ac71b8fd39f707ead4f6e4a1d8aef860d4b1121dd038306055493a50684a368e

Sharing

Copy URL Twitter E-mail

General

Target

ac71b8fd39f707ead4f6e4a1d8aef860d4b1121dd038306055493a50684a368e
Size

1.5MB
MD5

5f65d343e76150a299475151a2ee2693
SHA1

4b5e4aef0f6daf8a273e31344f8223d4715842e9
SHA256

ac71b8fd39f707ead4f6e4a1d8aef860d4b1121dd038306055493a50684a368e
SHA512

8c7bc77d27a5356d2c1684e3e3eb21fcc0ed85249032b40cb1ee0a1c80a0fcd384997858b5968564027136533cc7fe16130f94dc8c61bab54abff9806ffff112
SSDEEP

24576:x4S6Xu0e3taqRLJoJCjkliTwQ9Ctw7cmVr+EucFc:xRgOaqxvwYTV9CtsFTFc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac71b8fd39f707ead4f6e4a1d8aef860d4b1121dd038306055493a50684a368e

Files

ac71b8fd39f707ead4f6e4a1d8aef860d4b1121dd038306055493a50684a368e
.exe windows:6 windows x64 arch:x64

0765e77aa78241ab0fa4e6650c4c713f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateThread
GetCurrentThreadId
FlushInstructionCache
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
MultiByteToWideChar
IsDebuggerPresent
OutputDebugStringW
HeapAlloc
HeapFree
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
GetCurrentProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObject
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
SetFilePointerEx
SetEvent
GetConsoleCP
LCMapStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetStartupInfoW
GetFileType
GetStdHandle
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
GetCommandLineW
GetModuleHandleExW
ExitProcess
GetConsoleMode
IsProcessorFeaturePresent
EncodePointer
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
LocalFree
WideCharToMultiByte
lstrlenA

user32

PostMessageW
CreatePopupMenu
DestroyMenu
GetMenuItemCount
InsertMenuW
AppendMenuW
SetForegroundWindow
MessageBoxW
FindWindowW
GetMessageW
TranslateMessage
LoadImageW
LoadIconW
FindWindowExW
GetWindowLongPtrW
GetCursorPos
GetWindowRect
GetClientRect
SetWindowTextW
EndPaint
BeginPaint
SetMenuDefaultItem
TrackPopupMenuEx
GetSubMenu
GetSystemMetrics
KillTimer
SetTimer
GetDlgItem
CreateDialogParamW
IsWindowVisible
ShowWindow
DestroyWindow
CallWindowProcW
PostQuitMessage
DefWindowProcW
SendMessageW
RegisterWindowMessageW
LoadCursorW
GetDesktopWindow
SetWindowLongPtrW
CharNextW
CharUpperW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
PostThreadMessageW
DispatchMessageW

advapi32

RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

ole32

CoCreateInstance
OleRun
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize

shell32

Shell_NotifyIconW

oleaut32

GetErrorInfo
VariantClear
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayGetVartype
VarBstrCat
VarBstrCmp
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi

gdi32

CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject
BitBlt

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0765e77aa78241ab0fa4e6650c4c713f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

gdi32

Sections

.text Size: 139KB - Virtual size: 139KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 9KB - Virtual size: 97KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 128KB - Virtual size: 127KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 139KB - Virtual size: 139KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 9KB - Virtual size: 97KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 128KB - Virtual size: 127KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB