4613f087a[.]exe

Resubmissions

22/02/2024, 16:53

240222-vd492sdb73 7

Sharing

Copy URL Twitter E-mail

General

Target

4613f087a.exe
Size

5.3MB
MD5

211bbfa316523988e1a723a7990111c9
SHA1

587b31e084f23b5093f45610333e9d57ef427cb9
SHA256

a17f3b16dfca882c5ad9946d7660ce792c6cef69fdebc2675b727e6f7ad86f3b
SHA512

95e2bfaa271b5816a507fd4098935282b048c6ca1a67b019c417945ee0fc2b81c40e81c7913699c538bb71de5f5aa9e30affed4bf1b500990fd90e2781635343
SSDEEP

49152:Y02NylJBYhONtZkulXA/ICKzj0Zm2q18H/Wrc5lJwsK3GtLXPubtXzOW8g1dH9Q8:4y1Lj0ZmJ1gzL3WF918T1xUXsvQAIi5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4613f087a.exe

Files

4613f087a.exe
.exe windows:6 windows x64 arch:x64

2ea7d2ce0543409f531b6484d1a17101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx

kernel32

GetFileInformationByHandle
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
WakeAllConditionVariable
SleepConditionVariableSRW
SwitchToThread
SetLastError
GetFinalPathNameByHandleW
UnhandledExceptionFilter
TryAcquireSRWLockExclusive
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetModuleHandleA
GetCurrentThread
GetStdHandle
GetConsoleMode
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
SetFileInformationByHandle
FormatMessageW
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
GetFullPathNameW
FlushFileBuffers
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetModuleFileNameW
CreateFileW
AcquireSRWLockExclusive
InitializeSListHead
GlobalUnlock
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
GlobalAlloc
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
LoadLibraryExW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
CreateMutexA
WaitForSingleObjectEx
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
CopyFileExW
PostQueuedCompletionStatus
GlobalFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetCurrentProcess
GetProcAddress
LoadLibraryExA
FreeLibrary
LoadLibraryA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
IsDebuggerPresent
CloseHandle
FindClose
GlobalSize
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
HeapFree
SetFileCompletionNotificationModes
GlobalLock
Sleep
WakeConditionVariable
GetSystemInfo
EncodePointer
CreateNamedPipeW
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
ExitProcess

oleaut32

SysStringLen
SafeArrayDestroy
VariantClear
SysAllocStringLen
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SysFreeString
GetErrorInfo

ws2_32

setsockopt
WSAIoctl
getsockopt
connect
ioctlsocket
bind
listen
socket
getsockname
WSAGetLastError
getpeername
accept
closesocket
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
select
recv
WSASend
WSASocketW
send
shutdown

crypt32

CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertDuplicateStore
CertCloseStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CryptUnprotectData
CertEnumCertificatesInStore
CertDuplicateCertificateChain

advapi32

RegQueryValueExW
CheckTokenMembership
FreeSid
SystemFunction036
RegCloseKey
RegOpenKeyExW
AllocateAndInitializeSid

user32

EmptyClipboard
GetClipboardData
SetClipboardData
EnumDisplayMonitors
EnumDisplaySettingsExW
GetMonitorInfoW
CloseClipboard
OpenClipboard

bcrypt

BCryptGenRandom

secur32

ApplyControlToken
AcquireCredentialsHandleA
EncryptMessage
QueryContextAttributesW
DeleteSecurityContext
DecryptMessage
AcceptSecurityContext
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW

rstrtmgr

RmGetList
RmRegisterResources
RmStartSession

gdi32

GetDIBits
StretchBlt
SetStretchBltMode
SelectObject
GetObjectW
CreateCompatibleDC
DeleteDC
GetDeviceCaps
CreateDCW
CreateCompatibleBitmap
DeleteObject

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket

api-ms-win-crt-math-l1-1-0

_dclass
roundf
exp2f
powf
log
__setusermatherr
truncf
ceil
pow

api-ms-win-crt-string-l1-1-0

strncmp
strcpy_s
strcspn
strcmp
wcsncmp
strlen

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_set_new_mode
_msize
calloc

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_initterm
_beginthreadex
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
_endthreadex
_configure_narrow_argv
_set_app_type
abort
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

2ea7d2ce0543409f531b6484d1a17101

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

oleaut32

ws2_32

crypt32

advapi32

user32

bcrypt

secur32

rstrtmgr

gdi32

ole32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 24KB - Virtual size: 28KB

.pdata Size: 81KB - Virtual size: 81KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 24KB - Virtual size: 28KB

.pdata
Size: 81KB - Virtual size: 81KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 34KB - Virtual size: 34KB