d9e6d9301c573c6e9b1a56a2a0a5acf414df1b33635b93e592a6e67ed0288517

Sharing

Copy URL

Twitter E-mail

General

Target

d9e6d9301c573c6e9b1a56a2a0a5acf414df1b33635b93e592a6e67ed0288517
Size

8.0MB
MD5

81695a34f658c8f40ff74f1ebea9e095
SHA1

71c214ac409623caebedb5162bf07cfae17e7541
SHA256

d9e6d9301c573c6e9b1a56a2a0a5acf414df1b33635b93e592a6e67ed0288517
SHA512

67cddf4b0f836c06ce212692727bf51642d6a18ce33b25c4e6d12f41ed325dfb95490ee512f5f804bfe2f8168bf64b10a47a6e066ac676019440d743746585b8
SSDEEP

98304:nTs9FnzeMuPS/3I6Zg26qBpeCn2/+pIbtFvAsf86zOwA59ez/cwpAG6dm+FrhP9:nTsfzP/3BTb4KDvvk3M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9e6d9301c573c6e9b1a56a2a0a5acf414df1b33635b93e592a6e67ed0288517

Files

d9e6d9301c573c6e9b1a56a2a0a5acf414df1b33635b93e592a6e67ed0288517
.exe windows:5 windows x86

e7ab31ae441e0389f31eef93d71c6f46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsGetValue
TlsSetValue
SleepEx
CreateEventW
CreateWaitableTimerA
SetWaitableTimer
MultiByteToWideChar
DeviceIoControl
CreateFileA
GetCurrentProcessId
LockResource
LoadResource
SizeofResource
WriteFile
FindResourceA
GetSystemInfo
GetModuleHandleA
GetVersionExA
WTSGetActiveConsoleSessionId
GetFileAttributesA
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
GetExitCodeProcess
GetModuleFileNameA
LocalAlloc
FindClose
GetSystemTimeAsFileTime
CompareFileTime
FindFirstFileA
FindNextFileA
WaitForSingleObjectEx
SetConsoleCtrlHandler
GetTickCount
FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
GetSystemTime
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
HeapReAlloc
DeleteFileW
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
Sleep
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
VerifyVersionInfoA
VerSetConditionMask
DeleteFileA
CreateProcessA
GetLocalTime
TerminateProcess
GetProcessHeap
HeapFree
HeapAlloc
WaitForMultipleObjects
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedCompareExchange
CreateEventA
CloseHandle
WaitForSingleObject
SetEvent
WideCharToMultiByte
TlsFree
TlsAlloc
FormatMessageW
FormatMessageA
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
GetLastError
LocalFree
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
SetEndOfFile
InterlockedIncrement
SignalObjectAndWait
CreateTimerQueue
DuplicateHandle
SwitchToThread
GetCurrentThread
GetExitCodeThread
EncodePointer
DecodePointer
RaiseException
QueryPerformanceFrequency
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead

user32

ExitWindowsEx
GetSystemMetrics

advapi32

ChangeServiceConfigA
RegOpenKeyExA
RegQueryValueExA
CreateProcessAsUserA
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
StartServiceA
QueryServiceStatusEx
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
ControlService
CloseServiceHandle
RegCloseKey
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerExA
RegSetValueExA
RegCreateKeyExA
InitiateSystemShutdownExA
LookupPrivilegeValueA
AdjustTokenPrivileges

ws2_32

WSAIoctl
select
WSASendTo
accept
__WSAFDIsSet
WSARecv
WSAStringToAddressW
WSAAddressToStringW
WSASocketW
WSASetLastError
ntohs
ntohl
listen
sendto
htonl
getsockopt
getsockname
getpeername
bind
WSAResetEvent
WSACreateEvent
WSASend
WSAGetLastError
setsockopt
inet_ntoa
inet_addr
ioctlsocket
closesocket
WSAStartup
socket
htons
connect
WSACleanup

mswsock

AcceptEx
GetAcceptExSockaddrs

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInfoListDetailA
CM_Get_DevNode_Status_Ex
CM_Get_DevNode_Status
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller

netapi32

NetApiBufferFree
NetWkstaGetInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo
GetAdaptersAddresses
GetIpNetTable
DeleteIpNetEntry
NotifyAddrChange

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7ab31ae441e0389f31eef93d71c6f46

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

mswsock

setupapi

netapi32

version

iphlpapi

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 247KB - Virtual size: 246KB

.data Size: 30KB - Virtual size: 36KB

.rsrc Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 56KB - Virtual size: 56KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 247KB - Virtual size: 246KB

.data
Size: 30KB - Virtual size: 36KB

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 56KB - Virtual size: 56KB