3be4d99d668a029800b4522c4d0e25515fb68affc7b79db11dda29a816385c7e

Sharing

Copy URL Twitter E-mail

General

Target

3be4d99d668a029800b4522c4d0e25515fb68affc7b79db11dda29a816385c7e
Size

1.5MB
MD5

100aa8bd678609a138b750c9ba649ec4
SHA1

2a9ada8f4f1b5cb1d86515211d051e9e3aa0851b
SHA256

3be4d99d668a029800b4522c4d0e25515fb68affc7b79db11dda29a816385c7e
SHA512

573e3db7613146c62d9cc42533272d9bcc662176452146c46a8bf7629d14975fdc01724f93cabfbe122c8ca634702cb561e22a9a93185ce62b9e8cfd868d54d8
SSDEEP

24576:DBXkTP7ogjOrF7hsUM2R7u8reB+InKvdfhZBdZwOu0xalF2:ZkTDj27hsUJFgnK7ZZwGM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3be4d99d668a029800b4522c4d0e25515fb68affc7b79db11dda29a816385c7e

Files

3be4d99d668a029800b4522c4d0e25515fb68affc7b79db11dda29a816385c7e
.exe windows:6 windows x64 arch:x64

1c6725566fb8dead72ec59ce75f03765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ProcessIdToSessionId
Process32NextW
Process32FirstW
WTSGetActiveConsoleSessionId
CreateProcessW
GetExitCodeProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateDirectoryW
FindFirstFileExW
FindFirstFileExA
RemoveDirectoryW
FindNextFileA
GetFileAttributesW
GetFileAttributesA
GetLogicalProcessorInformation
GetProcAddress
GetSystemFirmwareTable
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
FindResourceExW
DecodePointer
HeapDestroy
GetStdHandle
LoadLibraryW
FreeLibrary
GetSystemDirectoryW
GetCurrentProcessId
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
SetFilePointerEx
GetFileAttributesExW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FindResourceW
GetFileType
GetCommandLineA
GetModuleHandleExW
LoadResource
CreateToolhelp32Snapshot
FreeResource
SizeofResource
QueueUserWorkItem
GetCurrentThreadId
ResetEvent
CreateThread
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
HeapAlloc
HeapFree
FlushFileBuffers
WideCharToMultiByte
GetWindowsDirectoryW
DeleteFileA
lstrcatW
OutputDebugStringW
FormatMessageW
MultiByteToWideChar
LocalAlloc
OutputDebugStringA
lstrcpynW
GetCommandLineW
LocalFree
Sleep
CreateEventW
WaitForSingleObject
SetEvent
MoveFileW
lstrcmpW
lstrcpyW
GetFileSize
CloseHandle
ReadFile
CreateFileA
GetLastError
CreateFileW
FindClose
SetFilePointer
ExitProcess
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryExW
GetThreadTimes
OpenProcess
TerminateProcess
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetFileSizeEx
GetCurrentProcess
LockResource
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
QueryPerformanceCounter
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
GetModuleFileNameW
WriteFile
lstrlenW
FindNextFileW
FindFirstFileW
RtlUnwind

user32

IsWindowVisible
FindWindowExW
GetWindow
GetWindowThreadProcessId
SendMessageW
TranslateMessage
GetMessageW
DispatchMessageW

advapi32

RegCreateKeyExW
RegGetValueW
RegCloseKey
OpenServiceW
CryptAcquireContextA
CryptDeriveKey
CryptReleaseContext
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
CreateProcessAsUserW
DuplicateTokenEx
CryptDestroyKey
CryptAcquireContextW
CryptDecrypt
CryptVerifySignatureW
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorDacl
OpenProcessToken
InitializeSecurityDescriptor
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
FreeSid

shell32

ShellExecuteExW
Shell_NotifyIconW

ole32

CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

iphlpapi

NotifyRouteChange2
CancelMibChangeNotify2
GetAdaptersInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpCrackUrl

ws2_32

WSAGetLastError
freeaddrinfo
listen
getaddrinfo
accept
bind
setsockopt
recv
socket
send
WSAStartup
closesocket
WSACleanup

crypt32

CryptImportPublicKeyInfo
CryptDecodeObjectEx

netapi32

NetApiBufferFree
NetUserGetInfo

userenv

DestroyEnvironmentBlock
GetUserProfileDirectoryW
CreateEnvironmentBlock
GetAllUsersProfileDirectoryW

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory

Sections

.text
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c6725566fb8dead72ec59ce75f03765

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

setupapi

winhttp

ws2_32

crypt32

netapi32

userenv

wtsapi32

Sections

.text Size: 298KB - Virtual size: 298KB

.rdata Size: 153KB - Virtual size: 152KB

.data Size: 6KB - Virtual size: 19KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 643KB - Virtual size: 643KB

.reloc Size: 400KB - Virtual size: 740KB

.text
Size: 298KB - Virtual size: 298KB

.rdata
Size: 153KB - Virtual size: 152KB

.data
Size: 6KB - Virtual size: 19KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 643KB - Virtual size: 643KB

.reloc
Size: 400KB - Virtual size: 740KB