safeword_00000000001B0000-PE[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

safeword_00000000001B0000-PE.bin
Size

53KB
MD5

36b4026e7fbaa1d781f54073b6f1ad72
SHA1

2c456285dc1b18ba2bccc5c42f4e0ce497011a64
SHA256

73ee3d882359ec2e4bb7d3fef72d6b03aa33f49421e04abe9df84f4936d38c67
SHA512

d879e68d43af0c26168273bc1f90353b093836d6794135cf8e2747124ff564993e283ff3a0c83cf6d526e327dc60232ad4f5765fbbb9d5f81d4903fe48e79aad
SSDEEP

1536:yrPWKDvnVM9hb5voCGAWsBCcqzDlzu9uMYQP2nI:+/VMX5mAWsBf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
safeword_00000000001B0000-PE.bin

Files

safeword_00000000001B0000-PE.bin
.exe windows:5 windows x64 arch:x64

aff8ef071bd251717da486855b7bbd7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wininet

InternetReadFile
InternetSetOptionW
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoA
InternetQueryOptionW

ws2_32

htonl
ntohl
htons
WSAStartup
WSASocketW
closesocket
WSACleanup
ntohs
WSAIoctl

crypt32

CertGetCertificateContextProperty
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertFreeCertificateChain
CryptStringToBinaryA
CryptBinaryToStringA

msvcrt

toupper
free
calloc
rand
_time64
fopen
fclose
memset
fwrite
atol
malloc
strncmp
exit
strrchr
srand
vfprintf
_vsnprintf
_initterm
_fdopen
abort
wcsncmp
memcmp
memcpy

kernel32

MultiByteToWideChar
LoadLibraryA
FreeLibrary
GetCommandLineA
SetLastError
RtlUnwindEx
TlsAlloc
TlsGetValue
CreateFileA
VirtualAlloc
LoadLibraryExW
TlsFree
CloseHandle
GetLocalTime
ExitProcess
GetLogicalDrives
MoveFileA
GetFileSizeEx
FindFirstFileA
GetCurrentProcess
WriteFile
TerminateProcess
FindNextFileA
CreatePipe
GetFullPathNameA
FindClose
GetCurrentDirectoryA
OpenProcess
SetCurrentDirectoryA
CreateToolhelp32Snapshot
ProcessIdToSessionId
Sleep
CopyFileA
GetLastError
GetFileAttributesA
Process32NextW
VirtualFree
FileTimeToSystemTime
DeleteFileA
Process32FirstW
GetStartupInfoA
RemoveDirectoryA
SystemTimeToTzSpecificLocalTime
CreateProcessA
CreateDirectoryA
ReadFile
PeekNamedPipe
WaitForSingleObject
GetModuleFileNameA
GetOEMCP
GetModuleHandleA
GetACP
GetVersionExA
GetProcAddress
GetCurrentProcessId
GetComputerNameA
TlsSetValue

advapi32

CryptDestroyKey
CryptGetHashParam
CryptImportKey
CryptSetKeyParam
OpenProcessToken
CryptDestroyHash
CryptSetHashParam
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountSidA
DuplicateTokenEx
GetTokenInformation
AllocateAndInitializeSid
GetUserNameA
FreeSid
CheckTokenMembership
CryptReleaseContext
CryptAcquireContextW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aff8ef071bd251717da486855b7bbd7e

Headers

DLL Characteristics

File Characteristics

Imports

wininet

ws2_32

crypt32

msvcrt

kernel32

advapi32

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 280B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 280B