01e35f12fbba7dbffd330c26194289e2

Sharing

Copy URL Twitter E-mail

General

Target

01e35f12fbba7dbffd330c26194289e2
Size

401KB
MD5

01e35f12fbba7dbffd330c26194289e2
SHA1

678cad33d4b98cfeb58ffa8e452fe4243c57ccae
SHA256

4aba4f09a27d6d25a74e96b94af0b55e76b89c7aa24ebc437e821d3ccdd1876a
SHA512

90126e6e3bc1e90364f35fc6f8c68077aab40eaebb0afb309b41d73b7b58dde850747e26fb65d3110d93cf8f576112a8e1a18174681b6d54962d34d7f2900be4
SSDEEP

6144:s0JVN9Q7kRwSrJWrtEiOLAORtX2YX5LyvnMqqm1Hz376aBnjfn:s0JV/Q767lGEi+AORtmhnMqf9T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01e35f12fbba7dbffd330c26194289e2

Files

01e35f12fbba7dbffd330c26194289e2
.exe windows:6 windows x64 arch:x64

7dad21dfe390563a0d952e9f9e118b59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemTime
SystemTimeToFileTime
GetStringTypeW
CancelIo
GetOverlappedResult
ReadFile
WaitNamedPipeW
GetFileInformationByHandle
CreateFileMappingW
GetTempPathW
MoveFileExW
UnmapViewOfFile
MapViewOfFile
CreateDirectoryW
GetFileAttributesW
CompareFileTime
FindNextFileW
FindClose
FindFirstFileW
SetFileAttributesW
DeleteFileW
RegEnumValueW
SetThreadPriority
CreateFileW
WriteFile
RegDeleteKeyExW
WaitForMultipleObjects
RegQueryValueExW
RegGetValueW
RegNotifyChangeKeyValue
SetLastError
FlushInstructionCache
InitializeCriticalSectionAndSpinCount
LCMapStringW
LockResource
FormatMessageA
DelayLoadFailureHook
LoadLibraryExA
ExpandEnvironmentStringsW
CreateThread
CloseHandle
ReleaseMutex
GetCurrentThreadId
DeleteCriticalSection
HeapSetInformation
lstrcmpiW
CreateEventW
GetProcAddress
GetLastError
RaiseException
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
GetVersionExW
SizeofResource
Sleep
LoadLibraryW
InitializeCriticalSection
GetCurrentThread
GetModuleHandleW
SetEvent
WaitForSingleObject
GetCurrentProcess
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
SetPriorityClass
CreateMutexW
GetTempFileNameW
GetCommandLineW

user32

OffsetRect
IsRectEmpty
GetKeyboardLayoutList
DestroyWindow
PostQuitMessage
PeekMessageW
LoadCursorW
GetWindowLongPtrW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
UnregisterPowerSettingNotification
CharNextW
TranslateMessage
CharUpperW
GetSystemMetrics
PostThreadMessageW
DispatchMessageW
PostMessageW
RegisterPowerSettingNotification
SetWindowLongPtrW
SendMessageW
CallWindowProcW
DefWindowProcW
UnregisterClassA
GetMessageW
MsgWaitForMultipleObjects

msvcrt

_commode
__setusermatherr
_amsg_exit
_initterm
?terminate@@YAXXZ
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
__C_specific_handler
memset
_callnewh
wcscpy_s
wcscat_s
_fmode
_purecall
_resetstkoflw
malloc
calloc
free
wcsncpy_s
_wcsicmp
memmove_s
_unlock
__dllonexit
_lock
_onexit
realloc
_errno
??1type_info@@UEAA@XZ
memcmp
memcpy_s
__set_app_type
_CxxThrowException
__CxxFrameHandler3
___lc_codepage_func
___lc_handle_func
setlocale
__uncaught_exception
__crtLCMapStringA
__pctype_func
isupper
memcpy
islower
abort
_wcmdln
swprintf_s
_vsnwprintf
wcstoul
_wtoi
wcstol
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
_itow
wcschr
_itow_s
_ui64tow_s
_i64tow_s
_wcstoi64
_wtoi64
wcspbrk
_wcsnicmp
_wfopen
fread
_wstat64
fclose
wcsrchr
iswspace
sprintf_s
memchr
localeconv
strcspn

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemTimeAsFileTime
GetTickCount

imm32

ImmDisableTextFrameService
ImmDisableIME

ole32

CoInitializeSecurity
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
StringFromGUID2
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoInitialize
CoRegisterClassObject
CLSIDFromString
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
StringFromCLSID

oleaut32

SafeArrayDestroy
SafeArrayCreateVector
VarBstrCat
VarBstrFromI8
VarBstrCmp
SafeArrayUnaccessData
SafeArrayAccessData
SysStringByteLen
VariantInit
SysAllocStringByteLen
VariantClear
SysAllocStringLen
SysFreeString
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString

shlwapi

PathAppendW
PathAddBackslashW
PathStripPathW
SHCreateStreamOnFileW

rpcrt4

UuidCreateSequential
UuidHash

xmllite

CreateXmlReader

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7dad21dfe390563a0d952e9f9e118b59

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

ntdll

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

imm32

ole32

oleaut32

shlwapi

rpcrt4

xmllite

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-memory-l1-1-0

Sections

.text Size: 295KB - Virtual size: 295KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 29KB - Virtual size: 30KB

.text
Size: 295KB - Virtual size: 295KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 29KB - Virtual size: 30KB