373c443e05b8f481f26e647fd2a2835b

Sharing

Copy URL

Twitter E-mail

General

Target

373c443e05b8f481f26e647fd2a2835b
Size

193KB
MD5

373c443e05b8f481f26e647fd2a2835b
SHA1

df453d345ea377d2c35c55879fb4cbac90cb45e9
SHA256

0b40111b35548720254f142c4bd7bf28b4c0731d2cfbea1e861fccb4293ee56d
SHA512

64fb570db03ab3b48d6cacea9c834af3da359bf2057d976a50fc92144c24b5a6b0230234ad7823d34357e9a2bd0718b986ac8f9fe9f0057ef84e40b1300a60e6
SSDEEP

3072:uSHUaEzbFlpqn4Xb3GreTIRsAU4k3713xRlyRXXel31+dyBE:uSHwzbFWGb3QZRruBcRS0dyB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
373c443e05b8f481f26e647fd2a2835b

Files

373c443e05b8f481f26e647fd2a2835b
.exe windows:6 windows x64 arch:x64

e849a0483317a2b0768475a548ebacae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

kernel32

CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
OpenProcess
Process32Next
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
OpenMutexA
CreateMutexA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
CreateProcessA
GetProcessId
GetTickCount
VirtualQueryEx
ReadProcessMemory
GetCurrentProcess
IsWow64Process
CreateNamedPipeA
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
WriteFile
TerminateThread
CallNamedPipeA
WaitNamedPipeA
GetFileSize
IsValidCodePage
CopyFileA
Sleep
TerminateProcess
DeleteFileA
CloseHandle
CreateFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
GetComputerNameA
GetVolumeInformationA
CreateFileW
GetACP
SetThreadPriority
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindNextFileW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
SetFilePointerEx
GetFileType
GetConsoleMode
ReadConsoleW
HeapAlloc
HeapFree
GetConsoleOutputCP
GetFileSizeEx
CompareStringW
LCMapStringW
HeapReAlloc
FindClose
FindFirstFileExW
GetOEMCP

advapi32

DeleteService
ControlService
OpenServiceA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

urlmon

URLDownloadToFileA

wininet

HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetCloseHandle
InternetReadFile
HttpSendRequestA

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx
RtlCaptureContext

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e849a0483317a2b0768475a548ebacae

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

advapi32

urlmon

wininet

ntdll

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 9KB - Virtual size: 13KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 9KB - Virtual size: 13KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 2KB - Virtual size: 1KB