlCaptureContext

advapi32

SystemFunction036

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47365ecd88bfdfcf724c60a6cabeeb77

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 285KB - Virtual size: 284KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 248B

.text
Size: 285KB - Virtual size: 284KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 248B