b5207cbd7eeac4b9410534be3f522846e1aaf9a2448f44aadc5c694083cff4f9

Sharing

Copy URL Twitter E-mail

General

Target

b5207cbd7eeac4b9410534be3f522846e1aaf9a2448f44aadc5c694083cff4f9
Size

8.5MB
MD5

24ca48da6cd09fb0b7e7ed560bbfdfa3
SHA1

0e3838f5e20d3f2c2023d5936c70e7a314b90752
SHA256

b5207cbd7eeac4b9410534be3f522846e1aaf9a2448f44aadc5c694083cff4f9
SHA512

ddbdc08c107d330f7fea89aa89c65c7b560611d7dde1715ee19e1662a1ae48204e33768f7f414300ae706a5eb7a3517e6c3bb4c3eca0f5245ba747f8ce84a777
SSDEEP

98304:M4mc3gvpzdh2cizMTSXSB+TflzkWgy55LP6lPnappcQZZpaoyYcp65h1Sdv9G01V:M4zLPGPaEUZ0WcpMhAvYoUK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5207cbd7eeac4b9410534be3f522846e1aaf9a2448f44aadc5c694083cff4f9

Files

b5207cbd7eeac4b9410534be3f522846e1aaf9a2448f44aadc5c694083cff4f9
.exe windows:6 windows x64 arch:x64

7468f3a2e6770f34f8a0cf9c8ecd653f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentThread
MultiByteToWideChar
SetLastError
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
FormatMessageW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
CreateDirectoryW
GetProcAddress
GetModuleHandleA
WakeConditionVariable
SleepConditionVariableSRW
CreatePipe
SetHandleInformation
SetFileCompletionNotificationModes
SetConsoleTextAttribute
lstrlenW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
RtlCaptureContext
DeleteFileW
MoveFileExW
OpenProcess
GetProcessTimes
GetCurrentProcess
ReadProcessMemory
VirtualQueryEx
GetSystemTimes
GetProcessIoCounters
WakeAllConditionVariable
LocalFree
CreateNamedPipeW
GlobalMemoryStatusEx
GetCurrentProcessId
TerminateProcess
GetDiskFreeSpaceExW
GetExitCodeProcess
WaitForSingleObject
CreateFileW
WriteConsoleW
ReadFile
Sleep
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
PostQueuedCompletionStatus
ReleaseSRWLockShared
AcquireSRWLockShared
LoadLibraryW
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
TlsFree
CreateIoCompletionPort
HeapReAlloc
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetConsoleScreenBufferInfo
GetStdHandle
CopyFileExW
GetSystemInfo
FindNextFileW
FindFirstFileW
SetEnvironmentVariableW
FindClose
CloseHandle
GetTickCount64
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwindEx
GetLastError
GetModuleHandleW
RtlPcToFileHeader
GetConsoleMode
GetProcessId
RaiseException
EncodePointer
DeleteCriticalSection
RtlVirtualUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
TlsAlloc
GetCurrentThreadId
TlsGetValue
TlsSetValue
OutputDebugStringW
OutputDebugStringA
GetSystemTime
LCIDToLocaleName
GetUserDefaultUILanguage
AcquireSRWLockExclusive
FreeLibrary
ReleaseSRWLockExclusive
SwitchToThread
HeapFree

user32

ToUnicodeEx
SetWindowTextW
GetKeyboardState
GetKeyboardLayout
TranslateMessage
GetMessageW
DispatchMessageW
PeekMessageW
MapVirtualKeyExW
GetWindowTextLengthW
GetWindowTextW
PostThreadMessageW
GetWindowLongPtrW
ReleaseCapture
SetWindowLongW
SendMessageW
EnableMenuItem
GetSystemMenu
GetMonitorInfoW
SetWindowPlacement
ChangeDisplaySettingsExW
MonitorFromRect
MonitorFromWindow
GetDC
MsgWaitForMultipleObjectsEx
SystemParametersInfoA
GetWindowPlacement
TrackPopupMenu
SetForegroundWindow
GetCursorPos
GetWindowRect
ClientToScreen
ShowWindow
PostQuitMessage
SendInput
SetMenuItemInfoW
AppendMenuW
CreateIcon
UnregisterHotKey
VkKeyScanW
DefWindowProcW
RegisterClassExW
GetActiveWindow
DestroyAcceleratorTable
DestroyIcon
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
SetWindowPos
RegisterWindowMessageA
PostMessageW
GetClipCursor
GetSystemMetrics
ClipCursor
ShowCursor
GetKeyState
LoadCursorW
GetAsyncKeyState
EnumChildWindows
TrackMouseEvent
DispatchMessageA
GetMessageA
GetClientRect
RedrawWindow
CreateMenu
CreatePopupMenu
SetCursorPos
GetForegroundWindow
GetAncestor
TranslateAcceleratorW
CreateWindowExW
SetWindowLongPtrW
RegisterRawInputDevices
GetRawInputData
ValidateRect
GetUpdateRect
MapVirtualKeyW
OpenClipboard
FlashWindowEx
CreateAcceleratorTableW
ScreenToClient
EmptyClipboard
SetClipboardData
CloseClipboard
SetCapture
GetTouchInputInfo
DestroyWindow
RegisterTouchWindow
SetWindowDisplayAffinity
SetMenu
EnumDisplayMonitors
MonitorFromPoint
IsWindowVisible
IsIconic
CheckMenuItem
RegisterHotKey
IsWindow
RegisterClassW
SetCursor
IsProcessDPIAware
CloseTouchInputHandle

