2644eff76139ea3d37fc063b8c13281d

Sharing

Copy URL

Twitter E-mail

General

Target

2644eff76139ea3d37fc063b8c13281d
Size

1.7MB
MD5

2644eff76139ea3d37fc063b8c13281d
SHA1

fbc04c0dcbdcaf07ce120b3f524de4bb6efceaf6
SHA256

d6a3f26782bafbbce1c7dc3fbf54b4f9dca70c7f01a4094df1142741e93c3160
SHA512

c686942767ff2c9627bddf6a779495caf06f35348a9f9729de4f7f96fb21bd20f332b139b9ac68c03bce74ce420d02fc9e349ea362ef48b7aa45805a1d6807d9
SSDEEP

49152:2E5BgAqhvhwrM74ChSVg9J9FzML99cTVBLimc:951ExvjXLimc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2644eff76139ea3d37fc063b8c13281d

Files

2644eff76139ea3d37fc063b8c13281d
.exe windows:10 windows x64 arch:x64

912919246b7d4e917d5ea76378f11058

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
__setusermatherr
_itow_s
strtol
_stricmp
_strnicmp
__ExceptionPtrDestroy
__ExceptionPtrCopy
__ExceptionPtrCurrentException
__ExceptionPtrCreate
strchr
free
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
realloc
strncmp
sprintf_s
_fmode
_strtoui64
__mb_cur_max
fputs
vsprintf_s
wcsncmp
btowc
memmove_s
wcstol
_time64
_localtime64_s
wcsftime
_wcstoi64
wcscpy_s
towlower
localeconv
strcspn
wcsncpy_s
wcscat_s
_ltow_s
setlocale
___lc_collate_cp_func
_commode
memcmp
__pctype_func
isupper
?terminate@@YAXXZ
calloc
islower
___mb_cur_max_func
_ismbblead
memset
ldexp
__uncaught_exception
abort
_wcsdup
__crtCompareStringW
__crtCompareStringA
__crtLCMapStringW
__crtLCMapStringA
_get_current_locale
_free_locale
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_Strftime
isspace
tolower
memchr
isalnum
isdigit
_cexit
_exit
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_snprintf
__iob_func
strnlen
_finite
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
_ultow_s
rand
swprintf_s
_wcsnicmp
vswprintf_s
_wcstoui64
wcstoul
_wtoi
___lc_codepage_func
wcsnlen
_wcsicmp
wprintf
_vscwprintf
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
__CxxFrameHandler3
___lc_handle_func
_vsnwprintf
??_V@YAXPEAX@Z
_errno
wcscmp

api-ms-win-downlevel-kernel32-l1-1-0

GetExitCodeProcess
GetModuleFileNameW
OpenEventW
LoadLibraryExW
RaiseException
SetConsoleMode
GetConsoleMode
GetStdHandle
GetSystemTimeAsFileTime
SubmitThreadpoolWork
QueryPerformanceCounter
ExpandEnvironmentStringsW
TlsAlloc
CreateThreadpoolWork
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
TlsSetValue
InitializeSRWLock
LeaveCriticalSection
EnterCriticalSection
TlsGetValue
SleepConditionVariableSRW
CancelIoEx
TerminateProcess
SetErrorMode
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
SetEvent
FreeLibrary
CreateEventExW
IsDebuggerPresent
DebugBreak
WakeAllConditionVariable
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
CreateThread
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
HeapReAlloc
GetLocaleInfoW
SleepEx
Sleep
GetTickCount
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
DecodePointer
InitOnceBeginInitialize
UnhandledExceptionFilter
ResetEvent
WideCharToMultiByte
GetStringTypeW
EncodePointer
InitOnceComplete
ReadFile
GetFileInformationByHandle
TlsFree
CreateFileW
CloseThreadpoolWork

api-ms-win-downlevel-ole32-l1-1-1

CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessageVa
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoActivateInstance
RoUninitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsPromoteStringBuffer
WindowsDeleteStringBuffer
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsIsStringEmpty
WindowsPreallocateStringBuffer
WindowsDuplicateString

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
OpenProcessToken
CreateProcessAsUserW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegOpenCurrentUser
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegDeleteKeyExW
RegCloseKey
RegDeleteTreeW
RegEnumKeyExW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-1

