9be115d2ed27ee5486ab31bc2e7c6e59edf7c51e2249f408b400314e6e16bfee

Sharing

Copy URL Twitter E-mail

General

Target

9be115d2ed27ee5486ab31bc2e7c6e59edf7c51e2249f408b400314e6e16bfee
Size

925KB
MD5

31d46a41483873adffc9e16f9429fce3
SHA1

9d01d85e302c2894d1bbb644a75be56d6997bc5a
SHA256

9be115d2ed27ee5486ab31bc2e7c6e59edf7c51e2249f408b400314e6e16bfee
SHA512

9b7292072730d0d570a7f87f3c9114fef57797121a8072cee68ac2b6a1076437f027d2050f62aa08a6265d834a07586522c46ef7a010f58347f3c956774bd52f
SSDEEP

12288:7FKehBtQtTdCJ2h4jRZeNaGEDA2ssoIA0FoTN7t/mddE06rQAqEyY76mV07Z3Y:7Zh+s2YGEDAjsfFmDeEVQidZy7Z3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9be115d2ed27ee5486ab31bc2e7c6e59edf7c51e2249f408b400314e6e16bfee

Files

9be115d2ed27ee5486ab31bc2e7c6e59edf7c51e2249f408b400314e6e16bfee
.exe windows:6 windows x64 arch:x64

c6e8614419f6f9f8348ca355ac09e74b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SizeofResource
GetModuleHandleExW
GetModuleFileNameW
OpenProcess
Sleep
K32GetModuleBaseNameW
LockResource
CloseHandle
CreateThread
LoadResource
FindResourceW
K32EnumProcesses
WinExec
K32EnumProcessModules
GetTickCount
GetSystemInfo
GlobalMemoryStatusEx
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
GetCurrentThreadId
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
GetCurrentProcessId
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
RtlUnwind

user32

GetCursorPos

winhttp

WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpReadData
WinHttpOpen
WinHttpSendRequest

Sections

.text
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6e8614419f6f9f8348ca355ac09e74b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winhttp

Sections

.text Size: 395KB - Virtual size: 395KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 8KB - Virtual size: 15KB

.pdata Size: 16KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 399KB - Virtual size: 398KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 395KB - Virtual size: 395KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 16KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 399KB - Virtual size: 398KB

.reloc
Size: 3KB - Virtual size: 3KB