264fc0a787809c70ae5620b3666ab8d17499f6590edf6cdedaa6f255ad3a0500

Sharing

Copy URL

Twitter E-mail

General

Target

264fc0a787809c70ae5620b3666ab8d17499f6590edf6cdedaa6f255ad3a0500
Size

675KB
MD5

13f57249bf200e4ba6609fbc2951f71a
SHA1

5d7a5f5a4c829380c19a43783ee19860bf0c67e0
SHA256

264fc0a787809c70ae5620b3666ab8d17499f6590edf6cdedaa6f255ad3a0500
SHA512

033ed297d4357626d85b781408f7130e77f036827db4b48b7241a758370bd1c1c2dfab73bf36f2a5d6b6ff7560dc208023b24bd56eb31a00a64bd35bfe6b21a4
SSDEEP

12288:0FEm0N6UDaP1kyMShjX5irx26G05jhJEttnsUw3VFcQldhGPXviOcd/j:Dm0YiLciUl05uSUYVGQVKDcd/j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
264fc0a787809c70ae5620b3666ab8d17499f6590edf6cdedaa6f255ad3a0500

Files

264fc0a787809c70ae5620b3666ab8d17499f6590edf6cdedaa6f255ad3a0500
.exe windows:5 windows x86 arch:x86

e1a985a1a5dddc73b5da6fe1e6ca99c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
TerminateThread
QueueUserAPC
WaitForSingleObject
SetEvent
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
InterlockedCompareExchange
VerSetConditionMask
VerifyVersionInfoA
Sleep
WideCharToMultiByte
MultiByteToWideChar
WriteFile
CreateFileA
GetTickCount
GetProcessHeap
HeapFree
HeapDestroy
HeapSize
HeapReAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
TlsFree
HeapAlloc
CloseHandle
CreateEventA
GetModuleFileNameA
CreateDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
EnterCriticalSection
SetFilePointerEx
SetEndOfFile
GetLocalTime
TerminateProcess
GetCurrentProcess
GlobalAddAtomA
ResetEvent
RaiseException
DecodePointer
SetCurrentDirectoryA
GetCurrentProcessId
ProcessIdToSessionId
CreateProcessA
OutputDebugStringA
GetCurrentThreadId
SetLastError
GetSystemTimeAsFileTime
ReleaseSemaphore
CreateSemaphoreA
GetSystemInfo
TlsGetValue
TlsSetValue
WaitForMultipleObjectsEx
GetProcAddress
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetFileAttributesA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
DeleteFileA
SetErrorMode
GetCurrentDirectoryA
GlobalFindAtomA
DeleteCriticalSection
InterlockedExchangeAdd
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
GetLastError
WaitForSingleObjectEx
TlsAlloc
CreateFileW
LoadLibraryW
WriteConsoleW
SetStdHandle
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetModuleFileNameW
MoveFileExW
InitializeSListHead
DuplicateHandle
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
GetStringTypeW
OpenEventA
ResumeThread
GetLogicalProcessorInformation
LocalFree
FormatMessageA
FreeLibrary
LoadLibraryA
LCMapStringW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
AreFileApisANSI
GetCommandLineA
RtlUnwind
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetModuleHandleW
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
GetStartupInfoW
CreateSemaphoreW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
ExitThread
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetCurrentThread
IsValidCodePage
GetACP
GetOEMCP
GetFileAttributesExW
ReadFile
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
GetConsoleCP
FlushFileBuffers
QueryPerformanceCounter

user32

LoadStringA

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges

shlwapi

PathRemoveFileSpecA
PathAddBackslashA
PathStripPathA
PathRemoveExtensionA
PathFileExistsA

ws2_32

bind
htons
ntohl
WSAGetLastError
WSAStringToAddressW
WSAAddressToStringW
setsockopt
WSASocketW
WSASendTo
WSASend
WSARecvFrom
select
ioctlsocket
closesocket
WSACleanup
WSAStartup
WSASetLastError
htonl

rpcrt4

UuidCreate

nettcp

NetTcpGetAddr
NetTcpStartup
NetTcpConnect
NetTcpSend
NetTcpCreate
NetTcpDestroy

netudp

NetUdpStartup

urlmon

URLDownloadToFileA

Sections

.text
Size: 503KB - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1a985a1a5dddc73b5da6fe1e6ca99c6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

ws2_32

rpcrt4

nettcp

netudp

urlmon

Sections

.text Size: 503KB - Virtual size: 503KB

.rdata Size: 109KB - Virtual size: 108KB

.data Size: 21KB - Virtual size: 31KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 503KB - Virtual size: 503KB

.rdata
Size: 109KB - Virtual size: 108KB

.data
Size: 21KB - Virtual size: 31KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 30KB