7411e24035d6246cfb5b18de8286441f

Sharing

Copy URL Twitter E-mail

General

Target

7411e24035d6246cfb5b18de8286441f
Size

379KB
MD5

7411e24035d6246cfb5b18de8286441f
SHA1

9400a53a5935d8675e5fe037fba350f245f23cef
SHA256

a358cfb546f35f1edc984a6238950ad586e076a53a5369886c74b48f47616b5e
SHA512

bb924094e1b28e77fc11beb160621dbfa2e18af200fa7b8ab28c994765bfc7b9157c2d46afe4aa9facd4e306d3fb755a10bde702493f0a08dd1289f75627356f
SSDEEP

6144:TVZG7F4hns092mh5piiVeIbuOBvaD1d/CMf3s730cuUySiuGsvB0YyUEZuSXUGBn:TG4hns0920piiVlbXaDnd3sj0cBQYefB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7411e24035d6246cfb5b18de8286441f

Files

7411e24035d6246cfb5b18de8286441f
.exe windows:6 windows x86 arch:x86

8bd70cc11212d7a8589358c2a54c1825

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
CreateFileA
VerifyVersionInfoA
VerSetConditionMask
FormatMessageW
GetSystemTimeAsFileTime
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
WideCharToMultiByte
MultiByteToWideChar
Sleep
GetTickCount
QueryPerformanceCounter
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
GetLastError
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
CreateRemoteThread
GetConsoleWindow
GetCurrentProcessId
VirtualAllocEx
CloseHandle
Process32Next
CopyFileA
CreateToolhelp32Snapshot
OpenProcess
WriteProcessMemory
Process32First
SetLastError

user32

ShowWindow

advapi32

CryptEncrypt
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegSetValueExA
OpenProcessToken
CryptDestroyHash
CryptImportKey
CryptDestroyKey
CryptAcquireContextA

msvcp140

?_Xlength_error@std@@YAXPBD@Z

ws2_32

WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
send
WSACreateEvent
WSACloseEvent
ntohl
gethostname
WSAGetLastError
recv
bind
connect
getpeername
ioctlsocket
WSAEventSelect
recvfrom
getsockname
getsockopt
freeaddrinfo
htons
sendto
getaddrinfo
ntohs
setsockopt
listen
htonl
socket
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError

wldap32

ord32
ord33
ord27
ord200
ord41
ord22
ord50
ord45
ord143
ord217
ord35
ord79
ord301
ord30
ord60
ord211
ord26
ord46

crypt32

CertFindExtension
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertGetNameStringA
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx

normaliz

IdnToAscii

vcruntime140

__current_exception
__current_exception_context
_except_handler4_common
strstr
__std_exception_destroy
__std_exception_copy
memset
memcpy
strchr
memmove
strrchr
memchr
_CxxThrowException

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
realloc
calloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fopen_s
__stdio_common_vsprintf
fread
_open
_close
_write
_read
fwrite
__p__commode
_set_fmode
fclose
fputs
feof
_lseeki64
fseek
fgets
fopen
__stdio_common_vsscanf
fputc
fflush
ftell

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_seh_filter_exe
_configure_narrow_argv
_controlfp_s
__sys_nerr
_getpid
_beginthreadex
_initialize_onexit_table
_initialize_narrow_environment
terminate
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
strerror
_errno
_get_initial_narrow_environment
_exit
exit
_initterm_e
_invalid_parameter_noinfo_noreturn
_set_app_type
_initterm

api-ms-win-crt-string-l1-1-0

strncpy
strpbrk
tolower
strcspn
_strdup
strncmp
strspn
isupper

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

wcstombs
strtoll
strtoul
strtol
atoi

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_access
_stat64
_unlink

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bd70cc11212d7a8589358c2a54c1825

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

ws2_32

wldap32

crypt32

normaliz

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 307KB - Virtual size: 307KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 307KB - Virtual size: 307KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB