537e3ca0ff8cc4994da64d21a98ca5b075666cb79f52e8cca6217323e03a757c

Sharing

Copy URL

Twitter E-mail

General

Target

537e3ca0ff8cc4994da64d21a98ca5b075666cb79f52e8cca6217323e03a757c
Size

489KB
MD5

d4e22edf2dc27c5c7f8ecb6e4445b025
SHA1

a0fddaef30fd3eb9e30aa7ba2bb47db57fc16461
SHA256

537e3ca0ff8cc4994da64d21a98ca5b075666cb79f52e8cca6217323e03a757c
SHA512

26989e3d82e50de3fb1d652d2154923ec18789cf3888f1e44c82aa820f1c35f455bbb720c09d59387d8b3a4e0bb9cc9adcdd4276b84d625bc31fa0474fad0f4d
SSDEEP

6144:+3abb3tek6y4bXKtVGg8GO/vfQAxGUmiL0gKm4d+UCfrAMFx1QohmsdN6Qnr:n3tes4bXSP8XA+KT+fQogw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
537e3ca0ff8cc4994da64d21a98ca5b075666cb79f52e8cca6217323e03a757c

Files

537e3ca0ff8cc4994da64d21a98ca5b075666cb79f52e8cca6217323e03a757c
.exe windows:6 windows x64 arch:x64

2d8237b696cb7193743330bd8b084238

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathCanonicalizeW

shell32

SHFileOperationW
SHGetFolderPathW

bcrypt

BCryptGenRandom

kernel32

FormatMessageW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
DuplicateHandle
VirtualProtect
GetVersionExW
GetModuleHandleA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapQueryInformation
HeapSize
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
GetFileType
FlsFree
FlsSetValue
WideCharToMultiByte
GetCurrentDirectoryW
SleepEx
WaitForSingleObjectEx
SetWaitableTimer
CreateWaitableTimerExW
GetCurrentThread
GetThreadTimes
RaiseException
GetLastError
CloseHandle
GetModuleHandleW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
SwitchToThread
CreateThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
OutputDebugStringW
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
TlsGetValue
TlsSetValue
GetModuleFileNameW
MultiByteToWideChar
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
GetTempFileNameW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
LocalFree
CopyFileW
MoveFileExW
ReplaceFileW
SystemTimeToFileTime
GetFileSizeEx
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
CreateSemaphoreExW
TlsAlloc
TlsFree
VirtualAlloc
VirtualFree
FreeLibrary
LoadLibraryW
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
Sleep
EncodePointer
DecodePointer
GetCPInfo
SetLastError
GetTickCount
CompareStringW
LCMapStringW
GetStringTypeW
FlsGetValue
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetCommandLineW
FreeLibraryAndExitThread
FlsAlloc

Sections

.text
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d8237b696cb7193743330bd8b084238

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

shell32

bcrypt

kernel32

Sections

.text Size: 333KB - Virtual size: 333KB

.rdata Size: 117KB - Virtual size: 116KB

.data Size: 11KB - Virtual size: 20KB

.pdata Size: 21KB - Virtual size: 20KB

_RDATA Size: 512B - Virtual size: 148B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 333KB - Virtual size: 333KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 11KB - Virtual size: 20KB

.pdata
Size: 21KB - Virtual size: 20KB

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 5KB - Virtual size: 4KB