comctl32

TaskDialogIndirect
SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

secur32

AcquireCredentialsHandleA
InitializeSecurityContextW
ApplyControlToken
FreeCredentialsHandle
DeleteSecurityContext
DecryptMessage
EncryptMessage
AcceptSecurityContext
FreeContextBuffer
QueryContextAttributesW

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateStore
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertDuplicateCertificateChain

ws2_32

WSASocketW
connect
getsockopt
bind
getaddrinfo
accept
WSAIoctl
WSACleanup
select
getsockname
send
recv
listen
getpeername
closesocket
WSAStartup
ioctlsocket
WSAGetLastError
WSASend
freeaddrinfo
shutdown
setsockopt

shell32

Shell_NotifyIconGetRect
DragQueryFileW
ShellExecuteW
Shell_NotifyIconW
DragFinish
ShellExecuteExW
SHAppBarMessage
SHGetKnownFolderPath
CommandLineToArgvW

advapi32

RegCloseKey
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegQueryValueExW
IsValidSid
CopySid
RegOpenKeyExW
RegGetValueW
GetLengthSid
RegSetValueExW
CheckTokenMembership
IsWellKnownSid
CreateWellKnownSid
DuplicateTokenEx
OpenProcessToken
SystemFunction036
RegDeleteValueW
GetTokenInformation

dwmapi

DwmEnableBlurBehindWindow
DwmExtendFrameIntoClientArea

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitializeSecurity
CoTaskMemAlloc
CoInitializeEx
RegisterDragDrop
CoTaskMemFree
OleInitialize
RevokeDragDrop
CoUninitialize
CoSetProxyBlanket

bcrypt

BCryptGenRandom

ntdll

NtCreateFile
NtDeviceIoControlFile
NtCancelIoFileEx
NtWriteFile
NtReadFile
NtQuerySystemInformation
RtlNtStatusToDosError
RtlGetVersion
NtQueryInformationProcess

pdh

PdhRemoveCounter
PdhCollectQueryData
PdhAddEnglishCounterW
PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryA

iphlpapi

GetIfEntry2

powrprof

CallNtPowerInformation

oleaut32

VariantClear
SysAllocString
SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString

wininet

InternetSetOptionA

uxtheme

SetWindowTheme

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

psapi

GetModuleFileNameExW
GetPerformanceInfo

api-ms-win-crt-math-l1-1-0

_dsign
_fdclass
sinh
log10
sqrt
tan
acos
hypot
cbrt
log
atan2
log1p
expm1
atanh
log2
tanh
fabs
pow
asin
sin
lrint
_dclass
exp
trunc
__setusermatherr
floor
round
fmax
ceil
fmin
atan
cosh
cos
acosh
fmod
asinh

api-ms-win-crt-string-l1-1-0

strlen
strcat
strcpy_s
strcmp
strcpy
wcslen
wcsncmp
_wcsicmp

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
malloc
free
_msize
calloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
terminate
_initialize_onexit_table
_wassert
fesetround
_register_thread_local_exe_atexit_callback
_c_exit
_register_onexit_function
abort
_cexit
__p___argv
_seh_filter_exe
_set_app_type
_configure_narrow_argv
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_crt_atexit

api-ms-win-crt-convert-l1-1-0

_ultow_s
atoi
wcstol
strtod

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf
__stdio_common_vfprintf
__acrt_iob_func
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7468f3a2e6770f34f8a0cf9c8ecd653f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

secur32

crypt32

ws2_32

shell32

advapi32

dwmapi

ole32

bcrypt

ntdll

pdh

iphlpapi

powrprof

oleaut32

wininet

uxtheme

gdi32

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 12KB - Virtual size: 17KB

.pdata Size: 100KB - Virtual size: 100KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 12KB - Virtual size: 17KB

.pdata
Size: 100KB - Virtual size: 100KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 42KB - Virtual size: 41KB