599835bfcab59d91eea79a4357c7d92f

Sharing

Copy URL Twitter E-mail

General

Target

599835bfcab59d91eea79a4357c7d92f
Size

506KB
MD5

599835bfcab59d91eea79a4357c7d92f
SHA1

d8c95584fbdd531c125bb7d941505e31ac22964b
SHA256

695e850c625030e6af3bc1714f6a37598b8674bff38e2e99fb457e048081abd1
SHA512

3daaebcdd69526d938267851efad58e4c907ea5cf2054b24d17a77023a5dddad3738be1e4a20601fbf40179aaf3f6f2365365ae17afbf14dd6cf5a7f7da9b0ac
SSDEEP

6144:2FIwEHYuGXDyaMDH/P8DZkhLs3dr7lrZmQ2vwWDa3PabAwRgWwfVat/u3lJEG1og:0xuN/8CgtBh2ha0UOtG1OGvZ0To

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
599835bfcab59d91eea79a4357c7d92f

Files

599835bfcab59d91eea79a4357c7d92f
.exe windows:4 windows x86 arch:x86

1ef9b8d25b66ee283c45ce55a074825c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

RsopFileAccessCheck

kernel32

LocalReAlloc
GlobalAlloc
LockResource
FindClose
GetSystemDefaultUILanguage
FreeResource
SetUnhandledExceptionFilter
GetFullPathNameW
ResetEvent
FormatMessageW
GetModuleFileNameW
DisableThreadLibraryCalls
GetFileAttributesW
LoadLibraryW
GetVolumeInformationW
FindResourceW
UnhandledExceptionFilter
GetModuleHandleA
TerminateProcess
FindResourceExW
GetCurrentProcessId
TlsSetValue
WideCharToMultiByte
lstrcpyA
SetErrorMode
InterlockedIncrement
InterlockedCompareExchange
ExpandEnvironmentStringsW
LoadResource
InitializeCriticalSectionAndSpinCount
GetDriveTypeW
lstrlenW
SetLastError
GetShortPathNameW
GetVersionExA
lstrcpyW
GetCurrentThreadId
FreeLibrary
GetUserDefaultLCID
GetTickCount
TlsFree
FindFirstFileW
TlsGetValue
lstrlenA
SizeofResource
GetLocaleInfoW
GetACP
LeaveCriticalSection
GlobalUnlock
CloseHandle
GlobalLock
WaitForSingleObject
InterlockedExchange
InterlockedDecrement
FindResourceA
GetLastError
lstrcmpiW
FindNextFileW
GetCurrentProcess
MulDiv
GetProfileStringW
QueryPerformanceCounter
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalSize
TlsAlloc
GlobalReAlloc
FreeLibraryAndExitThread
MultiByteToWideChar
CreateFileW
DelayLoadFailureHook
CreateEventW
GetProcessVersion
LoadLibraryA
lstrcpynW
DeleteFileW
LocalFree
LocalAlloc
lstrcmpW
GetModuleHandleW
DeleteCriticalSection
GetTempFileNameW
CreateThread
SetEvent
GetSystemTimeAsFileTime
GetProcAddress
EnterCriticalSection
GlobalFree

mswsock

AcceptEx
GetAcceptExSockaddrs

rpcrt4

I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcBindingFree
RpcEpResolveBinding
RpcStringFreeW
NdrClientCall2
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW

dnsapi

DnsReplaceRecordSetW

ntdll

_vsnwprintf
memmove
wcslen
_wcsicmp
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
NtQueryVirtualMemory
RtlIsNameLegalDOS8Dot3
_chkstk
RtlUnwind
NtAllocateVirtualMemory
RtlUnicodeToMultiByteSize

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 475KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ef9b8d25b66ee283c45ce55a074825c

Headers

File Characteristics

Imports

userenv

kernel32

mswsock

rpcrt4

dnsapi

ntdll

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 920KB

.rdata Size: 17KB - Virtual size: 16KB

.rsrc Size: 475KB - Virtual size: 476KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 920KB

.rdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 475KB - Virtual size: 476KB