d0d4d8fcb40c7dc3de5b5dcc829947b46be6c13850567a1ac187294a8463fc09

Sharing

Copy URL Twitter E-mail

General

Target

d0d4d8fcb40c7dc3de5b5dcc829947b46be6c13850567a1ac187294a8463fc09
Size

662KB
MD5

19d0b5acb5018754613478e54848d2cd
SHA1

a35ae0f999482aa7d9d93e37f0bd5615ba93bed0
SHA256

d0d4d8fcb40c7dc3de5b5dcc829947b46be6c13850567a1ac187294a8463fc09
SHA512

887618de73037bcef0fcd95d91a8bc921df94b274ae5d9228476d32b55845a80d42cebbcb75930536303ae7db58678a8ea2f87543a205a772d266c38e2fb4ce8
SSDEEP

12288:7r4CYJUTJJXKYWheR3elaOsye7tpfR3y70Zz8uK7dJwGvU:v41+JXkoR3IaOe7tLy7AswGs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0d4d8fcb40c7dc3de5b5dcc829947b46be6c13850567a1ac187294a8463fc09

Files

d0d4d8fcb40c7dc3de5b5dcc829947b46be6c13850567a1ac187294a8463fc09
.exe windows:5 windows x64 arch:x64

918029bd0affdd2f6feb954606440e85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentDirectoryA
SetFileTime
WriteFile
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
lstrcpyA
lstrlenA
lstrcatA
SystemTimeToFileTime
ReadFile
WideCharToMultiByte
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetProcAddress
FreeLibrary
SetLastError
GetLastError
GetTickCount
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
WaitForSingleObject
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
LCMapStringW
GetCPInfo
HeapReAlloc
CloseHandle
GetCurrentThreadId
CreateThread
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
FindClose
GetDriveTypeA
FindFirstFileExA
GetConsoleCP
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
InitializeCriticalSectionAndSpinCount
HeapSetInformation
GetVersion
HeapCreate
SetHandleCount
GetStartupInfoW
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
GetLocaleInfoW
GetModuleFileNameW
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryW
WriteConsoleW
CreateFileW
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
SetEndOfFile
GetProcessHeap
CreateFileA
SetFilePointer
FreeConsole
ExitThread
DeleteFileA

user32

wsprintfA

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA

advapi32

CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptImportKey
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt

wldap32

ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord46
ord41

ws2_32

WSASetLastError
__WSAFDIsSet
WSAStartup
select
recv
send
WSACleanup
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
WSAIoctl
WSAGetLastError

crypt32

CertFreeCertificateContext

Sections

.text
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

918029bd0affdd2f6feb954606440e85

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

wininet

advapi32

wldap32

ws2_32

crypt32

Sections

.text Size: 420KB - Virtual size: 420KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: 10KB - Virtual size: 20KB

.pdata Size: 22KB - Virtual size: 22KB

.rsrc Size: 98KB - Virtual size: 98KB

.text
Size: 420KB - Virtual size: 420KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: 10KB - Virtual size: 20KB

.pdata
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 98KB - Virtual size: 98KB