974363863c927ca258a1f9c517b463b4

Sharing

Copy URL Twitter E-mail

General

Target

974363863c927ca258a1f9c517b463b4
Size

611KB
MD5

974363863c927ca258a1f9c517b463b4
SHA1

aec6edeb161cc1a07aad15958aaadc9d64b44ca8
SHA256

82a00c19940529e48cab1bef95d39ccd4266b9dccccfb447f1aefae831aaa0fe
SHA512

960bcaa56c19646d486caa010f3f4906b6cb32a28193acb9a6b3d956b1671ff60ef49f3d55077795b0e2d64577c44e84480201fd1fd532de524d461682adc3a8
SSDEEP

12288:du+clNsfCNc1r+yrztu+RwZ6EnvvvlZDaINqLwk:Jclqfh1rxrzZEXvXDrNqUk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
974363863c927ca258a1f9c517b463b4

Files

974363863c927ca258a1f9c517b463b4
.exe windows:6 windows x64 arch:x64

632b294abe7a89a845a649037a124b58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

P:\Target\x64\ship\dw\x-none\dwtrig20.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
RegOpenKeyExA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
EqualSid
CreateWellKnownSid
CopySid
AddAccessDeniedAce
AddAccessAllowedAce
OpenProcessToken

kernel32

SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapSize
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetStringTypeW
GetCurrentThread
GetFileType
HeapReAlloc
GetProcessHeap
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringW
LCMapStringW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
GetFileAttributesW
GetLongPathNameW
GetShortPathNameW
Sleep
CreateProcessW
GetSystemWindowsDirectoryW
GlobalAlloc
GlobalFree
lstrcmpiW
DecodePointer
FindResourceW
SizeofResource
LoadResource
GetShortPathNameA
InitializeCriticalSectionEx
GetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
lstrlenW
CreateMutexA
OpenMutexA
LocalAlloc
LocalFree
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetThreadTimes
GetModuleFileNameW
CreateEventW
WaitForSingleObject
SetEvent
FlushFileBuffers

ole32

StringFromIID
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoCreateGuid

oleaut32

LoadRegTypeLi
SysFreeString
SysAllocString
LoadTypeLi

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

632b294abe7a89a845a649037a124b58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

oleaut32

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 13KB - Virtual size: 15KB

.pdata Size: 8KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 400KB - Virtual size: 740KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 13KB - Virtual size: 15KB

.pdata
Size: 8KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 400KB - Virtual size: 740KB