bc2031d4117825c99efb5fe7a73e63e50f57b16a8722271d6f4bdb6a6deaed9f

Sharing

Copy URL

Twitter E-mail

General

Target

bc2031d4117825c99efb5fe7a73e63e50f57b16a8722271d6f4bdb6a6deaed9f
Size

2.4MB
MD5

b634e3f613fd7dfcb6abbc26aabceee5
SHA1

516c83e376f3d1bbb38d07616b3232e807a1155f
SHA256

bc2031d4117825c99efb5fe7a73e63e50f57b16a8722271d6f4bdb6a6deaed9f
SHA512

f907b2c18facba3c25a91efd72df5a16918ebfe3df8f6a0fe7f992ba5b9db528e9c73d3f14fd8097ac2d21830ba5ebf5f912ebfce598776eff25d0ea897d6a7d
SSDEEP

49152:eBYfr0th1Sv2ybrDdx5++0EwJmxwPP8N1ga:EeLdiExaC1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
bc2031d4117825c99efb5fe7a73e63e50f57b16a8722271d6f4bdb6a6deaed9f

Files

bc2031d4117825c99efb5fe7a73e63e50f57b16a8722271d6f4bdb6a6deaed9f
.exe windows:6 windows x64 arch:x64

a99a81ce118a1c6ff194fd6d6df8759a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlLookupFunctionEntry
NtReadFile
RtlCaptureContext
NtWriteVirtualMemory
NtWriteFile
NtCreateFile
RtlVirtualUnwind
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWaitForSingleObject
NtCreateThreadEx
NtProtectVirtualMemory
NtAllocateVirtualMemory

bcrypt

BCryptGenRandom

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
SleepConditionVariableSRW
WakeConditionVariable
IsDebuggerPresent
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentDirectoryW
QueryPerformanceFrequency
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WakeAllConditionVariable
IsProcessorFeaturePresent
HeapFree
CloseHandle
HeapAlloc
GetProcessHeap
HeapReAlloc
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandle
GetFileInformationByHandleEx
DeleteFileW
SwitchToThread
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
TryAcquireSRWLockExclusive
SetLastError
GetFinalPathNameByHandleW
PostQueuedCompletionStatus
SetHandleInformation
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
CreateFileW
GetFullPathNameW
CreateThread

secur32

AcquireCredentialsHandleA
DecryptMessage
InitializeSecurityContextW
AcceptSecurityContext
QueryContextAttributesW
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
ApplyControlToken

ws2_32

WSASocketW
ioctlsocket
setsockopt
WSAIoctl
bind
closesocket
connect
getsockopt
WSASend
shutdown
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
send
getpeername
getsockname
WSAGetLastError

crypt32

CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateChain
CertCloseStore
CertFreeCertificateContext
CertGetCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateStore
CertVerifyCertificateChainPolicy

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memcmp
memset
memcpy
memmove
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_cexit
__p___argv
__p___argc
_crt_atexit
_exit
exit
_c_exit
terminate
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 711KB - Virtual size: 711KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a99a81ce118a1c6ff194fd6d6df8759a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

bcrypt

advapi32

kernel32

secur32

ws2_32

crypt32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 711KB - Virtual size: 711KB

.data Size: 512B - Virtual size: 872B

.pdata Size: 83KB - Virtual size: 83KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 711KB - Virtual size: 711KB

.data
Size: 512B - Virtual size: 872B

.pdata
Size: 83KB - Virtual size: 83KB

.reloc
Size: 7KB - Virtual size: 6KB