71c655f018b619c4ec207709c74b1e8c7280480d39c3dfcc8dd4a8f852ca0ff5

Sharing

Copy URL Twitter E-mail

General

Target

71c655f018b619c4ec207709c74b1e8c7280480d39c3dfcc8dd4a8f852ca0ff5
Size

3.2MB
MD5

a3199816c4737762856de0aa5d92b8ad
SHA1

926f861e77f776cc9c9e8505d827049495e1b393
SHA256

71c655f018b619c4ec207709c74b1e8c7280480d39c3dfcc8dd4a8f852ca0ff5
SHA512

a6a356081c5b6bcd5a2d177b9f0286dc487af44fbaf3528ce543bbb24f19844898ab42351ca7fcd08ca501ad1701e8acee7e0dd1a0425a474098608c88114302
SSDEEP

49152:bzyxxNLly+W1s+FzhJ5lwJZGVy//efxvb+qknvjcec:RUuy3efxOnvZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71c655f018b619c4ec207709c74b1e8c7280480d39c3dfcc8dd4a8f852ca0ff5

Files

71c655f018b619c4ec207709c74b1e8c7280480d39c3dfcc8dd4a8f852ca0ff5
.exe windows:6 windows x64

7ea2e2db2c7f71d060a367c8f6c7832d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemInfo
GetCurrentProcess
GetCurrentThreadId
SetHandleInformation
GetFileInformationByHandle
GetCurrentProcessId
InitializeSListHead
FormatMessageW
RtlVirtualUnwind
IsDebuggerPresent
WaitForSingleObject
GetLastError
UnhandledExceptionFilter
FreeLibrary
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetProcAddress
LoadLibraryA
SetFileCompletionNotificationModes
SetUnhandledExceptionFilter
Sleep
GetModuleHandleA
HeapFree
HeapAlloc
AcquireSRWLockShared
FindClose
AddVectoredExceptionHandler
SetThreadStackGuarantee
CloseHandle
SwitchToThread
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetProcessHeap
AcquireSRWLockExclusive
GetStdHandle
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockExclusive
HeapReAlloc
WaitForSingleObjectEx
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
GetConsoleMode
GetVolumeInformationW
GetModuleHandleW
GetFullPathNameW
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
WriteConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetDriveTypeW
GetLogicalDrives
ReleaseMutex
IsProcessorFeaturePresent

oleaut32

GetErrorInfo
SysFreeString
SysStringLen

ws2_32

getsockopt
ioctlsocket
connect
bind
WSASocketW
getpeername
getsockname
shutdown
WSASend
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
WSACleanup
closesocket
freeaddrinfo
send
getaddrinfo
recv

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

secur32

FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW
FreeCredentialsHandle
AcquireCredentialsHandleA
EncryptMessage

crypt32

CertFreeCertificateChain
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertDuplicateStore
CertAddCertificateContextToStore
CertOpenStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext

ntdll

NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

vcruntime140

__current_exception_context
memcpy
__CxxFrameHandler3
memcmp
memset
memmove
_CxxThrowException
__C_specific_handler
__current_exception

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_exit
__p___argv
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_configure_narrow_argv
exit
_set_app_type
_seh_filter_exe
_crt_atexit
terminate
__p___argc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ea2e2db2c7f71d060a367c8f6c7832d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

ws2_32

advapi32

secur32

crypt32

ntdll

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 130KB - Virtual size: 130KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 130KB - Virtual size: 130KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 19KB - Virtual size: 18KB