060516fef3dd62797521e7db55eb3cdc1455fc2a227b9fbd3b98b7aa9c0c81b2

Sharing

Copy URL

Twitter E-mail

General

Target

060516fef3dd62797521e7db55eb3cdc1455fc2a227b9fbd3b98b7aa9c0c81b2
Size

7.7MB
MD5

318b18d9f32496c6efd6c1467085cbd3
SHA1

88512d4f9f0047060e28f50cdf6774311cc3a5bb
SHA256

060516fef3dd62797521e7db55eb3cdc1455fc2a227b9fbd3b98b7aa9c0c81b2
SHA512

63bc0eaba35fa55726578f7e60b4987da6b685e9f432850ab68d6870fcf48b399c83e66dcc44141db97b3a94e72278e605589db79f4c3b47f12b460a7d05aab0
SSDEEP

98304:uxrtmdsGHFef3zFd67bcPOf1iJataAOAf/WpmqrrG2MCZgX+z8VGv8sPddrx3JOg:uUlOjb6v0IUAfe9rkX0M83P/rxHgW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
060516fef3dd62797521e7db55eb3cdc1455fc2a227b9fbd3b98b7aa9c0c81b2

Files

060516fef3dd62797521e7db55eb3cdc1455fc2a227b9fbd3b98b7aa9c0c81b2
.exe windows:5 windows x64 arch:x64

21451cb906ad161192908858030f73ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleInformation
GetMappedFileNameW
GetModuleFileNameExW

userenv

ExpandEnvironmentStringsForUserW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathRemoveFileSpecW
PathFindFileNameA
PathFileExistsW
StrStrIW
PathFindFileNameW
PathAppendW

wtsapi32

WTSQueryUserToken

ws2_32

WSAStartup
htonl
htons
freeaddrinfo
inet_addr
getaddrinfo
select
__WSAFDIsSet
WSACleanup
getsockname
getsockopt
WSAGetLastError
accept
bind
listen
setsockopt
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
ioctlsocket
sendto
recv
recvfrom
connect
socket
send
closesocket
gethostname
WSAEventSelect
getpeername
WSAIoctl
ntohs
WSASetLastError

wldap32

ord301
ord79
ord30
ord200
ord22
ord41
ord143
ord217
ord46
ord26
ord27
ord32
ord35
ord33
ord60
ord50
ord211

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
DuplicateHandle
EncodePointer
GetCPInfo
OutputDebugStringW
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
ExitThread
FreeLibraryAndExitThread
GetFileAttributesExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
WriteConsoleW
SetConsoleCtrlHandler
GetACP
GetConsoleCP
IsValidLocale
FlushFileBuffers
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
SetStdHandle
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
CreateFileW
GetFileAttributesW
AreFileApisANSI
CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexA
CreateMutexW
CreateEventW
Sleep
GetProcessTimes
TerminateProcess
GetThreadTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualProtect
VirtualFree
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
MapViewOfFileEx
UnmapViewOfFile
CreateTimerQueueTimer
DeleteTimerQueueTimer
InterlockedPopEntrySList
GetModuleFileNameW
GetProcAddress
LoadLibraryW
LocalAlloc
LocalFree
SetThreadAffinityMask
CreateFileMappingA
RegisterWaitForSingleObject
UnregisterWait
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLCID
EnumSystemLocalesW
GetEnvironmentVariableW
ResumeThread
OpenProcess
ExitProcess
GetCurrentProcess
GetCurrentThreadId
SuspendThread
GetCurrentThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
WriteFile
SetFilePointer
GetFileSize
GetModuleHandleW
HeapSize
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
SwitchToThread
GetCurrentProcessId
SizeofResource
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
LockResource
LoadResource
FindResourceW
GetWindowsDirectoryA
GetLogicalDriveStringsA
GetTempPathW
GetTempFileNameW
CreateThread
OpenEventW
SetCurrentDirectoryW
SystemTimeToFileTime
GetSystemTime
TryEnterCriticalSection
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetUserDefaultUILanguage
Thread32Next
InitializeCriticalSection
OpenThread
CreateDirectoryW
GetModuleHandleExW
ExpandEnvironmentStringsW
DeleteFileW
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
ReadFile
GetFileSizeEx
EnumResourceNamesW
SetFilePointerEx
GetFileTime
TerminateThread
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetProcessId
GlobalAlloc
GlobalFree
GetModuleFileNameA
Module32FirstW
Module32NextW
SetUnhandledExceptionFilter
GetCommandLineA
UnhandledExceptionFilter
OpenMutexW
GetModuleHandleA
LoadLibraryA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileType
GetStdHandle
OutputDebugStringA
DeleteFiber
FindFirstFileA
FindNextFileA
FormatMessageA
ConvertFiberToThread
QueryPerformanceCounter
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetExitCodeThread
SleepEx
FormatMessageW
MoveFileExA
PeekNamedPipe
WaitForMultipleObjects
QueryDepthSList
UnregisterWaitEx
HeapCreate
GetDiskFreeSpaceW
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
FreeLibrary
Thread32First

user32

GetClassNameW
EnumChildWindows
IsWindowEnabled
GetAncestor
GetWindowThreadProcessId
GetWindowInfo
SendMessageTimeoutW
GetWindow
GetWindowLongW
LookupIconIdFromDirectory
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
UpdateWindow
TranslateMessage
DispatchMessageW
GetMessageW
DefWindowProcW
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
GetDesktopWindow
GetLayeredWindowAttributes
IsWindow
IsWindowVisible
RegisterClassExW

advapi32

DeleteService
RegCloseKey
ImpersonateLoggedOnUser
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
FreeSid
CryptEncrypt
OpenProcessToken
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenServiceW
ChangeServiceConfigW
ControlService
OpenSCManagerW
CloseServiceHandle
OpenEventLogW
ReadEventLogW
CloseEventLog
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey

shell32

CommandLineToArgvW

pdh

PdhCloseQuery
PdhAddCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCollectQueryData
PdhOpenQueryW

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21451cb906ad161192908858030f73ef

Headers

DLL Characteristics

File Characteristics

Imports

psapi

userenv

version

shlwapi

wtsapi32

ws2_32

wldap32

kernel32

user32

advapi32

shell32

pdh

dbghelp

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 154KB - Virtual size: 181KB

.pdata Size: 165KB - Virtual size: 164KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 3KB - Virtual size: 2KB

.vmp0 Size: 3.2MB - Virtual size: 3.2MB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 154KB - Virtual size: 181KB

.pdata
Size: 165KB - Virtual size: 164KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 3KB - Virtual size: 2KB

.vmp0
Size: 3.2MB - Virtual size: 3.2MB

.rsrc
Size: 2KB - Virtual size: 2KB