b2c719aa47679fcc50d7fd00aa863aef6f0f1b0c89106911effeb9bd68e697c8

Sharing

Copy URL Twitter E-mail

General

Target

b2c719aa47679fcc50d7fd00aa863aef6f0f1b0c89106911effeb9bd68e697c8
Size

678KB
MD5

014b116f8b9b13ec13c1491f609f67ba
SHA1

986d81939f064e38bf9d98d75184b0bb0293a324
SHA256

b2c719aa47679fcc50d7fd00aa863aef6f0f1b0c89106911effeb9bd68e697c8
SHA512

bbac8e3b4c931006a051ea2691e8a7288c17eac36053cf5f3cc24c6f39f59e51bf26e2029cbd8e9161ae38c0b4fde8dffd9ed59eee65577b0d3cb54b47772b19
SSDEEP

12288:6uAG7et9eCbmDGVAloQyfiI2B5/V4FuopyPFy78z4YiimVE8CyqUH:yp9JWGVVQyfzK5/iFhyO8z/iimF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2c719aa47679fcc50d7fd00aa863aef6f0f1b0c89106911effeb9bd68e697c8

Files

b2c719aa47679fcc50d7fd00aa863aef6f0f1b0c89106911effeb9bd68e697c8
.exe windows:5 windows x86 arch:x86

0e5ba0c95d065c6b0bcfb89021b320e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
TerminateProcess
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
CloseHandle
GetTickCount
LoadLibraryA
GetModuleFileNameA
GetTempPathA
DeleteFileA
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileA
EnterCriticalSection
FindNextFileA
LeaveCriticalSection
InitializeCriticalSection
FindClose
QueryPerformanceFrequency
QueryPerformanceCounter
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
HeapDestroy
GetProcAddress
WTSGetActiveConsoleSessionId
DecodePointer
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
IsDebuggerPresent
OutputDebugStringW
TryEnterCriticalSection
GetCurrentThreadId
GetCPInfo
EncodePointer
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SetEvent
WaitForSingleObjectEx
Sleep
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwind
ReadFile
ExitProcess
GetModuleHandleExW

shell32

ShellExecuteExA
SHGetFolderPathA

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

shlwapi

PathAppendA
PathFileExistsA

wtsapi32

WTSQueryUserToken

winhttp

WinHttpCrackUrl

ws2_32

getsockopt
getpeername
select
connect
closesocket
__WSAFDIsSet
setsockopt
recv
send
WSAStartup
WSACleanup
WSAGetLastError
WSASocketW
WSAStringToAddressA
getaddrinfo
freeaddrinfo
getnameinfo
ioctlsocket

Sections

.text
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

��G��u
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e5ba0c95d065c6b0bcfb89021b320e6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

advapi32

shlwapi

wtsapi32

winhttp

ws2_32

Sections

.text Size: 507KB - Virtual size: 507KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 21KB

��G��u Size: 16KB - Virtual size: 20KB

.text
Size: 507KB - Virtual size: 507KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB

��G��u
Size: 16KB - Virtual size: 20KB