45f3c8e525231c7927e5d6b2a174b4ba7788f337fa17c162cf63a9febfba3596

Sharing

Copy URL Twitter E-mail

General

Target

45f3c8e525231c7927e5d6b2a174b4ba7788f337fa17c162cf63a9febfba3596
Size

1.6MB
MD5

69aaf81a7fb86527684c28dc31b74f18
SHA1

d8a8953fa97b1e81862e666e15f023b6a658424e
SHA256

45f3c8e525231c7927e5d6b2a174b4ba7788f337fa17c162cf63a9febfba3596
SHA512

0a1ce101c605622b7637268727ae8ad3d9a1f506e3ebc7822a00396931efc724d31fd9f28a2c9ae087648881a16d10c1454e57273f4f81bd1a054f3d12edb115
SSDEEP

49152:pXpMPcv2TxRe9hNtKGZTSkGmwbtrNZoUIWCSkgXe+OVVVVpVxep+g:thv2QLtKGZTS3OVVVVpVxe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45f3c8e525231c7927e5d6b2a174b4ba7788f337fa17c162cf63a9febfba3596

Files

45f3c8e525231c7927e5d6b2a174b4ba7788f337fa17c162cf63a9febfba3596
.exe windows:6 windows x86 arch:x86

862f396bd86bad6079e5e3a3ed8294c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
ReleaseSRWLockExclusive
InitializeSRWLock
LCMapStringEx
GetLocaleInfoEx
WriteConsoleW
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
SetEvent
Sleep
CreateEventA
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
CloseHandle
AcquireSRWLockExclusive
DecodePointer
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
CancelIo
SetThreadPriority
TerminateThread
GetSystemInfo
WritePrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetCurrentThreadId
TlsAlloc
TlsFree
GetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
GetWindowsDirectoryA
GetVersionExA
VirtualQuery
GetModuleFileNameA
IsBadCodePtr
GetCurrentThread
MultiByteToWideChar
WideCharToMultiByte
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerA
DuplicateHandle
GetCurrentProcess
CreateThread
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
TlsSetValue
OutputDebugStringA
TlsGetValue
GetLocalTime
GetStdHandle
TerminateProcess
GetExitCodeProcess
CreateProcessA
GetStartupInfoA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetTickCount
GetProcessAffinityMask
SetThreadAffinityMask
ResetEvent
QueueUserAPC
CreateIoCompletionPort
PostQueuedCompletionStatus
WaitForMultipleObjectsEx
SwitchToThread
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
WriteFile
GetConsoleMode
GetFileType
AllocConsole
GetCurrentProcessId
GetEnvironmentVariableW
CreateFileW
DeleteFileW
OpenProcess
FreeConsole
AttachConsole
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleTitleA
GetConsoleWindow
UnlockFile
LockFileEx
SetUnhandledExceptionFilter
OpenThread
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
CreateFileA
ReadFile
ReadFileEx
WriteFileEx
GetOverlappedResult
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFilePointer
GetVolumeInformationA
ReadDirectoryChangesW
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
RtlUnwind
SetLastError
EncodePointer
LoadLibraryExW
SetFilePointerEx
GetProcessHeap
GetConsoleOutputCP
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
ExitProcess
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
PeekConsoleInputA
ReadConsoleW
HeapSize
HeapReAlloc
GetTimeZoneInformation
GetFileSizeEx
GetCurrentDirectoryW
CreateDirectoryW
MoveFileExW
FindFirstFileExW
FindNextFileW
IsValidCodePage
CompareStringEx

user32

ShowWindow
GetWindowLongA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjectsEx
IsDialogMessageA
DispatchMessageA
GetActiveWindow

ws2_32

freeaddrinfo
htonl
WSASocketA
WSAStringToAddressA
recv
WSACleanup
setsockopt
WSAStartup
gethostname
send
getaddrinfo
listen
accept
gethostbyname
WSASend
WSARecvFrom
WSARecv
WSAGetOverlappedResult
shutdown
getsockopt
getsockname
connect
bind
WSAGetLastError
socket
select
ntohs
htons
ioctlsocket
closesocket
__WSAFDIsSet
WSACloseEvent
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAIoctl
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSASendTo

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetNetworkParams

winmm

timeSetEvent
timeKillEvent

psapi

GetProcessMemoryInfo
GetModuleFileNameExW
GetModuleInformation
EnumProcessModules
GetModuleBaseNameW

crypt32

CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertVerifyRevocation
CertVerifyTimeValidity
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
PFXImportCertStore

advapi32

GetLengthSid
LookupPrivilegeValueA
LookupPrivilegeValueW
AdjustTokenPrivileges
DeregisterEventSource
RegCloseKey
RegCreateKeyExA
CopySid
ReportEventA
RegSetValueExA
GetTokenInformation
RegisterEventSourceA
OpenProcessToken

shell32

SHGetSpecialFolderPathA

ole32

CoCreateGuid
StringFromIID
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree

shlwapi

PathIsRelativeA

Sections

.text
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

862f396bd86bad6079e5e3a3ed8294c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

iphlpapi

winmm

psapi

crypt32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 994KB - Virtual size: 994KB

.rdata Size: 194KB - Virtual size: 193KB

.data Size: 22KB - Virtual size: 28KB

.rsrc Size: 363KB - Virtual size: 363KB

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 994KB - Virtual size: 994KB

.rdata
Size: 194KB - Virtual size: 193KB

.data
Size: 22KB - Virtual size: 28KB

.rsrc
Size: 363KB - Virtual size: 363KB

.reloc
Size: 54KB - Virtual size: 54KB