OpenProcess
SetProcessMitigationPolicy

api-ms-win-service-management-l1-1-0

StartServiceW
CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService
RegisterServiceCtrlHandlerW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
NotifyServiceStatusChangeW

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

ws2_32

ntohs
htons
WSAAddressToStringW
WSAStartup
WSACleanup
InetNtopW

iphlpapi

ConvertInterfaceLuidToNameW
GetIfTable2
GetIfEntry2
GetAdaptersAddresses
ConvertIpv4MaskToLength
ConvertInterfaceGuidToLuid
NotifyUnicastIpAddressChange
CancelMibChangeNotify2
GetAdaptersInfo

crypt32

CryptSignAndEncodeCertificate
CryptQueryObject
CertCloseStore
PFXIsPFXBlob
PFXImportCertStore
CertOpenStore
CertFindCertificateInStore
CertGetNameStringW
CertAddCertificateContextToStore
CertFreeCertificateContext
CryptBinaryToStringA
CertGetCertificateContextProperty
CertStrToNameW
CryptEncodeObjectEx
CertFindExtension
CryptDecodeObjectEx
CryptExportPublicKeyInfo
CertCreateSelfSignCertificate
CertDeleteCertificateFromStore
CertCreateCertificateContext
CertSetCertificateContextProperty
CertEnumCertificatesInStore
CertDuplicateCertificateContext

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCompareMemory

api-ms-win-security-cryptoapi-l1-1-0

CryptGetUserKey
CryptReleaseContext
CryptDestroyHash
CryptGenRandom
CryptCreateHash
CryptHashData
CryptAcquireContextW
CryptGetHashParam
CryptDestroyKey
CryptGenKey

httpapi

HttpInitialize
HttpTerminate
HttpCreateServerSession
HttpCloseServerSession
HttpReceiveRequestEntityBody
HttpSendResponseEntityBody
HttpSendHttpResponse
HttpCreateRequestQueue
HttpReceiveHttpRequest
HttpAddUrlToUrlGroup
HttpCreateUrlGroup
HttpQueryServiceConfiguration
HttpCloseUrlGroup
HttpDeleteServiceConfiguration
HttpSetServiceConfiguration
HttpCloseRequestQueue
HttpSetUrlGroupProperty

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

dnsapi

DnsServiceRegister
DnsServiceConstructInstance
DnsServiceDeRegister
DnsServiceFreeInstance
DnsNotifyResolver
DnsServiceRegisterCancel

powrprof

PowerReadDCValueIndex
PowerReadValueMin
PowerWriteACValueIndex
PowerWriteDCValueIndex
PowerReadACValueIndex
PowerReadPossibleFriendlyName
PowerSettingRegisterNotification
PowerEnumerate
PowerReadFriendlyName
PowerReadSettingAttributes
PowerGetActiveScheme
GetPwrCapabilities
PowerReadValueUnitsSpecifier
PowerReadValueIncrement
PowerSetActiveScheme
PowerSettingUnregisterNotification
CallNtPowerInformation
PowerReadValueMax

xmllite

CreateXmlReader

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-job-l2-1-0

SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW
GetPersistedRegistryValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetVersionExW
GetSystemTime
GetComputerNameExW
GetLogicalProcessorInformation

api-ms-win-core-synch-l1-1-0

CreateEventW

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
InitOnceExecuteOnce

api-ms-win-core-io-l1-1-1

CancelIo

ntdll

NtSetThreadExecutionState
RtlIpv4AddressToStringW
RtlConvertDeviceFamilyInfoToString
RtlIpv4StringToAddressW
NtSystemDebugControl
RtlIpv6AddressToStringW
NtQuerySystemInformation

