756a56dc3762c058518d7f4b31eaf79720ed4f921402b4c269da799f8442fda4

Sharing

Copy URL Twitter E-mail

General

Target

756a56dc3762c058518d7f4b31eaf79720ed4f921402b4c269da799f8442fda4
Size

2.3MB
MD5

b5b591670d95c93e1efc65e8bbf3094c
SHA1

55da6b843caddf0a558992233ffc2cafb6653952
SHA256

756a56dc3762c058518d7f4b31eaf79720ed4f921402b4c269da799f8442fda4
SHA512

235fd98a592faae7f130d2a229275e18406e257cef84947edc5867e4f84da8c8a599df24ca9203ff3a60bf4cd7ce2dca1f9b67e3712b1439d834ad9425406881
SSDEEP

49152:3ptNU3AYn2IDLD6LlfK6IhoBPsbR8ca4B4+8j:mRnphJmca4B4+8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
756a56dc3762c058518d7f4b31eaf79720ed4f921402b4c269da799f8442fda4

Files

756a56dc3762c058518d7f4b31eaf79720ed4f921402b4c269da799f8442fda4
.exe windows:6 windows x64 arch:x64

a104215cebc4923f5450d12a1f55d092

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcrypt

BCryptGenRandom

advapi32

SystemFunction036
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

IsProcessorFeaturePresent
HeapFree
CloseHandle
HeapAlloc
GetProcessHeap
HeapReAlloc
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
HeapCreate
GetFileInformationByHandle
GetFileInformationByHandleEx
DeleteFileW
SwitchToThread
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
TryAcquireSRWLockExclusive
SetLastError
GetFinalPathNameByHandleW
PostQueuedCompletionStatus
SetHandleInformation
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
CreateFileW
GetFullPathNameW
CreateThread
QueryPerformanceCounter
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetSystemTimeAsFileTime

ntdll

NtCancelIoFileEx
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtReadFile
RtlNtStatusToDosError

ws2_32

getsockopt
shutdown
getaddrinfo
bind
WSAStartup
WSACleanup
recv
send
connect
WSAIoctl
ioctlsocket
WSASocketW
WSASend
setsockopt
getsockname
WSAGetLastError
getpeername
closesocket
freeaddrinfo

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CertDuplicateStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateChain

secur32

ApplyControlToken
FreeContextBuffer
DeleteSecurityContext
QueryContextAttributesW
DecryptMessage
FreeCredentialsHandle
AcceptSecurityContext
EncryptMessage
AcquireCredentialsHandleA
InitializeSecurityContextW

vcruntime140

memcpy
memmove
memset
memcmp
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_initterm
_get_initial_narrow_environment
terminate
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_exe
_set_app_type
exit
_configure_narrow_argv
_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 704KB - Virtual size: 703KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a104215cebc4923f5450d12a1f55d092

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

advapi32

kernel32

ntdll

ws2_32

crypt32

secur32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 704KB - Virtual size: 703KB

.data Size: 512B - Virtual size: 936B

.pdata Size: 81KB - Virtual size: 81KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 704KB - Virtual size: 703KB

.data
Size: 512B - Virtual size: 936B

.pdata
Size: 81KB - Virtual size: 81KB

.reloc
Size: 6KB - Virtual size: 6KB