480c15c291252e023a91a25d18dc455af3e16d9c4b0f47ee5c5f81f3bac7f710

Sharing

Copy URL Twitter E-mail

General

Target

480c15c291252e023a91a25d18dc455af3e16d9c4b0f47ee5c5f81f3bac7f710
Size

155KB
MD5

0692de119e14da551b0a4f2370d64df9
SHA1

8f3a1845000c182605718d351e65fcc686351ced
SHA256

480c15c291252e023a91a25d18dc455af3e16d9c4b0f47ee5c5f81f3bac7f710
SHA512

cc33aef5f861bc3d8984024f92c5adf5241332cfbec9692fc8878101ed95ac5a202d8d8aa35afc7cb326634954157a491dc427f52f4ef44bf35cee2c2d6eb74f
SSDEEP

768:iWeQxhVCEjLs0uR2h5UdZhSXmV9dl2brl49lPQKk3N/Nzjv/UCN6OK8lsJ:iwVtsWvUdz/9dlYrlZcCN6OK8ls

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
480c15c291252e023a91a25d18dc455af3e16d9c4b0f47ee5c5f81f3bac7f710

Files

480c15c291252e023a91a25d18dc455af3e16d9c4b0f47ee5c5f81f3bac7f710
.exe windows:6 windows x64 arch:x64

9c2220487c952781bb2429e43d2f6363

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

RpcRaiseException
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcBindingFree
NdrAsyncClientCall
NdrClientCall2
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
UuidCreateNil
RpcStringFreeW
UuidCompare

ntdll

NtDeleteValueKey
RtlPrefixUnicodeString
NtAllocateVirtualMemory
NtReadFile
LdrFindResource_U
NtQueryInformationProcess
RtlImageNtHeader
NtEnumerateValueKey
NtQuerySystemInformation
RtlEqualUnicodeString
RtlAllocateHeap
RtlDestroyHeap
NtFsControlFile
RtlGetCurrentPeb
LdrGetDllHandle
RtlGetVersion
RtlUnwindEx
LdrAccessResource
NtQueryValueKey
RtlExpandEnvironmentStrings_U
NtFreeVirtualMemory
RtlNtStatusToDosErrorNoTeb
NtDeleteKey
NtNotifyChangeDirectoryFile
NtWaitForSingleObject
NtQueryInformationFile
RtlFreeHeap
RtlRaiseStatus
RtlSetHeapInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
NtCreateFile
NtSetEvent
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtTerminateProcess
DbgUiSetThreadDebugObject
RtlFreeSid
NtDuplicateObject
RtlLengthSid
RtlAllocateAndInitializeSid
NtSetInformationToken
NtRemoveProcessDebug
NtDuplicateToken
NtOpenProcessToken
NtSetValueKey
NtCreateKey
RtlFormatCurrentUserKeyPath
NtOpenKey
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtDeleteFile
NtMapViewOfSection
NtUnmapViewOfSection
NtCreateEvent
NtClose
RtlInitUnicodeString
RtlRandomEx
NtCreateSection
RtlComputeCrc32
RtlNtdllName
LdrGetDllHandleEx
NtCompressKey
RtlExitUserProcess
RtlImageDirectoryEntryToData
RtlCreateHeap
LdrFindEntryForAddress

msdelta

ApplyDeltaB
DeltaFree

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptGetProperty
BCryptDestroyKey
BCryptGenerateSymmetricKey

kernel32

LCMapStringW
FlsSetValue
FlsGetValue
DeleteCriticalSection
EnterCriticalSection
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
MultiByteToWideChar
EncodePointer
RaiseException
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
LeaveCriticalSection
GetFileAttributesW
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetModuleHandleW
LocalFree
GetProcAddress
SetEvent
OpenProcess
LocalAlloc
FindClose
GetCurrentProcess
FindNextFileW
VirtualFree
FindFirstFileW
CreateThread
TerminateThread
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
ContinueDebugEvent
InitializeProcThreadAttributeList
WaitForDebugEvent
GetStartupInfoW
FreeLibrary
VirtualAlloc
GetModuleFileNameW
SetLastError
WaitForSingleObject
CreateEventW
GetLastError
CloseHandle
HeapCreate
HeapAlloc
HeapDestroy
GetCommandLineW
ReadFile
WriteFile
SetFilePointer
GetFileInformationByHandle
GetTempPathA
CreateFileA
DeleteFileA
FileTimeToLocalFileTime
WideCharToMultiByte
GetTempFileNameA
FileTimeToDosDateTime
CreateDirectoryW
CompareFileTime
TerminateProcess
RemoveDirectoryW
SetEndOfFile
CreateFileW
ResumeThread
Sleep
DeleteFileW
CreateProcessW
GetTickCount
GetFileTime
GetExitCodeProcess
CopyFileW
WriteConsoleW
LoadLibraryW
GetCurrentDirectoryW
SetCurrentDirectoryW

user32

GetShellWindow
SendMessageTimeoutW
GetWindowThreadProcessId

advapi32

RegEnumValueW
OpenServiceW
RegDeleteValueW
RegOpenKeyExW
StartServiceW
RegSetValueExW
RegCreateKeyExW
OpenSCManagerW
CloseServiceHandle
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegRenameKey
CreateProcessAsUserW
RegQueryValueExW
RegOpenKeyW
RegEnumKeyExW
RegFlushKey
CreateWellKnownSid
QueryServiceStatusEx

shell32

ShellExecuteExW
SHCreateItemFromParsingName

ole32

CoGetObject
CoCreateInstance
CoInitializeSecurity
CoCreateGuid
CoTaskMemFree
StringFromCLSID
CoInitializeEx
CoUninitialize

cabinet

ord10
ord14
ord11
ord13

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantInit

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c2220487c952781bb2429e43d2f6363

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

ntdll

msdelta

bcrypt

kernel32

user32

advapi32

shell32

ole32

cabinet

oleaut32

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 6KB - Virtual size: 10KB

.pdata Size: 4KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 6KB - Virtual size: 10KB

.pdata
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB