df7c979e6593fa26c865b00ea655dd71

Sharing

Copy URL Twitter E-mail

General

Target

df7c979e6593fa26c865b00ea655dd71
Size

5.5MB
MD5

df7c979e6593fa26c865b00ea655dd71
SHA1

8e4e36e00bd5b6d713d6a1df0c240f92a8921dff
SHA256

cff9f007b82bfab74fa9715dfda9d83f3410b538fc13c3730e7017955f427f26
SHA512

d52913b8c303deb05f9c23ba92c6a0185f8528c0a4d9cef928cf2aa349a0c40719e4e86dd9d93bda3d8dedfe6cb370c4f16992670b8bdf48b320218e42635caf
SSDEEP

98304:7qSXv78MptWZ0KyUfvNabUaSL8n4y5tpsAohOI5hO4V+4BH3hizf:dvIMy7yUnNI3Yoh7sAM7f+GH3hizf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df7c979e6593fa26c865b00ea655dd71

Files

df7c979e6593fa26c865b00ea655dd71
.exe windows:5 windows x86 arch:x86

7b14aafdaa2f168233e839cd51985aa6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
GetSystemDirectoryW
CompareStringW
LockResource
SystemTimeToFileTime
GetConsoleCP
GetLocalTime
CreateProcessW
GetTickCount
VirtualProtect
FlushFileBuffers
GetCommandLineW
GetFileSize
HeapAlloc
ExitProcess
CompareFileTime
MapViewOfFile
FlushViewOfFile
FindResourceW
VerifyVersionInfoW
GetSystemDefaultLangID
GetConsoleWindow
HeapSetInformation
GetStartupInfoW
RaiseException
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
GetProcAddress
GetModuleHandleW
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetSystemInfo
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
HeapFree
Sleep
RtlUnwind
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
HeapReAlloc
OutputDebugStringW
InitializeCriticalSection
GetSystemTimeAsFileTime
ReleaseMutex
lstrcmpiW
FindResourceExW
CreateFileMappingW
GlobalUnlock
TerminateProcess
InitializeCriticalSectionAndSpinCount
ReadFile

wintrust

WTHelperProvDataFromStateData
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
WTHelperGetProvCertFromChain
CryptCATAdminEnumCatalogFromHash

iphlpapi

GetAdaptersInfo
GetIpStatisticsEx
Icmp6SendEcho2

user32

GetMenuBarInfo

advapi32

RegOpenKeyExW
OpenProcessToken
RegQueryInfoKeyW
RegQueryValueExW
FreeSid
RegCreateKeyExW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 57.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.23P3n
Size: 991KB - Virtual size: 991KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.R8oT3
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eENO
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NAgm
Size: 592KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b14aafdaa2f168233e839cd51985aa6

Headers

File Characteristics

Imports

kernel32

wintrust

iphlpapi

user32

advapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 1.9MB - Virtual size: 57.4MB

.idata Size: 3KB - Virtual size: 2KB

.xdata Size: 512B - Virtual size: 428B

.23P3n Size: 991KB - Virtual size: 991KB

.R8oT3 Size: 588KB - Virtual size: 587KB

.eENO Size: 305KB - Virtual size: 304KB

.NAgm Size: 592KB - Virtual size: 591KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 1.9MB - Virtual size: 57.4MB

.idata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 512B - Virtual size: 428B

.23P3n
Size: 991KB - Virtual size: 991KB

.R8oT3
Size: 588KB - Virtual size: 587KB

.eENO
Size: 305KB - Virtual size: 304KB

.NAgm
Size: 592KB - Virtual size: 591KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB