02083b5bb25e3c89d5e35d7f25fb97888153e0c2e7a697aa6eee3817da7b89bb

Sharing

Copy URL Twitter E-mail

General

Target

02083b5bb25e3c89d5e35d7f25fb97888153e0c2e7a697aa6eee3817da7b89bb
Size

20.7MB
MD5

b683d3576368701b9909c0aa2d5f8551
SHA1

1118b798b1a950dd98d03263b466337070fc9297
SHA256

02083b5bb25e3c89d5e35d7f25fb97888153e0c2e7a697aa6eee3817da7b89bb
SHA512

fbf71a4758e9e2596cc74791aad4c2f13536144136691ddb13fef17faea8433231961e03893e34775d934b1b95619f5b47ffb840795a72bd09e4ac1d26a38426
SSDEEP

393216:SkHKN7u6KbbnGtRKjHLJMJGN0MdNkcQ04yNsH2d1P/mi5cymDrn/Ztiqx2WCCCXV:SkHjQD2LJIwNkcQ04yNsH2d1P/mi5cyf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02083b5bb25e3c89d5e35d7f25fb97888153e0c2e7a697aa6eee3817da7b89bb

Files

02083b5bb25e3c89d5e35d7f25fb97888153e0c2e7a697aa6eee3817da7b89bb
.exe windows:6 windows x64

53486c8c9fce6d19cf233ccec16891f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mpr

WNetGetConnectionW

shell32

SHGetMalloc
IsUserAnAdmin
ShellExecuteExW

user32

CreateWindowExW
GetMessageW
CharToOemBuffA
TranslateMessage
CharLowerBuffA
CharLowerBuffW
PeekMessageA
PeekMessageW
GetSystemMetrics
PostMessageW
MessageBoxA
MessageBoxW
CharUpperBuffA
CharUpperBuffW
PostQuitMessage
MsgWaitForMultipleObjects
IsWindowUnicode
DispatchMessageW
DispatchMessageA
UnregisterClassW
IsWindow
GetClassInfoW
FindWindowExW
CharUpperW
DefWindowProcW
OemToCharBuffA
GetWindowLongPtrW
PostThreadMessageW
SetWindowLongPtrW
DestroyWindow
RegisterClassW
CharNextW
GetWindowThreadProcessId
LoadStringW
MsgWaitForMultipleObjectsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType
VariantCopyInd

normaliz

NormalizeString

advapi32

GetAce
CreateServiceW
DeleteAce
RegUnLoadKeyW
CryptReleaseContext
RegSaveKeyW
EqualSid
DeleteService
GetLengthSid
RegReplaceKeyW
LookupAccountSidW
RegCreateKeyExW
CryptAcquireContextW
SetSecurityDescriptorDacl
SetEntriesInAclW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenSCManagerW
RegOpenKeyExW
AllocateAndInitializeSid
RegDeleteValueW
RegFlushKey
RegEnumValueW
RegQueryValueExW
InitializeSecurityDescriptor
RegRestoreKeyW
CloseServiceHandle
RegSetValueExW
RegConnectRegistryW
StartServiceCtrlDispatcherW
GetUserNameW
DeregisterEventSource
RegQueryInfoKeyW
CryptGenRandom
SetServiceStatus
IsValidSid
RegisterEventSourceW
RegisterServiceCtrlHandlerW
OpenServiceW
RegLoadKeyW
GetSecurityDescriptorLength
GetSecurityDescriptorControl
RegDeleteKeyW
OpenProcessToken
GetAclInformation
FreeSid
ReportEventW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertSidToStringSidW
RegCloseKey

netapi32

NetApiBufferFree
NetShareEnum

msvcrt

memcpy
memset

kernel32

SetFileAttributesW
GetFileTime
GetFileType
SetFileTime
RtlUnwindEx
QueryDosDeviceW
GetACP
GetExitCodeProcess
GetStringTypeExW
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
CreateSemaphoreW
WritePrivateProfileStringA
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
FlushInstructionCache
GetFullPathNameW
VirtualFree
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
GetSystemTime
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
CreateWaitableTimerW
GetStdHandle
GetTimeZoneInformation
DisconnectNamedPipe
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
DosDateTimeToFileTime
GetUserDefaultLCID
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GetNativeSystemInfo
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
FreeResource
GetComputerNameExW
GetDriveTypeW
GetVersion
MoveFileW
RaiseException
GetSystemTimeAsFileTime
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
ReadDirectoryChangesW
GetCurrentThread
LocalFileTimeToFileTime
GetFileAttributesExW
IsBadReadPtr
ExpandEnvironmentStringsW
LockResource
LoadLibraryExW
CancelIo
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
PeekNamedPipe
VirtualQuery
GetPrivateProfileStringA
GlobalFree
VirtualQueryEx
Sleep
SetVolumeLabelW
EnterCriticalSection
GetDiskFreeSpaceExW
SetFilePointer
FlushFileBuffers
GetStringTypeExA
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
GetTempFileNameW
GetFileSize
GetStartupInfoW
GetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
GlobalLock
SetThreadPriority
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
SearchPathW
SetWaitableTimer
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
DeviceIoControl
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
GetModuleFileNameA
lstrlenW
CompareStringA
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
SetEvent
ReleaseSemaphore
GetLocaleInfoW
CreateFileW
DeleteFileW
SetThreadAffinityMask
IsDBCSLeadByteEx
FindCloseChangeNotification
ConnectNamedPipe
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
FindFirstFileExW
CreateFileMappingW
CreateNamedPipeW
ExitThread
OpenThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetOverlappedResult
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
GlobalMemoryStatus
SetConsoleCtrlHandler
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

CoInitializeEx
CreateBindCtx
MkParseDisplayName
CoInitialize
CoInitializeSecurity
CoUninitialize

secur32

GetUserNameExW

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 627KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 127B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53486c8c9fce6d19cf233ccec16891f9

Headers

DLL Characteristics

File Characteristics

Imports

mpr

shell32

user32

version

oleaut32

normaliz

advapi32

netapi32

msvcrt

kernel32

ole32

secur32

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.data Size: 468KB - Virtual size: 467KB

.bss Size: - Virtual size: 627KB

.idata Size: 11KB - Virtual size: 10KB

.didata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 127B

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 109B

.reloc Size: 132KB - Virtual size: 131KB

.pdata Size: 171KB - Virtual size: 170KB

.rsrc Size: 7.4MB - Virtual size: 7.4MB

.debug Size: 9.2MB - Virtual size: 9.2MB

.text
Size: 3.3MB - Virtual size: 3.3MB

.data
Size: 468KB - Virtual size: 467KB

.bss
Size: - Virtual size: 627KB

.idata
Size: 11KB - Virtual size: 10KB

.didata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 127B

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 109B

.reloc
Size: 132KB - Virtual size: 131KB

.pdata
Size: 171KB - Virtual size: 170KB

.rsrc
Size: 7.4MB - Virtual size: 7.4MB

.debug
Size: 9.2MB - Virtual size: 9.2MB