b0763cbcacbb3a5a0a571241156cad2714a4373ac7ae9338b06bd7386e1d3107

Sharing

Copy URL Twitter E-mail

General

Target

b0763cbcacbb3a5a0a571241156cad2714a4373ac7ae9338b06bd7386e1d3107
Size

2.1MB
MD5

6939db3b605f3ea9b3b2b211019c1fe6
SHA1

26dc80c5ac75a99d155ad8a9324fac6cd425c2b5
SHA256

b0763cbcacbb3a5a0a571241156cad2714a4373ac7ae9338b06bd7386e1d3107
SHA512

79d5a55e3935ac0137fa91c107befb257bae994ad440a2b71cf6fa914a57e44222e6a55acde1eca5c3c69bb4a7258492445f6fab18fb302209216b5467237e7a
SSDEEP

49152:LtTFCl/AG2eRSsKlO+V3MaDyG2d11n3sN/j2U4FH:pV1gUO4cahMJgj2jF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0763cbcacbb3a5a0a571241156cad2714a4373ac7ae9338b06bd7386e1d3107

Files

b0763cbcacbb3a5a0a571241156cad2714a4373ac7ae9338b06bd7386e1d3107
.exe windows:6 windows x64 arch:x64

013bed5cf7097533c5ac189b874ecf5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
SizeofResource
LockResource
LoadResource
GetProcAddress
FreeResource
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSemaphore
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent
LeaveCriticalSection
OpenMutexW
WaitForSingleObject
CreateMutexW
CreateEventW
InitializeCriticalSectionEx
OpenEventW
ReleaseMutex
SetEvent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetExitCodeThread
OpenProcessToken
ProcessIdToSessionId
CreateProcessAsUserW
TerminateThread
GetCurrentProcess
GetCurrentProcessId
CreateThread
TerminateProcess
ExitProcess
TlsFree
GetProcessId
TlsSetValue
CreateProcessW
TlsGetValue
ResumeThread
SetThreadPriority
GetExitCodeProcess
TlsAlloc
ExitThread

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError

api-ms-win-mm-mme-l1-1-0

waveOutWrite
waveOutClose
waveOutReset
waveOutUnprepareHeader
waveOutOpen
waveOutPrepareHeader

api-ms-win-core-file-l1-1-0

WriteFile
GetFileSizeEx
FlushFileBuffers
DeleteFileW
FindClose
CreateFileW
SetFilePointer
GetFileAttributesW
CompareFileTime
FindNextFileW
FindFirstFileExW
CreateDirectoryW
GetFileType
SetFilePointerEx
ReadFile

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize

ws2_32

WSACleanup
htons
getpeername
ntohs
ntohl
socket
WSAGetLastError
connect
closesocket
inet_addr
send
inet_ntoa
recv
GetHostNameW
bind
getsockname
WSASetServiceW
accept
listen
WSAStartup

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount64
GetWindowsDirectoryW
GetTickCount
GetSystemDirectoryW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetTimeZoneInformation

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
GetComputerNameW
GetNamedPipeClientProcessId

bcrypt

BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptEncrypt
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptGenerateKeyPair
BCryptFinalizeKeyPair

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
HeapSize

crypt32

CryptBinaryToStringA
CryptStringToBinaryA
CryptEncodeObjectEx
CryptDecodeObjectEx
CryptImportPublicKeyInfoEx2
CryptExportPublicKeyInfoFromBCryptKeyHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

SetTokenInformation
DuplicateTokenEx
FreeSid
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegQueryValueExW
RegNotifyChangeKeyValue
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

iphlpapi

NotifyAddrChange
NotifyIpInterfaceChange
CancelMibChangeNotify2
GetAdaptersAddresses

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SetEnvironmentVariableW
GetCommandLineW
GetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetCommandLineA

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

ext-ms-win-networking-wlanapi-l1-1-0

WlanQueryInterface
WlanEnumInterfaces
WlanOpenHandle
WlanCloseHandle
WlanFreeMemory

wlanapi

WlanRegisterNotification

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW

api-ms-win-service-management-l1-1-0

OpenServiceW
DeleteService
StartServiceW
CreateServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
LCMapStringW
FormatMessageW
IsValidLocale
EnumSystemLocalesW
GetOEMCP
GetUserDefaultLCID
GetACP
IsValidCodePage

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegCreateKeyW

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
GetConsoleOutputCP

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountNameW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_DevNode_Status
CM_Get_Device_Interface_List_SizeW

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeEndPeriod

oleaut32

VariantInit
SysFreeString
SysAllocString

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

dnsapi

DnsServiceDeRegister
DnsServiceBrowseCancel
DnsFree
DnsServiceRegister
DnsServiceBrowse
DnsServiceFreeInstance

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW

rpcrt4

NdrServerCallAll
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcServerInqBindings
RpcEpUnregister
RpcBindingVectorFree
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerListen
RpcMgmtWaitServerListen
NdrServerCall2
RpcMgmtStopServerListening
RpcServerRegisterIf3

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-oobe-notification-l1-1-0

UnregisterWaitUntilOOBECompleted
RegisterWaitUntilOOBECompleted

mfplat

MFStartup
MFShutdown

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW

api-ms-win-security-lsalookup-ansi-l2-1-0

LookupAccountNameA

user32

RegisterClassExW
CreateWindowExW
wsprintfW
PostMessageW
wsprintfA
PostQuitMessage
GetMessageW
SendMessageTimeoutW
FindWindowW
DefWindowProcW
LoadIconW
DispatchMessageW
TranslateMessage
LoadCursorW

shell32

ShellExecuteW
ShellExecuteExW

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

ole32

CoInitialize

msdmo

MoInitMediaType
MoFreeMediaType

kernel32

SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
LCMapStringEx
GetLocaleInfoEx
TryEnterCriticalSection
GetStringTypeW
CompareStringEx
GetCPInfo
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
EncodePointer
__C_specific_handler
RtlCaptureContext
WaitForSingleObjectEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimePreciseAsFileTime
InitializeSListHead
QueryPerformanceFrequency
GetCurrentThreadId
GetStartupInfoW
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlUnwindEx

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsFree
FlsAlloc
FlsGetValue

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

Sections

.text
Size: 992KB - Virtual size: 992KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

013bed5cf7097533c5ac189b874ecf5d

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-mm-mme-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-com-l1-1-0

ws2_32

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

bcrypt

api-ms-win-core-heap-l1-1-0

crypt32

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

iphlpapi

api-ms-win-core-file-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

ext-ms-win-networking-wlanapi-l1-1-0

wlanapi

api-ms-win-service-core-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-mm-time-l1-1-0

oleaut32

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-processthreads-l1-1-1

dnsapi

api-ms-win-core-namedpipe-l1-1-0

rpcrt4

api-ms-win-security-base-l1-2-2

api-ms-win-security-provider-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-oobe-notification-l1-1-0

mfplat

api-ms-win-power-setting-l1-1-0

api-ms-win-power-base-l1-1-0

userenv

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-security-lsalookup-ansi-l2-1-0

user32

shell32

advapi32

wtsapi32

ole32

msdmo

kernel32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-datetime-l1-1-0

.text
Size: 992KB - Virtual size: 992KB

.rdata
Size: 421KB - Virtual size: 420KB

.data
Size: 14KB - Virtual size: 22KB

.pdata
Size: 34KB - Virtual size: 34KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 105KB - Virtual size: 105KB

.reloc
Size: 572KB - Virtual size: 576KB