574ad21f2ca060855190bb2ff71932e06febffe4ce4cf32c93b74e8f527f3fd5

Sharing

Copy URL Twitter E-mail

General

Target

574ad21f2ca060855190bb2ff71932e06febffe4ce4cf32c93b74e8f527f3fd5
Size

57KB
MD5

de6b132a311325efe44d4d08cf02c931
SHA1

55bd1795c7f21b163421d66379830596fabce4fc
SHA256

574ad21f2ca060855190bb2ff71932e06febffe4ce4cf32c93b74e8f527f3fd5
SHA512

9e5de287b5a1b3d5604e3804bebfa3a19b53b7e6a13a54cd14309cd737a0666b2474c3d44e3a0c6229c0fe370a834faece862b4f4a169299c52b6170d23d45f8
SSDEEP

768:GR46iMxUWfc4DHB2fQORqJxqb7DH9CEEhIMaXMVFN8Xte3a+7VWqohW:F6iMxUWrBQQcXDHnEhIMaIFNmeDD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
574ad21f2ca060855190bb2ff71932e06febffe4ce4cf32c93b74e8f527f3fd5

Files

574ad21f2ca060855190bb2ff71932e06febffe4ce4cf32c93b74e8f527f3fd5
.exe windows:6 windows x86 arch:x86

4de3ebeba884b3a311787783e1741dcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

friday

?PostEvent@FridayReport@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@3@@Z
?PostDataForce@FridayReport@@QAE_NXZ
??0FridayReport@@QAE@XZ
??1FridayReport@@QAE@XZ
?Init@FridayReport@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V23@@Z
?SetTid@FridayReport@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetCacheReportLimit@FridayReport@@QAEXI@Z

kernel32

GetSystemInfo
QueryFullProcessImageNameW
WTSGetActiveConsoleSessionId
GlobalFree
Process32FirstW
GlobalAlloc
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcess
GetLastError
GetTickCount64
GetProcAddress
ResetEvent
CreateThread
CloseHandle
CreateEventW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcessId
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleW
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
Sleep
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter

advapi32

DeleteService
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegNotifyChangeKeyValue
QueryServiceStatusEx
OpenServiceW
StartServiceCtrlDispatcherW
EqualSid
SetTokenInformation
OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
RegisterServiceCtrlHandlerExW
SetServiceStatus
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
StartServiceW
ControlService
RegQueryValueExW

shell32

ShellExecuteExW

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

iphlpapi

GetAdaptersAddresses

vcruntime140

memset
__current_exception_context
__current_exception
_CxxThrowException
memcpy
__std_exception_copy
__std_exception_destroy
wcsrchr
_except_handler4_common
__CxxFrameHandler3
memmove

api-ms-win-crt-runtime-l1-1-0

_cexit
_seh_filter_exe
_set_app_type
_register_onexit_function
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_crt_atexit
_initterm_e
_exit
_invalid_parameter_noinfo_noreturn
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_initterm
terminate
_controlfp_s
exit

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcscpy_s
wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

_wfopen
__stdio_common_vfwprintf
__stdio_common_vswprintf
__p__commode
__stdio_common_vsprintf
_set_fmode
setbuf

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
wcsftime

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_waccess

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
malloc
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4de3ebeba884b3a311787783e1741dcc

Headers

DLL Characteristics

File Characteristics

Imports

friday

kernel32

advapi32

shell32

msvcp140

wtsapi32

userenv

iphlpapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 2KB - Virtual size: 1KB