36b34b8e79662f1f7b38cf2c61f2192a

Sharing

Copy URL Twitter E-mail

General

Target

36b34b8e79662f1f7b38cf2c61f2192a
Size

678KB
MD5

36b34b8e79662f1f7b38cf2c61f2192a
SHA1

9416be6cf4199dc0dddd3e512ff8a3847e88d9a0
SHA256

f21ec91c6c59540b3f7efc74c2c8ae3101fd84fcb8d1364be6afe4349c1f1686
SHA512

5693d50e39a5eb1f004960fd3c25d98a5fc82fe4991b30cca32768e7a8c63217c845e83929c72c738b89f6a808d770a31eeea5c1eee4ad514492bb5132fd43ec
SSDEEP

12288:m8dZTfS73Xv/D80qhuiCUY4hqIUwgdEUlWUWo/nu91sPbT:mLLiC3jes

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36b34b8e79662f1f7b38cf2c61f2192a

Files

36b34b8e79662f1f7b38cf2c61f2192a
.exe windows:6 windows x64 arch:x64

61cdc4de4a2261e6ff58e4d87d02db18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA
FindActCtxSectionStringW
DeactivateActCtx
QueryActCtxW
LoadLibraryW
WaitForSingleObject
GetProcessHeap
WideCharToMultiByte
CloseHandle
SetLastError
SetEvent
GetCommandLineW
GetModuleHandleW
HeapSetInformation
GetCurrentThreadId
DeleteCriticalSection
HeapFree
DuplicateHandle
ResumeThread
GetModuleHandleExW
ActivateActCtx
CreateActCtxW
GetModuleFileNameW
GetProcAddress
LeaveCriticalSection
Sleep
EnterCriticalSection
DecodePointer
RaiseException
GetLastError
HeapAlloc
InitializeCriticalSectionEx
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetUnhandledExceptionFilter
LocalFree
GlobalFree
GlobalAlloc
LocalAlloc
SetErrorMode
MultiByteToWideChar
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
UnmapViewOfFile
HeapDestroy
HeapReAlloc
HeapSize
OpenMutexW
FreeLibraryAndExitThread
WaitForMultipleObjects
CreateThread
CreateEventW
OpenEventW
GlobalMemoryStatusEx
SetProcessWorkingSetSize
HeapCompact
K32GetProcessMemoryInfo
GetTickCount64
GetThreadTimes
TerminateProcess
GetCurrentProcess
CreateMutexW
GetCurrentProcessId
ReleaseMutex
VerifyVersionInfoW
VerSetConditionMask
LoadLibraryExW
FreeLibrary
OutputDebugStringW
IsDebuggerPresent

advapi32

EventUnregister
EventRegister
EventWriteTransfer
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA

ole32

CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoCreateGuid
CoUnmarshalInterface
CoRegisterClassObject
CoRegisterPSClsid
CoMarshalInterThreadInterfaceInStream
OleUninitialize
CoRevokeClassObject
CoInitialize
CoUninitialize
CoAddRefServerProcess
CoReleaseServerProcess
StringFromGUID2
CoResumeClassObjects
CoCreateInstance
OleInitialize
CoDisconnectObject

oleaut32

SafeArrayGetUBound
SafeArrayGetDim
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantInit
VariantClear
SafeArrayGetElement
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnlock
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysStringLen
SysFreeString
VarBstrCat
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayCopy
SafeArrayLock

vcruntime140

memcpy
_CxxThrowException
memchr
memcmp
__CxxFrameHandler3
__std_terminate
__C_specific_handler
_purecall
__std_exception_destroy
__std_exception_copy
memmove
memset
wcsstr
__C_specific_handler_noexcept

msvcp140

?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?exceptions@ios_base@std@@QEAAXH@Z
??7ios_base@std@@QEBA_NXZ
_Mtx_destroy_in_situ
_Query_perf_frequency
_Query_perf_counter
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Xbad_alloc@std@@YAXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_init_in_situ

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno
_crt_atexit
_register_onexit_function
_initialize_onexit_table
terminate
_configure_wide_argv
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initialize_wide_environment
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcscat_s
_wcsicmp
wcsncpy_s
tolower
_wcsnicmp
towlower
strncmp
strncpy_s
wcsncmp

api-ms-win-crt-stdio-l1-1-0

fclose
_get_stream_buffer_pointers
fputc
ungetc
fgetc
fread
fwrite
fgetpos
_fseeki64
fsetpos
__p__commode
setvbuf
fflush
_set_fmode
__stdio_common_vswprintf_s

api-ms-win-crt-convert-l1-1-0

wcstombs_s
_itow_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
__initialize_lconv_for_unsigned_char

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
CreateDCW
GetObjectW
GetDIBits

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61cdc4de4a2261e6ff58e4d87d02db18

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

vcruntime140

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

gdi32

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 9KB - Virtual size: 11KB

.pdata Size: 12KB - Virtual size: 11KB

.didat Size: 1024B - Virtual size: 568B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 400KB - Virtual size: 1.1MB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 9KB - Virtual size: 11KB

.pdata
Size: 12KB - Virtual size: 11KB

.didat
Size: 1024B - Virtual size: 568B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 400KB - Virtual size: 1.1MB