47fd57c1af6deca4724f139094990775

Sharing

Copy URL Twitter E-mail

General

Target

47fd57c1af6deca4724f139094990775
Size

6.8MB
MD5

47fd57c1af6deca4724f139094990775
SHA1

2e1b15d4680397edce4b1d38589ab79398ed82c1
SHA256

09293b8937f50281bc40f7b3ef91d61d1b72fc4c6498971271f0b15aedcc38a2
SHA512

cdf257cb906234990c87c976154ad9ff39ca092e7cae2451fd0c4b63573ac98e9cd5f2b46d27659a27da166fdf90dba72d820795e96c702e2c3d9a1979d7569b
SSDEEP

196608:FjCLjQn4CLRGp0YLqWVwnOcYxYNuVS86y+:lC3ivLRGaYLXVwOYNuQjy+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47fd57c1af6deca4724f139094990775

Files

47fd57c1af6deca4724f139094990775
.exe .ps1 windows:6 windows x64 arch:x64 polyglot

582949ba229581feda3446a56530d064

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSASetLastError

wldap32

ord211

crypt32

CryptQueryObject

advapi32

CryptEnumProvidersW

kernel32

SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

shell32

ShellExecuteA

userenv

UnloadUserProfile

rpcrt4

RpcStringFreeA

wininet

DeleteUrlCacheEntryA

urlmon

URLDownloadToFileA

bcrypt

BCryptGenRandom

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 782KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

582949ba229581feda3446a56530d064

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

advapi32

kernel32

user32

shell32

userenv

rpcrt4

wininet

urlmon

bcrypt

wtsapi32

Sections

.text Size: - Virtual size: 2.5MB

.rdata Size: - Virtual size: 782KB

.data Size: - Virtual size: 63KB

.pdata Size: - Virtual size: 98KB

_RDATA Size: - Virtual size: 244B

.text0 Size: - Virtual size: 3.5MB

.text1 Size: 6.8MB - Virtual size: 6.8MB

.reloc Size: 512B - Virtual size: 232B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 2.5MB

.rdata
Size: - Virtual size: 782KB

.data
Size: - Virtual size: 63KB

.pdata
Size: - Virtual size: 98KB

_RDATA
Size: - Virtual size: 244B

.text0
Size: - Virtual size: 3.5MB

.text1
Size: 6.8MB - Virtual size: 6.8MB

.reloc
Size: 512B - Virtual size: 232B

.rsrc
Size: 512B - Virtual size: 480B