a1d39e57ab6[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a1d39e57ab6.exe
Size

5.3MB
MD5

66f0860fb70a6fe282923e5f1836855f
SHA1

a3e3cca911440c8645c8902db957519e1385afc7
SHA256

46f35203b25b61dd16ab3c1c2b21efb950ce8e6cbcf967b78444c3972e5c7f04
SHA512

150f57439b082d9ad9dc999b2f938a91cb5c8775f8a2485a81bb5af52721f51b05975e8edcf00b3274a852b87485b9e10d256e1a5758463781bfa85719c4fd25
SSDEEP

49152:IwZQOgh36OhlpCDFiuOO8NJJ5WCCPetg+HoJcwH/Wxc52PZVjHQOu73QORB5v5uZ:TKLGPetSc7VC5CHSBUWeEelTk5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1d39e57ab6.exe

Files

a1d39e57ab6.exe
.exe windows:6 windows x64 arch:x64

05d8b91cc3b9c2aa44a194d2c4a28ac2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx

kernel32

GetFileInformationByHandle
IsProcessorFeaturePresent
Sleep
WakeAllConditionVariable
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetLastError
LoadLibraryA
GetProcAddress
GetCurrentProcess
HeapAlloc
InitializeSListHead
WakeConditionVariable
GetProcessHeap
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetModuleHandleA
GetCurrentThread
GetStdHandle
GetConsoleMode
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
WaitForSingleObject
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
GetFullPathNameW
FlushFileBuffers
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
GetSystemInfo
SetThreadStackGuarantee
AddVectoredExceptionHandler
GlobalLock
UnhandledExceptionFilter
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetExitCodeProcess
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
LoadLibraryExW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
CreateMutexA
WaitForSingleObjectEx
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
CopyFileExW
PostQueuedCompletionStatus
SetUnhandledExceptionFilter
GlobalAlloc
IsDebuggerPresent
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
LoadLibraryExA
FreeLibrary
TerminateProcess
CloseHandle
GetFinalPathNameByHandleW
SetLastError
SleepConditionVariableSRW
HeapReAlloc
ReleaseSRWLockExclusive
HeapFree
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SwitchToThread
SetFileInformationByHandle
GetModuleFileNameW
CreateFileW
EncodePointer
GlobalUnlock
RaiseException
GetFileAttributesW
InitializeCriticalSectionAndSpinCount
TlsAlloc
GlobalFree
TlsGetValue
TlsSetValue
TlsFree
FormatMessageW
ExitProcess

oleaut32

SysAllocStringLen
VariantClear
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SysFreeString
SafeArrayDestroy
SysStringLen
GetErrorInfo

ws2_32

accept
listen
bind
WSAGetLastError
setsockopt
WSASocketW
freeaddrinfo
WSAIoctl
getpeername
getsockopt
socket
ioctlsocket
closesocket
WSAStartup
WSACleanup
select
recv
send
WSASend
getaddrinfo
connect
getsockname
shutdown

crypt32

CertAddCertificateContextToStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertCloseStore
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CryptUnprotectData
CertGetCertificateChain
CertFreeCertificateChain

advapi32

FreeSid
CheckTokenMembership
RegQueryValueExW
SystemFunction036
AllocateAndInitializeSid
RegCloseKey
RegOpenKeyExW

user32

OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
GetMonitorInfoW
SetClipboardData
EnumDisplaySettingsExW
EnumDisplayMonitors

rstrtmgr

RmGetList
RmStartSession
RmRegisterResources

bcrypt

BCryptGenRandom

secur32

ApplyControlToken
EncryptMessage
DecryptMessage
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA
AcceptSecurityContext
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW

gdi32

StretchBlt
GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
DeleteDC
GetDeviceCaps
CreateDCW
DeleteObject
SelectObject
SetStretchBltMode

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket

api-ms-win-crt-math-l1-1-0

log
_dclass
roundf
exp2f
powf
truncf
__setusermatherr
ceil
pow

api-ms-win-crt-string-l1-1-0

strcpy_s
strcmp
strlen
wcsncmp
strcspn
strncmp

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
malloc
calloc
free
_msize

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_endthreadex
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm_e
exit
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_initterm
terminate
abort

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05d8b91cc3b9c2aa44a194d2c4a28ac2

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

oleaut32

ws2_32

crypt32

advapi32

user32

rstrtmgr

bcrypt

secur32

gdi32

ole32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 24KB - Virtual size: 28KB

.pdata Size: 81KB - Virtual size: 81KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 24KB - Virtual size: 28KB

.pdata
Size: 81KB - Virtual size: 81KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 34KB - Virtual size: 34KB