fa176174a7355f7fa2dfd24081747716dd75f26242ca18af1105c732f8cea365

Sharing

Copy URL Twitter E-mail

General

Target

fa176174a7355f7fa2dfd24081747716dd75f26242ca18af1105c732f8cea365
Size

470KB
MD5

28a0abaa0ea1a9702c9773707bc2a44d
SHA1

9b77e287ddcfe3ce9234d9e66848e4be9f375bd4
SHA256

fa176174a7355f7fa2dfd24081747716dd75f26242ca18af1105c732f8cea365
SHA512

8d3ec56c3df4786b1a6ea59d7c0b00a8424c22be90f64e414edec7ae867bfcbf6796fc50b751b3d1d0e0f44e3ca6304fa9f7cd2ec7d0a857976011c96a53a8f7
SSDEEP

12288:T3ommQNtKst0L977g6wTKHM3PtzlDciyoD6cIVWNOv3VeGFcbzFH:Llt/t0L9g6rHuhDeccWNgFfcPFH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa176174a7355f7fa2dfd24081747716dd75f26242ca18af1105c732f8cea365

Files

fa176174a7355f7fa2dfd24081747716dd75f26242ca18af1105c732f8cea365
.exe windows:6 windows x86 arch:x86

ccbf17b571f4980a75584e64c53ead0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

kernel32

SetFilePointerEx
GetFileSizeEx
GetConsoleMode
HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
Sleep
WideCharToMultiByte
GetTickCount
SetLastError
EnterCriticalSection
GetCommandLineW
LeaveCriticalSection
GetConsoleCP
FlushFileBuffers
SetStdHandle
CreateFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
WriteConsoleW
IsDebuggerPresent
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
LocalFree
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
GetStringTypeW
QueryPerformanceCounter
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
LCMapStringW
GetLocaleInfoW
GetCPInfo
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualProtect
DuplicateHandle
ReleaseSemaphore

user32

UnregisterClassW
UpdateWindow
GetWindowLongW
DefWindowProcW
CallWindowProcW
PostMessageW
PostQuitMessage
BeginPaint
EndPaint
GetMessageW
FindWindowExW
CreateWindowExW
SendMessageW
RegisterClassExW
ShowWindow
DispatchMessageW
TranslateMessage
LoadCursorW
SetWindowLongW
GetClassInfoExW

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
VariantInit

shlwapi

StrStrIW

iphlpapi

GetAdaptersAddresses
GetIfEntry

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ccbf17b571f4980a75584e64c53ead0d

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

kernel32

user32

shell32

ole32

oleaut32

shlwapi

iphlpapi

Sections

.text Size: 261KB - Virtual size: 260KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 17KB - Virtual size: 21KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 85KB - Virtual size: 88KB

.text
Size: 261KB - Virtual size: 260KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 17KB - Virtual size: 21KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 85KB - Virtual size: 88KB