eb87f4d5459b919cb2c7adeb33fdb32db29a2480e60c354c6d4b3b6434b8e736

Sharing

Copy URL Twitter E-mail

General

Target

eb87f4d5459b919cb2c7adeb33fdb32db29a2480e60c354c6d4b3b6434b8e736
Size

5.4MB
MD5

8ff1f1fd5449b4656fd2b13c2df8018f
SHA1

778e3dcacd43d4c7c85fe9ad8f3de4b1dac97c4f
SHA256

eb87f4d5459b919cb2c7adeb33fdb32db29a2480e60c354c6d4b3b6434b8e736
SHA512

b7d13dc8ec668f9644b8c29d7594d6a50b7a6d34f1dd5a0c9c5d5c554f9025adce9ea6302ada5f6a2bb785af3d7fbab81bc768fc52cc13653cdb509dbe257500
SSDEEP

49152:fJVwASOyGtlqdnIU6i0oT/zP7psqbPUf1VpWgyqxJQswCmxkNB7QyKl2uwntJ/dR:OI+rjOpWlqKxsQsK9S755X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb87f4d5459b919cb2c7adeb33fdb32db29a2480e60c354c6d4b3b6434b8e736

Files

eb87f4d5459b919cb2c7adeb33fdb32db29a2480e60c354c6d4b3b6434b8e736
.exe windows:6 windows x64 arch:x64

824ffd368b03c63ce66982b0ca7dcc6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualFree
GetACP
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetEnvironmentVariableW
GetSystemTimeAsFileTime
GetModuleHandleExW
FormatMessageA
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetModuleHandleW
GetFileType
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
SetLastError
Sleep
RtlVirtualUnwind
GetComputerNameA
SetThreadContext
K32EnumProcessModules
CreateProcessA
WideCharToMultiByte
GetCurrentProcessId
VirtualAllocEx
GetProcAddress
GetThreadContext
VirtualProtectEx
HeapSize
DeleteFileW
GetProcessHeap
FreeEnvironmentStringsW
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetFileSizeEx
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetEndOfFile
SetEnvironmentVariableW
FlushFileBuffers
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetConsoleOutputCP
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetConsoleCtrlHandler
ExitProcess
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
RtlPcToFileHeader
RtlUnwindEx
VerifyVersionInfoW
K32GetModuleBaseNameA
CloseHandle
Process32Next
GetLastError
GetConsoleMode
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
ResumeThread
GetCurrentThreadId
GetDynamicTimeZoneInformation
VirtualAlloc
WriteFile
WriteConsoleA
GetStdHandle
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteProcessMemory
Process32First
GetModuleFileNameA
InitializeSListHead
GetStartupInfoW
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
LocalFree
GetLocaleInfoEx
GetCurrentDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
MoveFileExW
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
GetTickCount
GetSystemDirectoryW
GetEnvironmentVariableA
FormatMessageW
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
IsDebuggerPresent

user32

GetProcessWindowStation
GetDC
ReleaseDC
MessageBoxW
GetUserObjectInformationW

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDIBits
GetDeviceCaps
DeleteDC
DeleteObject

advapi32

RegisterEventSourceW
CryptImportKey
CryptHashData
GetTokenInformation
OpenProcessToken
LookupAccountSidA
GetUserNameA
DeregisterEventSource
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGetHashParam
CryptEncrypt

ole32

CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

ws2_32

getaddrinfo
sendto
recvfrom
inet_ntop
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
inet_pton
shutdown
socket
setsockopt
listen
connect
closesocket
freeaddrinfo
accept
send
recv
WSASetLastError
WSAIoctl
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
htons
htonl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
select
ntohs
getsockopt
getsockname
ioctlsocket
__WSAFDIsSet
getpeername
gethostname
bind
getservbyname

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CertFreeCertificateChain
CryptQueryObject
CertOpenStore
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine

iphlpapi

GetAdaptersInfo

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

824ffd368b03c63ce66982b0ca7dcc6c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

crypt32

iphlpapi

bcrypt

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 35KB - Virtual size: 52KB

.pdata Size: 167KB - Virtual size: 166KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 35KB - Virtual size: 52KB

.pdata
Size: 167KB - Virtual size: 166KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 41KB - Virtual size: 40KB