16860fc685ea0dee91e65e253062153ac6c886fdd73a3020c266601f58038a61

Sharing

Copy URL Twitter E-mail

General

Target

16860fc685ea0dee91e65e253062153ac6c886fdd73a3020c266601f58038a61
Size

583KB
MD5

320af64f3ff98a52faf6392dd58fb1b7
SHA1

f3e1511862f870f3388d6e068e9f2b9cf0249927
SHA256

16860fc685ea0dee91e65e253062153ac6c886fdd73a3020c266601f58038a61
SHA512

9675211d52eacfb298dad18202477cc4de77ac764541197c78283bf3556e93955fd8fc45520d4c14c5482b6c41720b417af3814bec238bce4bcaed8ef3b13cf2
SSDEEP

12288:ODGr2e8VoD4uJ2y9b017j5vBHyWwXuuu/gKLDP5YXh2thGozglVYWZ79dxS0u2Ek:OKlJ2VdvpIUtglrZ45Pe8Vbxu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16860fc685ea0dee91e65e253062153ac6c886fdd73a3020c266601f58038a61

Files

16860fc685ea0dee91e65e253062153ac6c886fdd73a3020c266601f58038a61
.dll windows:6 windows x86 arch:x86

2769e631325004ea913e5174621873fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\user\build_system\Project_Crutch\Release-Dropbox\Crutch3.pdb

Imports

dnsapi

DnsFree
DnsQuery_W

iphlpapi

GetAdaptersInfo

advapi32

CryptDestroyHash
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
RegCloseKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom

ws2_32

accept
listen
ioctlsocket
sendto
getaddrinfo
freeaddrinfo
gethostname
connect
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
socket
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
htonl
ntohl
inet_addr
recvfrom

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser

crypt32

CertFreeCertificateContext

wldap32

ord45
ord60
ord22
ord211
ord143
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

kernel32

LCMapStringW
CompareStringW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
SetStdHandle
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableA
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
GetModuleFileNameA
GetConsoleCP
GetModuleFileNameW
ReadConsoleW
GetConsoleMode
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
QueryPerformanceCounter
OutputDebugStringW
UnhandledExceptionFilter
HeapSize
RtlUnwind
RaiseException
SetFilePointerEx
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
IsBadReadPtr
SetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
CreateProcessW
SetHandleInformation
WaitForSingleObject
WriteFile
Sleep
ReadFile
CreateFileW
MultiByteToWideChar
GetLastError
CreatePipe
CloseHandle
DeleteFileW
CreateThread
CreateFileA
GetFileSize
CreateMutexW
GetSystemTimeAsFileTime
DeleteFileA
GetTickCount
SetErrorMode
ExpandEnvironmentStringsA
GetFileAttributesW
CreateProcessA
TerminateProcess
LocalAlloc
LocalFree
GetVolumeInformationW
ExpandEnvironmentStringsW
SystemTimeToFileTime
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
GetCurrentProcessId
LoadLibraryExW
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
AreFileApisANSI
ExitThread

user32

OemToCharA

Sections

.text
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2769e631325004ea913e5174621873fc

Headers

File Characteristics

PDB Paths

Imports

dnsapi

iphlpapi

advapi32

ws2_32

winhttp

crypt32

wldap32

wininet

kernel32

user32

Sections

.text Size: 387KB - Virtual size: 386KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 13KB - Virtual size: 21KB

.rsrc Size: 82KB - Virtual size: 82KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 387KB - Virtual size: 386KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 13KB - Virtual size: 21KB

.rsrc
Size: 82KB - Virtual size: 82KB

.reloc
Size: 21KB - Virtual size: 20KB