f0467b1efda4e6e1974a30a3fd52739accdaf91d4221c86d2d605163f7fea73f

Sharing

Copy URL Twitter E-mail

General

Target

f0467b1efda4e6e1974a30a3fd52739accdaf91d4221c86d2d605163f7fea73f
Size

5.4MB
MD5

fd443b475eae16062eba2c4964b666d1
SHA1

16430857d17edfd67efc8f0b649c6397be8d6899
SHA256

f0467b1efda4e6e1974a30a3fd52739accdaf91d4221c86d2d605163f7fea73f
SHA512

f504b297ba613109dda362bf1e1de0414aff406eb084ccebbaad7522a085d59c17ad63d44ab23d6a9cf1d52677986cc3bec064d11569a78e17fb6ddbdd78e873
SSDEEP

49152:SXVwASOtGtlqO1IU6iIsYXhduVGNpZMEouH5Nb0llNIXHTsB7abKmsywzdWgJliH:NS+ckuHfbjHCabKjSwVU+3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0467b1efda4e6e1974a30a3fd52739accdaf91d4221c86d2d605163f7fea73f

Files

f0467b1efda4e6e1974a30a3fd52739accdaf91d4221c86d2d605163f7fea73f
.exe windows:6 windows x64 arch:x64

2263220e3c205cd99185895db084d496

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetACP
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableW
GetSystemTimeAsFileTime
GetModuleHandleExW
FormatMessageA
LoadLibraryA
GetSystemDirectoryA
GetModuleHandleW
GetFileType
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
SetLastError
GetLastError
Sleep
RtlVirtualUnwind
GetComputerNameA
MapViewOfFile
K32EnumProcessModules
WideCharToMultiByte
FreeLibrary
GetCurrentProcessId
CreateFileMappingA
GetProcAddress
CreateThread
K32GetModuleInformation
K32GetModuleBaseNameA
CloseHandle
HeapSize
DeleteFileW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlLookupFunctionEntry
RtlCaptureContext
GetFileSizeEx
VerifyVersionInfoW
GetOEMCP
IsValidCodePage
SetEndOfFile
SetEnvironmentVariableW
FlushFileBuffers
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetConsoleOutputCP
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetConsoleCtrlHandler
ExitProcess
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
RtlPcToFileHeader
RtlUnwindEx
VerSetConditionMask
Process32Next
CreateFileA
GetConsoleMode
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
GetCurrentThreadId
WaitForSingleObject
GetDynamicTimeZoneInformation
VirtualAlloc
WriteFile
WriteConsoleA
GetStdHandle
GetCurrentProcess
VirtualFree
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
VirtualProtect
Process32First
GetModuleFileNameA
GetStartupInfoW
IsDebuggerPresent
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
LocalFree
GetLocaleInfoEx
GetCurrentDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
MoveFileExW
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
GetTickCount
GetSystemDirectoryW
GetEnvironmentVariableA
FormatMessageW
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
InitializeSListHead

user32

GetProcessWindowStation
GetDC
ReleaseDC
MessageBoxW
GetUserObjectInformationW

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDIBits
GetDeviceCaps
DeleteDC
DeleteObject

advapi32

RegisterEventSourceW
CryptImportKey
CryptHashData
GetTokenInformation
OpenProcessToken
LookupAccountSidA
GetUserNameA
DeregisterEventSource
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGetHashParam
CryptEncrypt

ole32

CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

ws2_32

getaddrinfo
sendto
recvfrom
inet_ntop
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
inet_pton
shutdown
socket
setsockopt
listen
connect
closesocket
freeaddrinfo
accept
send
recv
WSASetLastError
WSAIoctl
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
htons
htonl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
select
ntohs
getsockopt
getsockname
ioctlsocket
__WSAFDIsSet
getpeername
gethostname
bind
getservbyname

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CertFreeCertificateChain
CryptQueryObject
CertOpenStore
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine

iphlpapi

GetAdaptersInfo

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2263220e3c205cd99185895db084d496

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

crypt32

iphlpapi

bcrypt

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 35KB - Virtual size: 52KB

.pdata Size: 167KB - Virtual size: 166KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 35KB - Virtual size: 52KB

.pdata
Size: 167KB - Virtual size: 166KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 41KB - Virtual size: 40KB