e556680bd04f5eaf54207d77d62011d248cc5f143ab5a9084968027a758a7613

Sharing

Copy URL Twitter E-mail

General

Target

e556680bd04f5eaf54207d77d62011d248cc5f143ab5a9084968027a758a7613
Size

1.6MB
MD5

a288b6b7a11cecbc311e84aeb8a31ce5
SHA1

22c9aa9ff855f935c11f48f6f162f8c8158790d3
SHA256

e556680bd04f5eaf54207d77d62011d248cc5f143ab5a9084968027a758a7613
SHA512

e67fa4b194085dbff921b169530aa7ffe7c3c218fc5a098d3463357dae5ecce073b0bf752a605a8dd6cc532a5fccb75d7555fcea833b8e1a103e4790b1b5cd51
SSDEEP

24576:9mJgTLdtbksqjnhMgeiCl7G0nehbGZpbD:9mJgTLdlADmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e556680bd04f5eaf54207d77d62011d248cc5f143ab5a9084968027a758a7613

Files

e556680bd04f5eaf54207d77d62011d248cc5f143ab5a9084968027a758a7613
.exe windows:6 windows x86 arch:x86

0b76bba21710497c72917d71f6ef3f4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
DeleteCriticalSection
FreeLibrary
QueryPerformanceCounter
ReadFile
CancelIo
WaitNamedPipeA
CreateNamedPipeA
WriteFile
WaitForMultipleObjects
WaitForSingleObject
DisconnectNamedPipe
CreateFileA
CloseHandle
GetOverlappedResult
LocalFree
CreateEventA
GetLastError
OpenEventA
GetCommandLineW
GetCurrentProcess
OutputDebugStringA
TerminateProcess
QueueUserWorkItem
SetEvent
TerminateThread
CreateThread
ExitProcess
GetCurrentProcessId
CreateProcessW
GetTickCount
GetExitCodeProcess
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleA
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
ConnectNamedPipe
EnterCriticalSection
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
UnhandledExceptionFilter

user32

GetMessageW
TranslateMessage
DispatchMessageW

shell32

CommandLineToArgvW

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

memcpy
_except_handler4_common
_CxxThrowException
__CxxFrameHandler3
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
__stdio_common_vswprintf_s
__p__commode
__stdio_common_vsprintf_s
_set_fmode

api-ms-win-crt-environment-l1-1-0

_putenv

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcmp
strlen

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_exit
exit
_wassert
_initialize_onexit_table
_initterm_e
_crt_atexit
_controlfp_s
terminate
_seh_filter_exe
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b76bba21710497c72917d71f6ef3f4a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 80B

.rsrc Size: 403KB - Virtual size: 402KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 80B

.rsrc
Size: 403KB - Virtual size: 402KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB