c9d31cbe283c53464eff1d83fe96efda

Sharing

Copy URL

Twitter E-mail

General

Target

c9d31cbe283c53464eff1d83fe96efda
Size

2.9MB
MD5

c9d31cbe283c53464eff1d83fe96efda
SHA1

a149544d36f6e00a8888110d54f7680dc31ef8de
SHA256

654b566e055376284e3955cd7c3f66164a2adacbb9eb016e1fc09b854886d265
SHA512

7c70b3040ea6e5b8241bd6d4c36f5496df9b207a0a28b29f96beac281535622bd182db88f88489bba916e0e8443fde6bbfb9e3aa2a9f7f919d8f545c1d05c9fb
SSDEEP

49152:l0g7mM+M6RkMkIM7I067QrRokppXcY/x/4MnYYJ2ZhqSGLHkJEMy:EM+M6RkMkIM7zrRokjsVIDQy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9d31cbe283c53464eff1d83fe96efda

Files

c9d31cbe283c53464eff1d83fe96efda
.exe windows:6 windows x64 arch:x64

2b84b899b6f300d0016ed11889c0ae02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetTraceEnableFlags
RegQueryValueExW
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
RegOpenKeyExW
GetTraceEnableLevel
RegCloseKey
RegisterTraceGuidsW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW

kernel32

DeleteCriticalSection
ReleaseMutex
CloseHandle
GetWindowsDirectoryW
LocalFree
ExpandEnvironmentStringsW
LoadLibraryW
Sleep
GetLastError
GetSystemDefaultLCID
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultUILanguage
CreateFileMappingW
GetFileTime
HeapSetInformation
IsWow64Process
LocalAlloc
GetProcAddress
SetLastError
VerifyVersionInfoW
lstrlenW
CreateFileW
GetModuleFileNameW
TerminateProcess
GetVersionExW
GetLocaleInfoW
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceExW
GetSystemDefaultUILanguage
UnmapViewOfFile
MapViewOfFile
SearchPathW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeCriticalSection
RaiseException
LoadLibraryA
GetModuleHandleW
GetCurrentProcess
VerSetConditionMask
SetDllDirectoryW
CreateProcessW
SetErrorMode
GetCommandLineW
GetCurrentDirectoryW

user32

CharNextW
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindowVisible
MessageBoxW
FindWindowExW
SendMessageTimeoutW
LoadStringW
IsWindowEnabled

msvcrt

??3@YAXPEAX@Z
_wcsicmp
_wcsnicmp
bsearch
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
memmove
memset
memcpy
??2@YAPEAX_K@Z
_vsnwprintf
iswspace
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wcsncmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shlwapi

SHSetValueW
SHRegGetValueW
PathQuoteSpacesW
PathCombineW
UrlCreateFromPathW
UrlApplySchemeW
SHEnumValueW
StrStrW
PathFindFileNameW
ord158
PathAppendW
SHStrDupW
SHQueryValueExW
PathAddBackslashW
SHGetValueW
PathRemoveFileSpecW
ord154
ord437
UrlCanonicalizeW
ord462
PathIsURLW
ord219
ord172

shell32

ord17
ord16
ord147
SHCreateShellItem
ord152
SHGetDesktopFolder
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateBindCtx

iertutil

ord650
ord163
ord74
ord85
ord81
ord79
ord58
ord46
ord42
ord32
ord44
ord325
ord9
ord31

urlmon

ord410
ord104
ord111

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b84b899b6f300d0016ed11889c0ae02

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shlwapi

shell32

ole32

iertutil

urlmon

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 604KB - Virtual size: 604KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 604KB - Virtual size: 604KB

.reloc
Size: 2KB - Virtual size: 1KB