7286e9587214b2cafa632d137b3a8b68

Sharing

Copy URL Twitter E-mail

General

Target

7286e9587214b2cafa632d137b3a8b68
Size

1.0MB
MD5

7286e9587214b2cafa632d137b3a8b68
SHA1

a62913308c0c032fc2635def83387766ff796504
SHA256

1431bb5b7bab6c7410d5bad7010bae719f8e49f50cf4e5b5523fc0274186f641
SHA512

54d1f0d8e65ed545ec7ac523eb096f99ffec6e375e1c776af2f0ac73475dac7f5dc76050dff275082e26f433635766a6d09dc081c839ac095a078af513cc3416
SSDEEP

12288:13A8stBVtfbJeFWurWG2F1vLYs5yoMYwRiXhYbeP7V57Dcot6:13A8WBVtf0vrr2F1DfMFBbeDXYT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7286e9587214b2cafa632d137b3a8b68

Files

7286e9587214b2cafa632d137b3a8b68
.exe windows:6 windows x64 arch:x64

8865b3b3ff662102f3c0a2618f9f36d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
CreateProcessA
GetLastError
GetModuleHandleA
CreateToolhelp32Snapshot
Process32Next
GetProcAddress
WideCharToMultiByte
SetEndOfFile
CreateFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
CreateMutexW
InitializeCriticalSectionEx
PeekNamedPipe
CreatePipe
WriteFile
GetCurrentProcess
SetLastError
HeapFree
GetModuleFileNameA
Process32First
ReadFile
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapQueryInformation
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
FlushFileBuffers
GetFileSizeEx
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
EncodePointer
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
HeapValidate
GetSystemInfo
ExitProcess
GetStdHandle
GetFileType
WriteConsoleW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
RtlUnwind

user32

GetDC
GetSystemMetrics
ReleaseDC

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
BitBlt

advapi32

GetCurrentHwProfileA

shell32

ShellExecuteA
ord680

gdiplus

GdipGetImageEncodersSize
GdipSaveImageToFile
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup

ws2_32

recv
gethostname
connect
socket
closesocket
htons
inet_addr
send
WSAStartup

Sections

.text
Size: 785KB - Virtual size: 785KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8865b3b3ff662102f3c0a2618f9f36d7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

gdiplus

ws2_32

Sections

.text Size: 785KB - Virtual size: 785KB

.rdata Size: 188KB - Virtual size: 188KB

.data Size: 9KB - Virtual size: 18KB

.pdata Size: 35KB - Virtual size: 35KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 785KB - Virtual size: 785KB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 9KB - Virtual size: 18KB

.pdata
Size: 35KB - Virtual size: 35KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB