33e2ab2c90488bb9435acdad2b4e63189f67a4eeaab5b38b1dfdbc707f83c4fd

Sharing

Copy URL

Twitter E-mail

General

Target

33e2ab2c90488bb9435acdad2b4e63189f67a4eeaab5b38b1dfdbc707f83c4fd
Size

374KB
MD5

d3018d3c959c827fe446af2e857ea65a
SHA1

2a6f5d811deb5f4f3130915532a9926b6d26afe0
SHA256

33e2ab2c90488bb9435acdad2b4e63189f67a4eeaab5b38b1dfdbc707f83c4fd
SHA512

be9792cdb0e5aad09f3e926076bc788ccb06503e23ab6f2ea1f9ce537371ff9cfc018e5549b1823b74e8e347436e5f5fe66ab274c1352af61c69385c28b806e8
SSDEEP

6144:d0dryUTkT5ZLewnleutuIsjrwtO/C3mT+OFGMTZGzxvBKq:0yUc5ZLnc6uIsjrwtv2TPFGMVGzqq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33e2ab2c90488bb9435acdad2b4e63189f67a4eeaab5b38b1dfdbc707f83c4fd

Files

33e2ab2c90488bb9435acdad2b4e63189f67a4eeaab5b38b1dfdbc707f83c4fd
.exe windows:6 windows x64 arch:x64

59ca1e8409e07ea33be8b40e6a3d9046

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentThread
TerminateThread
LoadLibraryA
CloseHandle
GetNativeSystemInfo
CreateThread
SetVolumeMountPointW
GetProcAddress
LocalFree
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
GetModuleHandleW
CopyFileW
GetVolumePathNamesForVolumeNameW
lstrcpyW
SleepEx
GetDiskFreeSpaceExA
CreateEventA
FindNextVolumeW
lstrcmpiW
CreateIoCompletionPort
GetTickCount
lstrcmpW
GetDriveTypeW
GetComputerNameA
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
QueryDosDeviceW
GetFinalPathNameByHandleW
K32GetModuleFileNameExW
DuplicateHandle
CreateEventW
GetWindowsDirectoryW
FindVolumeClose
GetFileType
GetDiskFreeSpaceExW
lstrcatW
GetSystemTimeAsFileTime
ReadFile
GetFileSizeEx
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
GetSystemInfo
GlobalMemoryStatusEx
WriteConsoleW
ReadConsoleW
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetEvent
GetLastError
Sleep
MultiByteToWideChar
PostQueuedCompletionStatus
GetLocaleInfoA
GetModuleHandleA
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
FindClose
lstrlenA
GetQueuedCompletionStatus
SetErrorMode
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleFileNameW
GetUserDefaultLangID
WriteFile
lstrlenW
GetCurrentProcess
FindNextFileW
GetCommandLineW
EnterCriticalSection
FindFirstVolumeW
FindFirstFileExW
GetLogicalDrives
MoveFileW
OutputDebugStringW
WideCharToMultiByte
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
QueryPerformanceCounter
GetTickCount64
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
HeapReAlloc
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue

user32

CreateWindowExW
GetCursorPos
MessageBoxW
DefWindowProcW
RegisterClassW

advapi32

EnumServicesStatusW
CryptReleaseContext
OpenThreadToken
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
ControlService
EnumDependentServicesW
QueryServiceConfigW
ChangeServiceConfigW
OpenServiceW
QueryServiceStatusEx
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
RegCloseKey
CryptAcquireContextW
CloseServiceHandle
RegQueryValueExA
CryptGenRandom
OpenSCManagerW
RegSetValueExW
OpenProcessToken
StartServiceW
RegOpenKeyExA
RegOpenKeyExW
GetTokenInformation

shell32

CommandLineToArgvW
ShellExecuteW

netapi32

NetShareEnum
NetApiBufferFree

shlwapi

wnsprintfA
StrCmpNIW
StrCmpNW
StrStrIW
SHDeleteKeyW
UrlUnescapeA
UrlEscapeA
wnsprintfW
PathFileExistsW

iphlpapi

GetIpNetTable

ws2_32

inet_ntoa

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetCrackUrlW
InternetOpenW
InternetQueryOptionW
HttpOpenRequestW
InternetReadFile
HttpSendRequestW

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59ca1e8409e07ea33be8b40e6a3d9046

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

netapi32

shlwapi

iphlpapi

ws2_32

wininet

Sections

.text Size: 242KB - Virtual size: 241KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: 5KB - Virtual size: 31KB

.pdata Size: 11KB - Virtual size: 11KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 242KB - Virtual size: 241KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: 5KB - Virtual size: 31KB

.pdata
Size: 11KB - Virtual size: 11KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 4KB - Virtual size: 3KB