3847886d10d5647ea649f4e87a9476c8

Sharing

Copy URL

Twitter E-mail

General

Target

3847886d10d5647ea649f4e87a9476c8
Size

155KB
MD5

3847886d10d5647ea649f4e87a9476c8
SHA1

10f3fc2f48e0a7c2e90cfa8de92debccd9825754
SHA256

5246d38d30d0e20f790cdf2b8bd9142569e5d7606eea805cc480a4d1dc264bf7
SHA512

5529a56dcb820fea9c8e2ea66b02b67ab47e82b526c1f3cd8ccda78969b13dd3415fb2dbd558e2153a9634b0f80d785ef51e188caf036be090481b948bec8daa
SSDEEP

3072:iCtcxno6BV+CXuTN0RtM7IT4sMAVwz8DKbeu:0xoE+6QWRtM2M/gKCu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3847886d10d5647ea649f4e87a9476c8

Files

3847886d10d5647ea649f4e87a9476c8
.exe windows:6 windows x64 arch:x64

959a83047e80ab68b368fdb3f4c6e4ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
CreateFileW
WriteConsoleW
GetProcAddress
OpenProcess
GetModuleHandleA
DuplicateHandle
GetCurrentProcess
ConnectNamedPipe
CreateThread
CloseHandle
GetCurrentThread
WaitForSingleObject
CreateNamedPipeW
ReadFile
GetProcessHeap
HeapAlloc
GetLastError
HeapFree
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
WideCharToMultiByte
GetFileType
LCMapStringW
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW

user32

SetProcessWindowStation
CloseDesktop
GetUserObjectInformationW
SetUserObjectSecurity
GetUserObjectSecurity
OpenWindowStationW
CloseWindowStation
GetProcessWindowStation
OpenDesktopW
wsprintfW

advapi32

AddAccessAllowedAce
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
EqualSid
CloseServiceHandle
OpenSCManagerW
CreateProcessWithTokenW
ImpersonateLoggedOnUser
OpenProcessToken
CreateProcessAsUserW
OpenServiceW
DuplicateTokenEx
QueryServiceStatusEx
GetTokenInformation
ImpersonateNamedPipeClient
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AllocateAndInitializeSid
CopySid
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid

ole32

CoTaskMemAlloc
CoInitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoGetInstanceFromIStorage
CoUninitialize
CLSIDFromString

rpcrt4

RpcServerRegisterIf2
RpcEpRegisterA
RpcImpersonateClient
NdrServerCall2
NdrServerCallAll
RpcServerInqBindings
RpcServerUseProtseqEpA
RpcServerListen
RpcServerRegisterAuthInfoA

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

959a83047e80ab68b368fdb3f4c6e4ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

ntdll

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB