5710722f31396333fac0a850f2fa2a27

Sharing

Copy URL Twitter E-mail

General

Target

5710722f31396333fac0a850f2fa2a27
Size

1.6MB
MD5

5710722f31396333fac0a850f2fa2a27
SHA1

4374d8c7fdc4681446b351d40cd18b395a15356b
SHA256

a4fef977fe47bdc30d10b02cf76508d6763f6d79666e0827b26174e60d1739c5
SHA512

c265bcbc5e78c35eedd5b074d4c254a20c3a617c8c112dd994611013cd85baf483e7c64957240254d3df68a666a043383fe351752fe13d59c08a17617e7b3dd8
SSDEEP

24576:oLN84TOh9s204EFCS20MtVNkJMcHagjBc2RZe/KXplFFdCpcJNd5sG:O2r1ENkFGa0e/KZlFbE8a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5710722f31396333fac0a850f2fa2a27

Files

5710722f31396333fac0a850f2fa2a27
.exe windows:6 windows x64 arch:x64

12b248a92dfd2a05450230cd2559dbd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
FreeSid
AllocateAndInitializeSid
CloseServiceHandle
StartServiceW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegSetKeySecurity
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
ChangeServiceConfigW
ControlService
CreateServiceW
ChangeServiceConfig2W
RegisterServiceCtrlHandlerW
SetServiceStatus
QueryServiceConfigW
DeleteService
CheckTokenMembership
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
CryptReleaseContext
CryptAcquireContextW
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
TraceMessage
CryptGenRandom

kernel32

GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetSystemDefaultUILanguage
LocalAlloc
LocalFree
SetEnvironmentVariableW
HeapSetInformation
GetCommandLineW
GetModuleHandleExW
EncodePointer
FreeLibrary
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CloseHandle
CreateFileW
DeviceIoControl
MultiByteToWideChar
GetVersionExA
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetCurrentProcess
LoadLibraryW
GetModuleHandleW
SetLastError
CreateEventW
CreateTimerQueueTimer
GetVersionExW
VirtualProtect
SleepEx
Sleep
GetFileAttributesW
EnumUILanguagesW
DeleteTimerQueueTimer
WaitForSingleObject
GetCurrentThreadId
SetEvent
GetSystemTimeAsFileTime
GetModuleFileNameW
lstrlenW
VirtualQuery
ReleaseSemaphore
RaiseException
FreeLibraryAndExitThread
GetCurrentThread
SetThreadPriority
CreateThread
CreateSemaphoreW
DeleteFileW
MoveFileExW
WriteFile
LoadLibraryExW
GetTempFileNameW
FindResourceExW
LoadResource
LockResource
SizeofResource
ResetEvent
GetTempPathW
UnregisterWaitEx
GlobalFree
GetNativeSystemInfo
RegisterWaitForSingleObject
GetTimeZoneInformation
GetUserDefaultLCID
WaitForMultipleObjects
ReadFile
GetFileSizeEx
SetFilePointerEx
CreateTimerQueue
DeleteTimerQueueEx
GetVersion
RtlDeleteFunctionTable
GetSystemInfo
VirtualAlloc
RtlInstallFunctionTableCallback
VirtualFree
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
GetProcessHeap
HeapFree
HeapAlloc
DecodePointer

msvcrt

memset
memcpy
_XcptFilter
_onexit
_lock
__dllonexit
_unlock
isleadbyte
_commode
__setusermatherr
_amsg_exit
?terminate@@YAXXZ
free
calloc
isdigit
isxdigit
localeconv
__C_specific_handler
__getmainargs
ungetc
_isatty
_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
realloc
wcstombs
iswctype
ferror
malloc
wctomb
_initterm
_acmdln
exit
_cexit
_ismbblead
wcsstr
_itoa
_snprintf
_fmode
_iob
__mb_cur_max
__set_app_type
mbtowc
_wcslwr
_errno
towupper
wcsrchr
_stricmp
wcschr
_purecall
memmove
_wcsnicmp
_wcsicmp
_vsnwprintf
_exit
memcmp

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoSuspendClassObjects
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoSetProxyBlanket
CoRegisterPSClsid
CoCreateInstance

rpcrt4

NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
I_RpcMapWin32Status
UuidCreate
UuidToStringW
RpcStringFreeW
UuidFromStringW
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
NdrDllGetClassObject
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect

oleaut32

VariantInit
SysAllocString
SysStringLen
SysAllocStringLen
LoadTypeLi
RegisterTypeLi
VariantClear
SysFreeString
UnRegisterTypeLi

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

crypt32

CertVerifyCertificateChainPolicy

winhttp

WinHttpReadData
WinHttpQueryHeaders
WinHttpDetectAutoProxyConfigUrl
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpOpen
WinHttpSetStatusCallback
WinHttpSetOption
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpConnect
WinHttpSendRequest

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation
NtResetEvent
NtOpenFile
NtQueryValueKey
NtCreateEvent
NtWaitForSingleObject
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeString
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtClose
NtOpenKey
NtDeviceIoControlFile

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 404KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12b248a92dfd2a05450230cd2559dbd1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

ole32

rpcrt4

oleaut32

wintrust

version

crypt32

winhttp

ntdll

wtsapi32

userenv

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.orpc Size: 1024B - Virtual size: 828B

.data Size: 120KB - Virtual size: 120KB

.pdata Size: 21KB - Virtual size: 20KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 404KB - Virtual size: 1.1MB

.text
Size: 1.0MB - Virtual size: 1.0MB

.orpc
Size: 1024B - Virtual size: 828B

.data
Size: 120KB - Virtual size: 120KB

.pdata
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 404KB - Virtual size: 1.1MB