a3c333066a02ba487836ab9448ce5a8c

Sharing

Copy URL

Twitter E-mail

General

Target

a3c333066a02ba487836ab9448ce5a8c
Size

1.2MB
MD5

a3c333066a02ba487836ab9448ce5a8c
SHA1

a2e6a808dc234b8a341f57a7dd3d84994199e012
SHA256

72727ba0b723b6c32cb0a624f6e2cfb645f0d536e119ed9c7088e0ca61311a31
SHA512

9a3317f3545651e810f2e8c8955a17df3b0af7f6f67277bdfced1e2fb42820eec1c359276c6bd87b76e2dc4726606e0b0227605f10c40f538f01a8bd4ed838c4
SSDEEP

24576:tqSErUYDsBBv68zYbW5tPI38KgbL5L2Z:MSErSBNzCQtQ38nL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3c333066a02ba487836ab9448ce5a8c

Files

a3c333066a02ba487836ab9448ce5a8c
.exe windows:4 windows x64 arch:x64

eefe427e1ca5c344ee7fca9e0759f447

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeString
RtlInitString
RtlCaptureContext

kernel32

HeapSize
GetProcessHeap
HeapSetInformation
GetVersionExW
GetVolumeInformationW
GetCurrentProcess
OutputDebugStringW
IsDebuggerPresent
DebugBreak
FatalExit
LoadLibraryW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetLastError
AssignProcessToJobObject
CreateJobObjectW
GetSystemDirectoryW
ResumeThread
TerminateProcess
WaitForMultipleObjects
ProcessIdToSessionId
OpenProcess
LocalFree
LocalAlloc
FreeLibrary
CreateFileW
CloseHandle
HeapReAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapDestroy
GetCurrentProcessId
GetLastError
GetFileType
HeapAlloc
Sleep

rpcrt4

NdrServerCall2
RpcStringFreeW
RpcBindingFree
I_RpcBindingInqLocalClientPID
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingServerFromClient
RpcServerListen
RpcServerRegisterAuthInfoW
RpcRevertToSelf
RpcImpersonateClient
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoW
RpcServerRegisterIf2
RpcServerUseProtseqEpW
RpcMgmtStopServerListening
NdrClientCall2

advapi32

GetSidSubAuthority
GetAclInformation
InitializeAcl
AddAce
MakeAbsoluteSD
GetSecurityDescriptorSacl
LookupPrivilegeValueW
GetTokenInformation
AdjustTokenPrivileges
SystemFunction036
GetSidLengthRequired
InitializeSid
GetSecurityDescriptorDacl
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserW
LsaNtStatusToWinError
ImpersonateLoggedOnUser
RevertToSelf
SetTokenInformation
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
CopySid
IsValidSid
GetLengthSid
AllocateLocallyUniqueId
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorGroup
ConvertSidToStringSidW
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
CreateWellKnownSid
EqualSid
CheckTokenMembership
ConvertStringSidToSidW
GetSecurityDescriptorOwner
GetSecurityDescriptorControl

user32

MessageBoxW

msvcr80

memcpy
__C_specific_handler
strncmp
memcmp
_amsg_exit
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
??0exception@std@@QEAA@AEBQEBD@Z
_fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_purecall
memmove_s
memcpy_s
__FrameUnwindFilter
??0exception@std@@QEAA@AEBV01@@Z
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@XZ
_commode
??1exception@std@@UEAA@XZ
_CxxThrowException
_vsnwprintf
??3@YAXPEAX@Z
malloc
__CxxFrameHandler3
free
memset
??2@YAPEAX_K@Z
calloc
_wcsnicmp

crypt32

CertVerifyCertificateChainPolicy
CryptDecodeObject
CertGetCertificateContextProperty
CryptFindOIDInfo

msvcp80

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW

secur32

LsaLookupAuthenticationPackage
LsaGetLogonSessionData
LsaLogonUser
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
LsaConnectUntrusted

shlwapi

PathCombineW

msvcm80

?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@PE$AAVException@3@@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXPE$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6AJPEAX@Z0@Z

shell32

SHGetFolderPathW

dnsapi

DnsNameCompare_W

mscoree

_CorExeMain

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 530KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 400KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eefe427e1ca5c344ee7fca9e0759f447

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

rpcrt4

advapi32

user32

msvcr80

crypt32

msvcp80

userenv

secur32

shlwapi

msvcm80

shell32

dnsapi

mscoree

Sections

.text Size: 288KB - Virtual size: 288KB

.nep Size: 1KB - Virtual size: 1KB

.rdata Size: 530KB - Virtual size: 530KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 400KB - Virtual size: 1.1MB

.text
Size: 288KB - Virtual size: 288KB

.nep
Size: 1KB - Virtual size: 1KB

.rdata
Size: 530KB - Virtual size: 530KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 400KB - Virtual size: 1.1MB