d5301e2125a7f01361446ac66351294bc9a00fffa2882bf4ea5f493dac63a298[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d5301e2125a7f01361446ac66351294bc9a00fffa2882bf4ea5f493dac63a298.exe
Size

1.3MB
MD5

c215c363ee73de309559d2aa2ffe42bc
SHA1

5aad37ada12d308010b57682b0ec0af8513d45b2
SHA256

d5301e2125a7f01361446ac66351294bc9a00fffa2882bf4ea5f493dac63a298
SHA512

baa5e8878bb3b404e3616a07399bda290bccd57da47cb996708026bd5b4e443ce7c1a703d566cacf32ceac12c207db0b20871d256f54446b371bb6dd8c52fec7
SSDEEP

24576:rt8kNfsTEWqhBfauuP0gvD67cjnXaumq/U9MVsrQn652xmOM2U:vfuWwbCyae/z+OvmUU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5301e2125a7f01361446ac66351294bc9a00fffa2882bf4ea5f493dac63a298.exe

Files

d5301e2125a7f01361446ac66351294bc9a00fffa2882bf4ea5f493dac63a298.exe
.exe windows:6 windows x86 arch:x86

bb5edd2a1efe39dfc6c950966a031462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateIoCompletionPort
SetFileCompletionNotificationModes
CloseHandle
CompareStringW
GetQueuedCompletionStatusEx
AddVectoredExceptionHandler
SetThreadStackGuarantee
FreeConsole
SetFilePointerEx
GetConsoleWindow
WriteProcessMemory
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
SetThreadPriority
Sleep
LoadLibraryW
CopyFileExW
TlsSetValue
TlsGetValue
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
HeapSize
TryAcquireSRWLockExclusive
GetLastError
GetFinalPathNameByHandleW
WakeAllConditionVariable
SetLastError
GetCurrentProcess
GetProcAddress
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
LoadLibraryA
GetFileSizeEx
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReleaseSRWLockExclusive
SwitchToThread
AcquireSRWLockExclusive
OutputDebugStringW
GetCommandLineW
GetModuleHandleA
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetStdHandle
GetConsoleMode
GetCommandLineA
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
WaitForSingleObjectEx
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
WriteFile
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
FindClose
GetModuleHandleExW
GetFileType
RaiseException
LoadLibraryExW
CreateThread
ExitProcess
QueryPerformanceCounter
GetProcessHeap
HeapAlloc
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SleepConditionVariableSRW
SetHandleInformation
WakeConditionVariable
FreeLibrary
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
PostQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
EncodePointer
HeapFree
GetACP
HeapReAlloc
RtlUnwind
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
DecodePointer

ws2_32

getsockopt
connect
ioctlsocket
WSASocketW
WSAStartup
bind
send
closesocket
setsockopt
freeaddrinfo
WSACleanup
WSAIoctl
shutdown
getpeername
getaddrinfo
recv
getsockname
WSAGetLastError
WSASend

ntdll

NtReadFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
NtWriteFile

user32

SetWindowPos
ShowWindow

shell32

ShellExecuteW

bcrypt

BCryptGenRandom

advapi32

SystemFunction036
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

crypt32

CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertFreeCertificateChain
CertEnumCertificatesInStore
CertDuplicateStore
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateContext
CertOpenStore

secur32

AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
DeleteSecurityContext
FreeCredentialsHandle
FreeContextBuffer
DecryptMessage
EncryptMessage
AcquireCredentialsHandleA
ApplyControlToken

Sections

.text
Size: 875KB - Virtual size: 874KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb5edd2a1efe39dfc6c950966a031462

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

ntdll

user32

shell32

bcrypt

advapi32

crypt32

secur32

Sections

.text Size: 875KB - Virtual size: 874KB

.rdata Size: 387KB - Virtual size: 387KB

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 875KB - Virtual size: 874KB

.rdata
Size: 387KB - Virtual size: 387KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 31KB - Virtual size: 31KB