faf3615952a38683e1d9c23d45ae110b[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

faf3615952a38683e1d9c23d45ae110b.exe
Size

3.5MB
MD5

faf3615952a38683e1d9c23d45ae110b
SHA1

cfb0d11b46b33fd8be8dcdc00a7bb36c08f06d9c
SHA256

e407dea2469954515ddcc24910a7a93fc8eba3109742b0e3db334865e7195be3
SHA512

f2c2caab44f5bc87b7ca9122f033323e7ae293ff86ff3a99c7d133c053055cd551d6254e8976a06df13b88fb7921606057b9f3c1bd8cfdfd2f0126d1a084ff06
SSDEEP

49152:5JxkjLNO73TDFvOTt8FkM7JsDy2U8TGSzqCd0IFOvmJNSX1Lrw/:5OuGen7JghZNC1rw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faf3615952a38683e1d9c23d45ae110b.exe

Files

faf3615952a38683e1d9c23d45ae110b.exe
.exe windows:6 windows x64 arch:x64

e8e345354e3bec735f191cdb7da1839d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtQuerySystemInformation
RtlGetVersion
NtQueryInformationProcess
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
NtReadFile
NtWriteFile

kernel32

WakeConditionVariable
GetSystemInfo
WaitForSingleObject
HeapReAlloc
ReleaseSRWLockExclusive
LocalFree
SetFileCompletionNotificationModes
GetUserPreferredUILanguages
GetComputerNameExW
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetCommandLineW
GetLastError
SetFilePointerEx
SetHandleInformation
GetModuleHandleA
CompareStringOrdinal
GetFullPathNameW
CloseHandle
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
TryAcquireSRWLockExclusive
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessW
GetCurrentProcess
WaitForSingleObjectEx
GetCurrentProcessId
CreateMutexA
WakeAllConditionVariable
CreateThread
SleepEx
ReadFileEx
WriteFileEx
GetCurrentThread
GetModuleHandleW
FormatMessageW
GetEnvironmentVariableW
ExitProcess
QueryPerformanceCounter
FreeLibrary
GetProcAddress
CreateNamedPipeW
GetSystemTimeAsFileTime
FindNextFileW
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
GetFileAttributesW
DuplicateHandle
AddVectoredExceptionHandler
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
ReadProcessMemory
GetTickCount64
GlobalMemoryStatusEx
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
FindClose
SetThreadStackGuarantee
SwitchToThread
SleepConditionVariableSRW
PostQueuedCompletionStatus
AcquireSRWLockExclusive
ReleaseMutex
GetLogicalDrives
GetDiskFreeSpaceExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
QueryPerformanceFrequency
GetCurrentDirectoryW
InitializeSListHead
GetEnvironmentStringsW
SetLastError
LoadLibraryExA
LoadLibraryExW
IsDebuggerPresent
GetModuleFileNameW
DeviceIoControl
OpenProcess
GetVolumeInformationW
VirtualQueryEx
GetDriveTypeW

secur32

LsaFreeReturnBuffer
LsaEnumerateLogonSessions
LsaGetLogonSessionData
AcquireCredentialsHandleA
GetUserNameExW
QueryContextAttributesW
FreeCredentialsHandle
FreeContextBuffer
ApplyControlToken
EncryptMessage
DecryptMessage
InitializeSecurityContextW
AcceptSecurityContext
DeleteSecurityContext

crypt32

CertDuplicateCertificateChain
CertOpenStore
CryptUnprotectData
CertGetCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertDuplicateStore
CertFreeCertificateChain
CertCloseStore
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext

user32

EnumDisplayMonitors
GetMonitorInfoW
EnumDisplaySettingsExW

gdi32

DeleteObject
GetObjectW
GetDIBits
StretchBlt
SetStretchBltMode
SelectObject
CreateCompatibleDC
DeleteDC
GetDeviceCaps
CreateDCW
CreateCompatibleBitmap

advapi32

GetTokenInformation
IsValidSid
OpenProcessToken
SystemFunction036
GetLengthSid
CopySid
RegCloseKey
GetUserNameW
LookupAccountSidW
RegQueryValueExW
RegOpenKeyExW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx

pdh

PdhRemoveCounter
PdhOpenQueryA
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCloseQuery

ws2_32

getaddrinfo
freeaddrinfo
WSAStartup
WSAGetLastError
connect
closesocket
WSASocketW
WSACleanup
shutdown
ioctlsocket
setsockopt
recv
WSAIoctl
bind
getpeername
getsockopt
getsockname
send
WSASend

bcrypt

BCryptGenRandom

shell32

CommandLineToArgvW

psapi

GetPerformanceInfo
GetModuleFileNameExW

iphlpapi

FreeMibTable
GetIfEntry2
GetIfTable2
GetAdaptersAddresses

netapi32

NetUserGetLocalGroups
NetUserEnum
NetUserGetInfo
NetApiBufferFree

powrprof

CallNtPowerInformation

oleaut32

SysStringLen
VariantClear
SysFreeString
SysAllocString
GetErrorInfo

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
memmove
memcpy
memcmp
memset

api-ms-win-crt-string-l1-1-0

wcslen
strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr
round
roundf

api-ms-win-crt-heap-l1-1-0

free
realloc
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
__p___argv
terminate
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
_set_app_type
exit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 831KB - Virtual size: 830KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8e345354e3bec735f191cdb7da1839d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

secur32

crypt32

user32

gdi32

advapi32

ole32

pdh

ws2_32

bcrypt

shell32

psapi

iphlpapi

netapi32

powrprof

oleaut32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 831KB - Virtual size: 830KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 33KB - Virtual size: 33KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 831KB - Virtual size: 830KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 33KB - Virtual size: 33KB

.reloc
Size: 20KB - Virtual size: 19KB