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-file-l1-1-0

WriteFile
CreateDirectoryW
FindClose
SetFilePointer
FindFirstFileW
GetFullPathNameW
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
FindNextFileW
CompareFileTime
GetFileSizeEx
GetTempFileNameW
FileTimeToLocalFileTime

api-ms-win-core-url-l1-1-0

UrlUnescapeW
UrlCreateFromPathW

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoTaskMemAlloc
CLSIDFromString
CoWaitForMultipleHandles
CoTaskMemFree
IIDFromString
CoCreateGuid
StringFromGUID2
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
RoOriginateErrorW
RoOriginateError

websocket

WebSocketReceive
WebSocketCreateServerHandle
WebSocketDeleteHandle
WebSocketCompleteAction
WebSocketBeginServerHandshake
WebSocketEndServerHandshake
WebSocketSend
WebSocketGetAction

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
GetTokenInformation
IsValidSid
FreeSid
ImpersonateLoggedOnUser
DuplicateToken
DuplicateTokenEx
AllocateAndInitializeSid
RevertToSelf
AdjustTokenPrivileges

sspicli

LogonUserExExW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
MoveFileW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
GetCurrentDirectoryW

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW

api-ms-win-core-file-l2-1-0

MoveFileExW

rpcrt4

UuidFromStringW
RpcStringFreeW
UuidToStringW
UuidCreate

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

userenv

LoadUserProfileW
DeriveAppContainerSidFromAppContainerName
UnloadUserProfile

profapi

ord102
ord101

api-ms-win-core-console-l2-1-0

GenerateConsoleCtrlEvent

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW
K32EnumProcesses

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadResource
LockResource

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery
DevFreeObjectProperties
DevCreateObjectQuery
DevGetObjectProperties

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StopTraceW
StartTraceW
ControlTraceW

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromId
PackageIdFromFullName
PackageFamilyNameFromFullName
GetPackageFullName

api-ms-win-core-debug-minidump-l1-1-0

MiniDumpWriteDump

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
SetComputerNameExW

devobj

DevObjGetClassDevs
DevObjEnumDeviceInfo
DevObjDestroyDeviceInfoList
DevObjCreateDeviceInfoList

api-ms-win-devices-config-l1-1-1

CM_Get_Device_IDW
CM_Get_DevNode_Status
CM_Get_DevNode_Registry_PropertyW
CM_Get_Parent

dhcpcsvc

DhcpEnableDhcp
Dhcpv4EnableDhcpEx

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

nsi

NsiSetAllParameters
NsiFreeTable
NsiAllocateAndGetTable

windowsperformancerecordercontrol

WPRCCreateInstanceUnderInstanceName

deviceassociation

DafCreateAssociationContext
DafStartEnumCeremonies
DafStartRemoveAssociation
DafStartFinalize
DafCreateAssociationContextFromOobBlob
DafSelectCeremony
DafStartWriteCeremonyData
DafCloseAssociationContext
DafStartReadCeremonyData

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

dxgi

CreateDXGIFactory1

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFullNameFromToken

api-ms-win-core-processthreads-l1-1-3

GetProcessInformation

api-ms-win-dx-d3dkmt-l1-1-0

D3DKMTQueryStatistics

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-eventing-tdh-l1-1-0

TdhGetEventInformation

api-ms-win-security-credentials-l1-1-0

CredWriteW

Sections

.text
Size: 952KB - Virtual size: 951KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 404KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

912919246b7d4e917d5ea76378f11058

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-downlevel-kernel32-l1-1-0

api-ms-win-downlevel-ole32-l1-1-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-2-1

oleaut32

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-core-l1-1-0

ws2_32

iphlpapi

crypt32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-security-cryptoapi-l1-1-0

httpapi

api-ms-win-appmodel-unlock-l1-1-0

dnsapi

powrprof

xmllite

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-job-l2-1-0

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-io-l1-1-1

ntdll

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

websocket

api-ms-win-core-io-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-security-base-l1-1-0

sspicli

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-file-l2-1-0

rpcrt4

api-ms-win-core-timezone-l1-1-0

userenv

profapi

api-ms-win-core-console-l2-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-devices-query-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-shcore-stream-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-core-debug-minidump-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-sysinfo-l1-2-0

devobj

.text
Size: 952KB - Virtual size: 951KB

.rdata
Size: 315KB - Virtual size: 314KB

.data
Size: 14KB - Virtual size: 17KB

.pdata
Size: 36KB - Virtual size: 36KB

.didat
Size: 512B - Virtual size: 272B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 404KB - Virtual size: 744KB