975834dc7240d29dc71f51386e5cb9c726ec2b77cb8240ffcfafa1686f9754f1

Sharing

Copy URL Twitter E-mail

General

Target

975834dc7240d29dc71f51386e5cb9c726ec2b77cb8240ffcfafa1686f9754f1
Size

984KB
MD5

839a9235ac5befd4a046009b0d06f9c3
SHA1

ca0d61f94c0c3903ecc2def60ee74704fc840978
SHA256

975834dc7240d29dc71f51386e5cb9c726ec2b77cb8240ffcfafa1686f9754f1
SHA512

1bbd850afa5b557873f4ba24e7a25c4eacb828fa84a27a30265f53bb6f70d589572a3c5379cd31e6976423b2418126cc9b9febee328a916bdbb5bb27a175e8dd
SSDEEP

24576:0sUV7QTfy/42zYOqnENFhWYHvwl6++v3xR1IYFa4:uV7mqqnENmsS6+K31IYFa4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
975834dc7240d29dc71f51386e5cb9c726ec2b77cb8240ffcfafa1686f9754f1

Files

975834dc7240d29dc71f51386e5cb9c726ec2b77cb8240ffcfafa1686f9754f1
.exe windows:6 windows x86 arch:x86

8d896d8ea83fcaa63199b6f87069fdd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Code\2019\Bin\GeoAssistant.pdb

Imports

kernel32

GetQueuedCompletionStatus
InitializeCriticalSectionEx
FindClose
CreateMutexA
WaitForSingleObject
GetCurrentThreadId
lstrcatA
GetModuleHandleA
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
CreateEventW
MultiByteToWideChar
FormatMessageW
GetLastError
SetEvent
FileTimeToSystemTime
TerminateThread
LoadLibraryA
TlsAlloc
DeleteFileA
Process32Next
lstrcpyA
CloseHandle
RaiseException
FileTimeToLocalFileTime
QueueUserAPC
CreateWaitableTimerA
DecodePointer
GetProcAddress
LocalFree
DeleteCriticalSection
VerSetConditionMask
FreeLibrary
WideCharToMultiByte
SleepEx
TlsGetValue
TlsFree
CreateIoCompletionPort
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
LeaveCriticalSection
HeapSize
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
FindNextFileA
WaitForMultipleObjects
EnterCriticalSection
SetLastError
VerifyVersionInfoA
TlsSetValue
SetWaitableTimer
FindFirstFileA
HeapReAlloc
HeapFree
GetTimeZoneInformation
HeapAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetCommandLineA
WriteFile
ExitProcess
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleExW
ExitThread
VirtualQuery
GetSystemInfo
RtlUnwind
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
FindFirstFileExW
Process32First
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetExitCodeThread
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait

user32

GetWindow
MoveWindow
GetForegroundWindow
EnumDisplaySettingsA
GetTopWindow
GetMonitorInfoA
GetWindowTextA
IsWindow
ShowWindow
GetActiveWindow
GetClassNameA
GetSystemMetrics
MonitorFromWindow
GetDC
GetWindowRect
GetDesktopWindow

gdi32

GetDeviceCaps

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA

shell32

ShellExecuteExA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

GetErrorInfo
VariantClear
VariantChangeType
VariantCopy
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit

ws2_32

WSAAddressToStringW
WSACleanup
bind
htonl
ntohs
closesocket
WSASend
ntohl
shutdown
listen
WSASetLastError
WSASocketW
WSAStartup
getsockopt
WSAGetLastError
setsockopt
ioctlsocket
htons
WSARecv
getpeername

mswsock

GetAcceptExSockaddrs
AcceptEx

shlwapi

PathFileExistsA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 742KB - Virtual size: 742KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d896d8ea83fcaa63199b6f87069fdd6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

mswsock

shlwapi

iphlpapi

Sections

.text Size: 742KB - Virtual size: 742KB

.rdata Size: 168KB - Virtual size: 167KB

.data Size: 25KB - Virtual size: 30KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 742KB - Virtual size: 742KB

.rdata
Size: 168KB - Virtual size: 167KB

.data
Size: 25KB - Virtual size: 30KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 41KB - Virtual size: 41KB