1a1886c3e7fee9d3b9ff07ca64729af32dad530d6b30a2528e0e687e8482849c

Sharing

Copy URL

Twitter E-mail

General

Target

1a1886c3e7fee9d3b9ff07ca64729af32dad530d6b30a2528e0e687e8482849c
Size

673KB
MD5

18e8ac6e73bff4abf21d3d844a3ae231
SHA1

0cf200d4efecf210441cdef97a62eb02509074c7
SHA256

1a1886c3e7fee9d3b9ff07ca64729af32dad530d6b30a2528e0e687e8482849c
SHA512

ffe9b1b2af3c4ee03d096c00ee03b9577c31775055a2bb70753e24053634a34568b6ee83aedc9630acc4abd6294afb841d0e69f65144b494498db8904bf79665
SSDEEP

12288:CdEKAUUjpfT4CPZdD6WYgeWYg955/155/jfBqo4+56Q64gUu9+rAS8VHxxQdcwdG:CaflfTzhdDnpFP0oKA72SAfOtFZdi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a1886c3e7fee9d3b9ff07ca64729af32dad530d6b30a2528e0e687e8482849c

Files

1a1886c3e7fee9d3b9ff07ca64729af32dad530d6b30a2528e0e687e8482849c
.exe windows:6 windows x64 arch:x64

c28a6a0512f8954dd49f67743d6c5b82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

recv
bind
connect
getpeername
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
inet_pton
closesocket
WSACleanup
getaddrinfo
freeaddrinfo
__WSAFDIsSet
select
accept
htonl
listen
ioctlsocket
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAGetLastError
WSAStartup
WSAWaitForMultipleEvents
getsockname
send

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext

crypt32

CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindExtension
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptUnprotectData
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateChain

kernel32

AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
LocalFree
GetLastError
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
FormatMessageW
Sleep
MoveFileExA
GetTickCount
CloseHandle
WaitForSingleObjectEx
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
ReadFile
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
FormatMessageA

msvcp140

_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Thrd_join
_Strcoll
_Strxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?rdstate@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
??Bios_base@std@@QEBA_NXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?uncaught_exceptions@std@@YAHXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
_Thrd_id

vcruntime140

__std_type_info_compare
__std_type_info_name
_CxxThrowException
strchr
memchr
__RTDynamicCast
strrchr
strstr
__current_exception
__current_exception_context
__C_specific_handler
memset
memmove
memcpy
memcmp
__std_terminate
_purecall
__std_exception_destroy
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
__sys_nerr
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
__sys_errlist
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
abort
_set_app_type
system
_beginthreadex
terminate
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno

api-ms-win-crt-math-l1-1-0

_dsign
__setusermatherr
_dtest

api-ms-win-crt-heap-l1-1-0

free
_aligned_malloc
calloc
_callnewh
malloc
realloc
_set_new_mode
_aligned_free

api-ms-win-crt-convert-l1-1-0

wcstombs
strtod
strtol
strtoll
strtoull
strtoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-stdio-l1-1-0

fgetc
fgetpos
__p__commode
_set_fmode
fputc
fread
fsetpos
_fseeki64
fwrite
fgets
fopen
__stdio_common_vsscanf
fputs
setvbuf
ungetc
ftell
_get_stream_buffer_pointers
fclose
__stdio_common_vsprintf
feof
fseek
__acrt_iob_func
fflush

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlink
_stat64
_access
_unlock_file

api-ms-win-crt-string-l1-1-0

strcpy
strncpy
tolower
wcslen
strcmp
strspn
strncmp
_strdup
strcspn
strlen
isupper

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

api-ms-win-crt-utility-l1-1-0

_byteswap_uint64
_byteswap_ushort
qsort
_byteswap_ulong

api-ms-win-crt-time-l1-1-0

strftime
_time64
_gmtime64

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcpy
_mbschr
_mbsnbcmp
_mbspbrk

Sections

.text
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c28a6a0512f8954dd49f67743d6c5b82

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

crypt32

kernel32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Sections

.text Size: 499KB - Virtual size: 499KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 12KB - Virtual size: 19KB

.pdata Size: 21KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 499KB - Virtual size: 499KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 12KB - Virtual size: 19KB

.pdata
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB