27a8bfe5362b8fca4a3145a1eb1d4e7f

Sharing

Copy URL

Twitter E-mail

General

Target

27a8bfe5362b8fca4a3145a1eb1d4e7f
Size

3.1MB
MD5

27a8bfe5362b8fca4a3145a1eb1d4e7f
SHA1

51f22c7dea635764bebbc9ac6de70d47163c5dfd
SHA256

26abfe6aca8feaec3f70f19b60d30ac62fbc711e7e6404756eab5b6f810c30f3
SHA512

0f9ee9c99200c5996ed4a97cb3db933f8a9490f28f81174f298adf4ca389bf6146847e57d591ad04b9392f86788c9f4a105a5404a2cfae859d16cf69f0a3a03b
SSDEEP

49152:6dDBeagRjzQM2cZQSQbe8WyOcRWpCP7UVG9k2cfkrqlnHwwfK5iJuyV1K5cojcxo:uY0x5NMKSL1vKRkhhKEAzh9SJc+gr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27a8bfe5362b8fca4a3145a1eb1d4e7f

Files

27a8bfe5362b8fca4a3145a1eb1d4e7f
.exe windows:6 windows x86 arch:x86

522613916868e4512bdf9a470d3400f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
RegCloseKey
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
FreeSid
RegDeleteKeyW
RegCreateKeyExW
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSidToSidW
RegEnumKeyW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeySecurity
RegDeleteValueW
RegSetValueExW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
DeregisterEventSource
ReportEventW
RegisterEventSourceW
EqualSid
OpenProcessToken
ConvertSidToStringSidW
LookupAccountNameW
RegEnumKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptImportKey
CryptSignHashA
CryptVerifySignatureA
CryptExportKey
CryptGenKey
RegisterTraceGuidsA
GetTokenInformation

kernel32

Sleep
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetCurrentThreadId
DeleteTimerQueueEx
ReleaseSemaphore
LoadLibraryW
SetThreadPriority
GetThreadPriority
DuplicateHandle
GetCurrentProcess
GetCurrentThread
OpenThread
GetTickCount
ReleaseMutex
CreateSemaphoreW
IsWow64Process
OpenMutexW
CreateMutexW
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SetFileAttributesW
GetFileAttributesW
ChangeTimerQueueTimer
CreateDirectoryW
WriteFile
CreateFileW
GetFileSizeEx
QueueUserWorkItem
ReadFile
GetFileSize
MultiByteToWideChar
OpenProcess
GetCurrentProcessId
GetSystemInfo
CompareFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
DeleteTimerQueue
WaitForMultipleObjects
GetDevicePowerState
CreateSemaphoreA
InterlockedExchangeAdd
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetFullPathNameW
InitializeCriticalSection
SetLastError
VirtualProtect
VirtualFree
VirtualAlloc
GetLocalTime
MoveFileExW
CopyFileW
FlushFileBuffers
DeleteFileW
SetFilePointer
CreateFileMappingW
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetComputerNameW
DeviceIoControl
GetLocaleInfoW
GetSystemDirectoryW
LCMapStringW
WideCharToMultiByte
GetVersionExA
GetVersion
VirtualQuery
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedExchange
UnregisterWaitEx
SetEvent
GetModuleHandleExW
GetProcAddress
CreateTimerQueue
CreateTimerQueueTimer
CreateEventW
RegisterWaitForSingleObject
RaiseException
InterlockedDecrement
GetVersionExW
InterlockedIncrement
GetLastError
HeapSetInformation
DeleteTimerQueueTimer
LeaveCriticalSection
LocalFree
EnterCriticalSection
LocalAlloc
DeleteCriticalSection
FreeLibrary
CloseHandle
DecodePointer
EncodePointer
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
lstrlenW

msvcrt

rand
srand
time
memset
_vscwprintf
_beginthreadex
_vsnwprintf
_itow
_wtoi
_ui64tow
_wtof
free
malloc
_controlfp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
wcsncmp
_wcsnicmp
wcschr
memmove
swscanf
_wcsicmp
_purecall
sscanf
memcpy

rpcrt4

NdrServerCall2
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerListen
RpcServerUnregisterIf
RpcMgmtStopServerListening
I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcRaiseException
RpcStringFreeW
RpcRevertToSelfEx
RpcImpersonateClient
UuidCreate
UuidFromStringW
UuidToStringW
I_RpcMapWin32Status

ntdll

NtQueryInformationThread
NtSetInformationThread
RtlUnwind
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeString
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlCopyUnicodeString
RtlCompareUnicodeString

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx

Exports

Exports

?SPRevision@@3PADA
?SPVersion@@3PADA

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

522613916868e4512bdf9a470d3400f6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

ole32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 258KB - Virtual size: 257KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 114KB - Virtual size: 116KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 258KB - Virtual size: 257KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 114KB - Virtual size: 116KB