64cf2215e86fdaad2a4f7cd9ed4d5f7a

Sharing

Copy URL

Twitter E-mail

General

Target

64cf2215e86fdaad2a4f7cd9ed4d5f7a
Size

820KB
MD5

64cf2215e86fdaad2a4f7cd9ed4d5f7a
SHA1

dc110ae81ab175cee2cf663e5596783f299a4a85
SHA256

6701e89b161bec144d1a4cd72b9190f9bc29ffb0a8c48edb25b46fa74c115ecd
SHA512

25a533cd520f7567f87c69b7f1a85da4ef05a5109592673d8646885bcee8a9c2fae6d9a6073830efd3aaddb0c19262f375a7a6ca8f6ed8f4455c35f66706aecb
SSDEEP

24576:hO6c3oCrVA7bEK7mJaW2eX8TvE81oIzsk6EzCUfk7Ou:vuVeEK7mmeX8TBoIzsk6hUf4h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
64cf2215e86fdaad2a4f7cd9ed4d5f7a

Files

64cf2215e86fdaad2a4f7cd9ed4d5f7a
.dll windows:6 windows x86 arch:x86

f6ed57c140219f49a1adbd0334b819b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtectEx
GetCurrentProcess
GetSystemTimeAsFileTime
GetLocalTime
CreateSemaphoreW
LoadLibraryW
CreateProcessW
GetEnvironmentVariableW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateFileW
SetFileAttributesW
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
CloseHandle
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
GetCurrentThread
HeapFree
HeapAlloc
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
CreateThread

ole32

OleUninitialize
OleInitialize
OleSetContainedObject

dbghelp

SymUnloadModule
ImageRvaToSection
MakeSureDirectoryPathExists
ImageRvaToVa
SymUnloadModule64
ImagehlpApiVersion
ImagehlpApiVersionEx
MapDebugInformation
UnDecorateSymbolName

imagehlp

TouchFileTimes
ImageUnload
MapFileAndCheckSumA
MapAndLoad

Exports

Exports

BoneFoot
Countinstrument
During
Largecamp

Sections

.text
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6ed57c140219f49a1adbd0334b819b7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

dbghelp

imagehlp

Exports

Exports

Sections

.text Size: 509KB - Virtual size: 508KB

.rdata Size: 284KB - Virtual size: 284KB

.data Size: 6KB - Virtual size: 602KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 509KB - Virtual size: 508KB

.rdata
Size: 284KB - Virtual size: 284KB

.data
Size: 6KB - Virtual size: 602KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB