f32782535449213073bbfa8112483a8fe72de5eaf604a17fce9c2f2be80c15a3

Sharing

Copy URL Twitter E-mail

General

Target

f32782535449213073bbfa8112483a8fe72de5eaf604a17fce9c2f2be80c15a3
Size

6.9MB
MD5

30cd6999b899bf4105a9a31f6743059d
SHA1

1e52c7fb2805682b58a35c78b906c79f6991d298
SHA256

f32782535449213073bbfa8112483a8fe72de5eaf604a17fce9c2f2be80c15a3
SHA512

c94159d21222a3c1739dc4a920b4776d6218dc962cf963b3f07a878016100613e0b7a988dce0ee93d017c5acca444d5147f5adafedfb6b46f0cd6d755528e465
SSDEEP

196608:8Z1Fd33342cdqcGecoTIkqhFcy3mXBTjbYfw:H3GToTDq9Zfw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f32782535449213073bbfa8112483a8fe72de5eaf604a17fce9c2f2be80c15a3

Files

f32782535449213073bbfa8112483a8fe72de5eaf604a17fce9c2f2be80c15a3
.exe windows:6 windows x64 arch:x64

1d32d99ffb7e264a3838d731f4416e23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
LoadLibraryExW
VerifyVersionInfoW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
RemoveDirectoryW
WriteFile
GetTempPathW
DecodePointer
CloseHandle
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
Sleep
TerminateProcess
GetExitCodeProcess
OpenProcess
GetModuleFileNameW
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
FreeLibrary
GlobalUnlock
GlobalLock
LocalAlloc
LocalFree
MulDiv
SetDllDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetModuleFileNameExW
SetThreadLocale
SetThreadUILanguage
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileSizeEx
SetFilePointer
SetLastError
CreateEventW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
UnregisterWaitEx
FormatMessageA
MoveFileW
RegisterWaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
SetSearchPathMode
SetEndOfFile
GlobalAlloc
VerSetConditionMask
HeapSize
GetProcessHeap
SetEnvironmentVariableW
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetFileAttributesExW
ReadFile
SetFileAttributesW
ReleaseMutex
CreateMutexW
GetSystemTime
SystemTimeToFileTime
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
GetCurrentProcess
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFileTime
TzSpecificLocalTimeToSystemTime
ExitProcess
GetStdHandle
HeapFree
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
GetFullPathNameW
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW

comdlg32

PrintDlgW

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97.9MB - Virtual size: 97.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d32d99ffb7e264a3838d731f4416e23

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

oleaut32

Sections

.text Size: 401KB - Virtual size: 400KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 6KB - Virtual size: 29KB

.pdata Size: 22KB - Virtual size: 21KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 97.9MB - Virtual size: 97.9MB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 401KB - Virtual size: 400KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 6KB - Virtual size: 29KB

.pdata
Size: 22KB - Virtual size: 21KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 97.9MB - Virtual size: 97.9MB

.reloc
Size: 3KB - Virtual size: 3KB