12bdb1f1f1b34c6390d8666c44261d58

Sharing

Copy URL Twitter E-mail

General

Target

12bdb1f1f1b34c6390d8666c44261d58
Size

2.3MB
MD5

12bdb1f1f1b34c6390d8666c44261d58
SHA1

83f1db6ebd986b6cc979bb34db94f325d4c091e4
SHA256

30b2e2f92cded2cb39e958df6840642965a2ecccb3ad74226dfbe0e3099f3782
SHA512

00814ac5076081b62945884d69534102d7c6800edf7b72c7eec7ff599d9abff2334a6104f4e13cc14fddd08075caff78c7eb820015e1837015c5b05af16f93f5
SSDEEP

49152:4I00SGP2UBQ8b13Ng1WC7HMra1n7QTogaaCcXA+4UGy:tF9g1B7MS7oQYt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12bdb1f1f1b34c6390d8666c44261d58

Files

12bdb1f1f1b34c6390d8666c44261d58
.exe windows:6 windows x64 arch:x64

1f074c7ffa2ec3d2d6ecac8f2e1bfb4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
Process32Next
CloseHandle
K32GetModuleBaseNameA
K32GetModuleInformation
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
IsWow64Process
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
FormatMessageA
CreateFileW
CreateToolhelp32Snapshot
OpenProcess
K32EnumProcessModulesEx
FindClose
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
ResumeThread
AreFileApisANSI
SetLastError
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
OutputDebugStringW
WaitForSingleObject
SetConsoleTitleA
WriteProcessMemory
Sleep
Process32First
LocalFree

user32

GetWindowTextA
MessageBoxA
EnumWindows

advapi32

CryptAcquireContextA
RegOpenKeyA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitialize
CoInitializeEx
CoInitializeSecurity

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
_Mtx_trylock
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Random_device@std@@YAIXZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
_Mtx_init_in_situ
_Cnd_register_at_thread_exit
_Cnd_do_broadcast_at_thread_exit
_Cnd_wait
_Thrd_detach
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@AEAD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?uncaught_exceptions@std@@YAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
_Cnd_init_in_situ

iphlpapi

IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle

ws2_32

send
inet_pton
shutdown
WSACleanup
recv
WSAStartup
htons
socket
WSAGetLastError
connect
closesocket

urlmon

URLDownloadToFileA
URLOpenBlockingStreamA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
memcpy
memmove
__std_exception_copy
__std_terminate
memset
__RTDynamicCast
memchr
__C_specific_handler
_CxxThrowException
__std_type_info_compare
_purecall
__std_exception_destroy
__std_type_info_name
__current_exception
__current_exception_context

api-ms-win-crt-string-l1-1-0

tolower
towlower
toupper
strspn
strncmp
strcmp
isspace
_stricmp

api-ms-win-crt-runtime-l1-1-0

_c_exit
__p___argv
exit
__p___argc
_exit
_initterm_e
_initterm
terminate
_get_initial_narrow_environment
_beginthreadex
_set_app_type
_register_thread_local_exe_atexit_callback
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_seh_filter_exe
system

api-ms-win-crt-stdio-l1-1-0

fgetc
_set_fmode
fclose
fflush
__acrt_iob_func
__p__commode
fwrite
fputc
fgetpos
setvbuf
__stdio_common_vfprintf
__stdio_common_vsprintf
ungetc
fsetpos
fread
_get_stream_buffer_pointers
_fseeki64

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
_set_new_mode
_aligned_free
malloc
_callnewh
free

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-convert-l1-1-0

wcstombs_s
strtod
strtoull
atoi
strtoll

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dsign
_dclass

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_time64

Sections

.text
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 1.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1f074c7ffa2ec3d2d6ecac8f2e1bfb4c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp140

iphlpapi

ws2_32

urlmon

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 553KB - Virtual size: 553KB

.rdata Size: 171KB - Virtual size: 171KB

.data Size: 33KB - Virtual size: 39KB

.pdata Size: 23KB - Virtual size: 22KB

.rsrc Size: 111KB - Virtual size: 110KB

.reloc Size: - Virtual size: 7KB

.vlizer Size: 1.4MB - Virtual size: 5.4MB

.text
Size: 553KB - Virtual size: 553KB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 33KB - Virtual size: 39KB

.pdata
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 111KB - Virtual size: 110KB

.reloc
Size: - Virtual size: 7KB

.vlizer
Size: 1.4MB - Virtual size: 5.4MB