f64d51037a8bba6f6cda14e6284b1263a0545840f5e7d43aa79a3a6ef5d673b3

Sharing

Copy URL Twitter E-mail

General

Target

f64d51037a8bba6f6cda14e6284b1263a0545840f5e7d43aa79a3a6ef5d673b3
Size

246KB
MD5

8c71d9305d4146c3756d588b6d862b01
SHA1

5ca11fb9f01b13a1e5a64ec52ce14753dae3bc3f
SHA256

f64d51037a8bba6f6cda14e6284b1263a0545840f5e7d43aa79a3a6ef5d673b3
SHA512

237069727b76048e08ff233ebff88a922f50f0b1077216c47d4080ac07e4fe88c573363622f878d3b1f20b351337734cae81eab5ca535082532244cbd1e24292
SSDEEP

3072:SfEoYmSs2Q64PYMFL91sc/1PifP+wG3m4cU0+ePGvLWtuZuoUzFhjfBFCBSLfg4O:hbsquPayePGjYzFxfBFCBSLI4f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f64d51037a8bba6f6cda14e6284b1263a0545840f5e7d43aa79a3a6ef5d673b3

Files

f64d51037a8bba6f6cda14e6284b1263a0545840f5e7d43aa79a3a6ef5d673b3
.exe windows:6 windows x64 arch:x64

c3a0f2c3cf8a270dfeccb5eb8ba2f50b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetLastError
K32GetModuleFileNameExW
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
GetExitCodeThread
Process32NextW
Process32FirstW
VirtualAllocEx
CreateRemoteThread
K32EnumProcessModules
VirtualFreeEx
CreateMutexW
ReleaseMutex
TerminateProcess
LoadLibraryW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
HeapAlloc
WriteProcessMemory
GetProcessHeap
FormatMessageW
LCIDToLocaleName
GetLocaleInfoEx
GetModuleHandleExW
FreeLibrary
ExitProcess
Sleep
RaiseException
EncodePointer
VirtualQuery
RtlUnwindEx
WideCharToMultiByte
MultiByteToWideChar
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentProcess
GetModuleFileNameW
GetLastError
GetModuleHandleW
CloseHandle
GetProcAddress
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind

user32

GetMessageW
DefWindowProcW
CreateWindowExW
FindWindowExW
RegisterWindowMessageW
UnregisterClassW
RegisterClassExW
DispatchMessageW
SetTimer
TranslateMessage
GetWindowThreadProcessId
PostMessageW

advapi32

GetTokenInformation
OpenProcessToken

uxtheme

GetCurrentThemeName

shlwapi

PathFileExistsW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TryEnterCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

msvcrt

_commode
___mb_cur_max_func
wcsnlen
strnlen
strtol
wctomb_s
___lc_codepage_func
realloc
ceil
log10
_clearfp
_wcmdln
__set_app_type
_XcptFilter
?terminate@@YAXXZ
_msize
__wgetmainargs
__pctype_func
_unlock
_lock
_wtoi64
strcpy_s
fread
frexp
strcspn
fseek
fclose
toupper
_wfsopen
_set_fmode
_initterm_e
_initterm
_callnewh
free
calloc
tolower
_wcsicmp
_wtoi
malloc
_errno
iswspace
abort
__CxxFrameHandler3
strchr
wcsrchr
memcpy
strrchr
__uncaught_exception
memchr
isupper
_wcsdup
islower
__strncnt
___lc_handle_func
memmove
_local_unwind
__DestructExceptionObject
_amsg_exit
memset
__C_specific_handler
_CxxThrowException
?_set_new_mode@@YAHH@Z
ceilf

api-ms-win-core-localization-l1-2-0

LCMapStringEx

api-ms-win-core-util-l1-1-0

DecodePointer

oleaut32

SysStringLen
SysAllocString
SysFreeString
GetErrorInfo
SetErrorInfo

Exports

Exports

GetMessageHandle

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.MHostSh
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3a0f2c3cf8a270dfeccb5eb8ba2f50b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

uxtheme

shlwapi

api-ms-win-core-path-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

msvcrt

api-ms-win-core-localization-l1-2-0

api-ms-win-core-util-l1-1-0

oleaut32

Exports

Exports

Sections

.text Size: 135KB - Virtual size: 134KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 8KB - Virtual size: 7KB

.MHostSh Size: 512B - Virtual size: 8B

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 1024B - Virtual size: 844B

.text
Size: 135KB - Virtual size: 134KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 8KB - Virtual size: 7KB

.MHostSh
Size: 512B - Virtual size: 8B

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 1024B - Virtual size: 844B