00a369fa0f596b70e846fe213910af9eb58c3bbc1877bbd381321be5605d2e05

Sharing

Copy URL Twitter E-mail

General

Target

00a369fa0f596b70e846fe213910af9eb58c3bbc1877bbd381321be5605d2e05
Size

3.1MB
MD5

0df3c52139b16d7deb811a1b7e44a6d1
SHA1

3a2c4a0bfa40856dedd4f93d80c0ac1761f73b45
SHA256

00a369fa0f596b70e846fe213910af9eb58c3bbc1877bbd381321be5605d2e05
SHA512

21f2884d3423d324e022b4e0ae0fc52ad8b5d2d075bfd3de23a564dd8cc296dfa722b6b34e02beaae31f2b24a7740cf1c4c70e6b1bf8f8cf7c9f9ed03856c3d9
SSDEEP

49152:8CrHMFtkGBa+r0Wv/pBWyWHHR5xPhQeoNfLvd5LAH4DTnCBPL2sFKTFCIzR:8CA5Lh41TC5vSl2sFxa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00a369fa0f596b70e846fe213910af9eb58c3bbc1877bbd381321be5605d2e05

Files

00a369fa0f596b70e846fe213910af9eb58c3bbc1877bbd381321be5605d2e05
.exe windows:5 windows x64 arch:x64

5bb89c7a46e65c4e89554bd2e5d323c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

UrlEscapeA
PathFindFileNameW
PathRemoveFileSpecA
PathRemoveBackslashA
PathIsRootA
PathFileExistsA
PathRemoveFileSpecW
SHGetValueA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW

ws2_32

sendto
shutdown
getpeername
WSAIoctl
htonl
htons
recvfrom
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
socket
setsockopt
listen
connect
closesocket
bind
accept
WSASetLastError
send
recv
getnameinfo
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
ntohs
getsockopt
getsockname
ioctlsocket
WSAResetEvent
__WSAFDIsSet
select
gethostname
WSAWaitForMultipleEvents

wldap32

ord60
ord211
ord143
ord217
ord46
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord301
ord200
ord30
ord79

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertCloseStore
CertFreeCertificateContext

netapi32

Netbios

dbghelp

SymFunctionTableAccess64
StackWalk64
SymGetModuleBase64
SymInitialize

kernel32

GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
ResumeThread
SwitchToThread
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
Process32FirstW
CloseHandle
LocalFree
GetTickCount
InitializeCriticalSectionAndSpinCount
OpenEventW
RaiseException
DecodePointer
DeleteCriticalSection
CreateFileW
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
ReadFile
SetNamedPipeHandleState
WriteFile
GetModuleFileNameW
CreateNamedPipeW
WaitForSingleObject
CreateEventW
SetEvent
SetCurrentDirectoryW
ConnectNamedPipe
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
CreateProcessW
VirtualFree
VirtualAlloc
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
GetModuleHandleA
LoadLibraryExA
FindResourceA
LockResource
LoadResource
FreeLibrary
lstrcmpiW
CreateMutexW
GetFileAttributesW
ReleaseMutex
GetSystemDirectoryW
SetFileAttributesW
DeleteFileW
MultiByteToWideChar
GetCurrentProcessId
CreateThread
FindClose
CreateEventA
GetModuleFileNameA
ExpandEnvironmentStringsA
GetPrivateProfileIntA
GetPrivateProfileStringA
UnregisterWait
GetFileAttributesA
DeleteFileA
FindFirstFileA
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentThreadId
CreateFileA
WerUnregisterRuntimeExceptionModule
LoadLibraryW
SetUnhandledExceptionFilter
GetCurrentThread
ReadProcessMemory
LoadLibraryA
AddVectoredExceptionHandler
VirtualQuery
SetEndOfFile
SetFilePointerEx
IsBadReadPtr
Module32FirstW
OutputDebugStringA
RtlCaptureContext
InitializeCriticalSection
VirtualProtect
ResetEvent
UnhandledExceptionFilter
VerSetConditionMask
OpenMutexW
MapViewOfFileEx
VerifyVersionInfoW
GetTickCount64
SetLastError
GetFileType
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageA
CreateFiber
DeleteFiber
SwitchToFiber
GetSystemTimeAsFileTime
QueryPerformanceCounter
ConvertThreadToFiber
ConvertFiberToThread
FindNextFileA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
LoadLibraryExW
ReleaseSemaphore
CreateSemaphoreA
CreateMutexA
SleepEx
GetSystemDirectoryA
QueryPerformanceFrequency
FormatMessageW
MoveFileExA
CompareFileTime
GetEnvironmentVariableA
WaitForMultipleObjects
PeekNamedPipe
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
WaitForSingleObjectEx
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlPcToFileHeader
RtlUnwindEx
ExitThread
GetModuleHandleExW
GetFileAttributesExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
SetConsoleCtrlHandler
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
CreateDirectoryA
ReadConsoleA
TryEnterCriticalSection
GetStringTypeW

user32

MessageBoxA
GetUserObjectInformationW
GetSystemMetrics
EnumDisplayDevicesA
GetProcessWindowStation

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
SetNamedSecurityInfoA
GetNamedSecurityInfoA
SetEntriesInAclA
RegDeleteKeyValueW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
OpenProcessToken
StartServiceW
ChangeServiceConfigW
OpenServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
CryptAcquireContextA

psapi

GetModuleBaseNameA
GetModuleInformation

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 831KB - Virtual size: 831KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bb89c7a46e65c4e89554bd2e5d323c0

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

ws2_32

wldap32

crypt32

netapi32

dbghelp

kernel32

user32

shell32

advapi32

psapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 831KB - Virtual size: 831KB

.data Size: 46KB - Virtual size: 66KB

.pdata Size: 116KB - Virtual size: 116KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 30KB

.tvm0 Size: 164KB - Virtual size: 164KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 831KB - Virtual size: 831KB

.data
Size: 46KB - Virtual size: 66KB

.pdata
Size: 116KB - Virtual size: 116KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 30KB

.tvm0
Size: 164KB - Virtual size: 164KB