09003db527f4f9901a97e13539cc8886

Sharing

Copy URL

Twitter E-mail

General

Target

09003db527f4f9901a97e13539cc8886
Size

93KB
MD5

09003db527f4f9901a97e13539cc8886
SHA1

faa5bfdedcc216113edae0ce2d6cf33a51603884
SHA256

84ec826fa0d327e2686e7bd3277a531c6d2c7402bd68f533f89f6607cacf7ee7
SHA512

f90b916e35b5fc992caa305d5669432afe117bb3801d032d66008ac77cfd2c9db2deb811c4c7a5a4849e46f5f7c11752992d932c07ff51d39e9da9ab3a9cfcbe
SSDEEP

1536:J4EV8MJT/1F/ikEUxGeGxyri+SDkBSpo1MWeVgw:J4YrJT/r66xGeGEm+SD8SoXeVp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09003db527f4f9901a97e13539cc8886

Files

09003db527f4f9901a97e13539cc8886
.exe windows:6 windows x64 arch:x64

ec260f30442cf07509f41b6c0ded0588

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
GetTokenInformation
OpenThreadToken
RegCloseKey
RegQueryValueExW
RegOpenKeyW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
GetSidSubAuthorityCount
ConvertSidToStringSidW
OpenProcessToken
GetSidSubAuthority

kernel32

CreateThread
FreeLibrary
GetProcAddress
LoadLibraryW
ReleaseActCtx
DeactivateActCtx
TlsAlloc
TlsFree
ProcessIdToSessionId
InitializeCriticalSection
GetCurrentProcessId
LocalFree
SystemTimeToFileTime
Sleep
GetFileAttributesW
GetSystemDirectoryW
GetFullPathNameW
GetCurrentThread
SetLastError
ActivateActCtx
CreateActCtxW
SetEvent
CreateEventW
GetModuleHandleW
HeapSetInformation
TlsSetValue
DuplicateHandle
GetCurrentProcess
OpenProcess
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
GetProcessHeap
HeapFree
SetThreadpoolTimer
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetLastError
CloseHandle
GetSystemTime
LeaveCriticalSection
WaitForSingleObject

user32

PostMessageW

msvcrt

__CxxFrameHandler3
?terminate@@YAXXZ
_purecall
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
memcpy
_wtol
__C_specific_handler
_wcsicmp
??3@YAXPEAX@Z
memset
??2@YAPEAX_K@Z
_vsnwprintf
sqrt

winspool.drv

ClosePrinter
OpenPrinterW
GetPrinterDataW
GetPrinterDriverW

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
RpcMgmtStopServerListening
RpcServerUseProtseqEpW
RpcServerRegisterIf2
RpcServerInqBindings
RpcBindingVectorFree
NdrServerCallAll
NdrServerCall2
RpcServerListen
RpcServerRegisterAuthInfoW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtAcceptConnectPort
NtCompleteConnectPort
NtReplyPort
NtClose
NtAlpcOpenSenderThread
RtlInitUnicodeString
NtCreatePort
NtReplyWaitReceivePort
TpAllocAlpcCompletion
TpWaitForWork
TpAllocWait
TpStartAsyncIoOperation
TpWaitForWait
TpReleasePool
TpWaitForAlpcCompletion
TpSetTimer
TpPostWork
TpWaitForTimer
TpReleaseWait
RtlNtStatusToDosError
TpCallbackMayRunLong
TpReleaseWork
TpReleaseAlpcCompletion
TpSimpleTryPost
TpWaitForIoCompletion
TpSetWait
TpReleaseTimer
TpAllocWork
TpAllocIoCompletion
TpReleaseIoCompletion
TpAllocTimer
EtwTraceMessage
EtwEventWrite
EtwEventEnabled

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ec260f30442cf07509f41b6c0ded0588

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

winspool.drv

rpcrt4

ntdll

Sections

.text Size: 58KB - Virtual size: 58KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 29KB

.text
Size: 58KB - Virtual size: 58KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 29KB