374a979d2b8b45d23e3310676256624ab96bd604c2eb11f327c3e5044a95654a

Sharing

Copy URL

Twitter E-mail

General

Target

374a979d2b8b45d23e3310676256624ab96bd604c2eb11f327c3e5044a95654a
Size

372KB
MD5

05f62ecabc68ee01d8274a3c97f5b101
SHA1

8128819b7fa55a7a331e933fce52051c66d5e72d
SHA256

374a979d2b8b45d23e3310676256624ab96bd604c2eb11f327c3e5044a95654a
SHA512

e53afc5c9f4cba52c521dbc6f24144bce4f182bdc40a39f94b0005d335cd5384472c48fb04b1e1f6e9dc0a94e58739d6ccda4eff9114f5020054a95c7b903df8
SSDEEP

6144:MfkWFheyVxcO8fo66ZYB9LEpvkWohWS4rNaLGU:BAVgfl6iYpcWot5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
374a979d2b8b45d23e3310676256624ab96bd604c2eb11f327c3e5044a95654a

Files

374a979d2b8b45d23e3310676256624ab96bd604c2eb11f327c3e5044a95654a
.exe windows:6 windows x64 arch:x64

702daf9c6e729bbe2fd3c69e37169239

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
CreateFileA
SetEvent
GetDiskFreeSpaceExW
GetCurrentThread
TerminateThread
LoadLibraryA
GetNativeSystemInfo
CreateThread
GetWindowsDirectoryA
GetCurrentDirectoryW
SetVolumeMountPointW
GetWindowsDirectoryW
GetProcAddress
SetFilePointerEx
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
GetModuleHandleW
CopyFileW
WideCharToMultiByte
GetVolumePathNamesForVolumeNameW
lstrcpyW
SleepEx
GetDiskFreeSpaceExA
GetSystemTime
CreateEventA
FindNextVolumeW
lstrcmpiW
CreateIoCompletionPort
GetTickCount
lstrcmpW
MoveFileW
GetDriveTypeW
GetFileTime
GetComputerNameA
TerminateProcess
OpenProcess
MultiByteToWideChar
Process32NextW
QueryDosDeviceW
GetFinalPathNameByHandleW
K32GetModuleFileNameExW
DuplicateHandle
CreateEventW
FindVolumeClose
GetFileType
GetTickCount64
lstrcatW
GetSystemInfo
GlobalMemoryStatusEx
WriteConsoleW
SetEndOfFile
ReadConsoleW
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFileAttributesW
PostQueuedCompletionStatus
GetLocaleInfoA
GetModuleHandleA
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
FindClose
lstrlenA
GetQueuedCompletionStatus
SetErrorMode
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleFileNameW
GetUserDefaultLangID
WriteFile
FindNextFileW
lstrlenW
GetCommandLineW
EnterCriticalSection
FindFirstVolumeW
FindFirstFileExW
GetFileSizeEx
GetLogicalDrives
GetVolumeInformationW
ReadFile
LocalFree
CloseHandle
GetLastError
GetCurrentProcess
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceCounter
CreateToolhelp32Snapshot
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException

user32

CreateWindowExW
GetCursorPos
MessageBoxW
DefWindowProcW
RegisterClassW

advapi32

CloseServiceHandle
OpenProcessToken
SetNamedSecurityInfoW
ControlService
EnumDependentServicesW
QueryServiceConfigW
ChangeServiceConfigW
OpenServiceW
EnumServicesStatusW
QueryServiceStatusEx
CreateServiceW
RegCloseKey
CryptAcquireContextW
RegQueryValueExA
CryptGenRandom
OpenSCManagerW
RegSetValueExW
StartServiceW
RegOpenKeyExA
RegOpenKeyExW
OpenThreadToken
CryptReleaseContext
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid

shell32

CommandLineToArgvW
ShellExecuteW

netapi32

NetShareEnum
NetApiBufferFree

shlwapi

wnsprintfA
StrCmpNIW
PathCombineW
StrCmpNW
StrStrIW
SHDeleteKeyW
UrlUnescapeA
UrlEscapeA
wvnsprintfW
wnsprintfW
PathFileExistsW

iphlpapi

GetIpNetTable

ws2_32

inet_ntoa

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetCrackUrlW
InternetOpenW
InternetQueryOptionW
HttpOpenRequestW
InternetReadFile
HttpSendRequestW

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

702daf9c6e729bbe2fd3c69e37169239

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

netapi32

shlwapi

iphlpapi

ws2_32

wininet

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 5KB - Virtual size: 32KB

.pdata Size: 11KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 252B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 5KB - Virtual size: 32KB

.pdata
Size: 11KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 252B

.reloc
Size: 4KB - Virtual size: 3KB