b6e1edfbc40935c49198eb5a170666d8a41f8467886ebed5793d7f158c628a1e

Sharing

Copy URL Twitter E-mail

General

Target

b6e1edfbc40935c49198eb5a170666d8a41f8467886ebed5793d7f158c628a1e
Size

2.6MB
MD5

f590402fc26c2ea12ea661da25509a80
SHA1

40a8478c104f07a6bbb727f7060001a5ebcb24b2
SHA256

b6e1edfbc40935c49198eb5a170666d8a41f8467886ebed5793d7f158c628a1e
SHA512

f3b3e0fe6f220f1ebd862be3d6694a592491be163634f15774fb3c367643510cf09ef37bbc229f5c43f34a1fe60c86d1bebca77a80a0f075ca4dfa4a7d78fc77
SSDEEP

24576:ZooGKB1IgwPpBlwc09JV/oBObhGBa7jnn8eKyAf/Qn652PtKOXmcTBm:ZoVElwjac0T5oBOVGBa7LKBCttKBcT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6e1edfbc40935c49198eb5a170666d8a41f8467886ebed5793d7f158c628a1e

Files

b6e1edfbc40935c49198eb5a170666d8a41f8467886ebed5793d7f158c628a1e
.exe windows:6 windows x64 arch:x64

37d6282394379861fd304294d7d7d3f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
RtlUnwindEx
NtCancelIoFileEx
RtlCaptureContext
NtReadFile
RtlLookupFunctionEntry
NtWriteFile
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlPcToFileHeader

kernel32

GetFileType
GetFileInformationByHandleEx
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SwitchToThread
GetConsoleOutputCP
FlushFileBuffers
HeapSize
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
LCMapStringW
CompareStringW
CloseHandle
FlsFree
FlsSetValue
GetModuleFileNameW
SetLastError
GetCommandLineW
FlsGetValue
FlsAlloc
GetStringTypeW
SetConsoleMode
GetConsoleMode
CreateFileW
GetLastError
SetFilePointerEx
EncodePointer
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleHandleA
GetProcAddress
GetCurrentThread
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
Sleep
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
GetFileInformationByHandle
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
FindClose
ReadConsoleW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
CreateThread
DeleteCriticalSection
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
AcquireSRWLockShared
ReleaseSRWLockShared
SleepConditionVariableSRW
InitializeCriticalSectionAndSpinCount
SetHandleInformation
CreateFileA
FindNextFileW
lstrlenW
FindFirstFileExW
SetConsoleCursorPosition
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
WakeConditionVariable
WakeAllConditionVariable
PostQueuedCompletionStatus
GetCommandLineA
GetModuleHandleExW
TerminateProcess
TlsAlloc
WriteFile
LoadLibraryExW
GetStdHandle
TlsGetValue
WideCharToMultiByte
FreeLibrary
TlsFree
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsSetValue

ws2_32

freeaddrinfo
WSASocketW
getaddrinfo
bind
ioctlsocket
socket
WSAStartup
WSACleanup
connect
setsockopt
recv
send
WSASend
shutdown
WSAIoctl
closesocket
getsockname
WSAGetLastError
getpeername
getsockopt

secur32

AcquireCredentialsHandleA
FreeCredentialsHandle
FreeContextBuffer
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW

crypt32

CertDuplicateStore
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertOpenStore
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext

advapi32

SystemFunction036
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

bcrypt

BCryptGenRandom

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 983KB - Virtual size: 982KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37d6282394379861fd304294d7d7d3f8

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

ws2_32

secur32

crypt32

advapi32

bcrypt

shell32

ole32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 983KB - Virtual size: 982KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 97KB - Virtual size: 96KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 983KB - Virtual size: 982KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 97KB - Virtual size: 96KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 14KB - Virtual size: 14KB