47e017b40d418374c0889e4d22aa48633b1d41b16b61b1f2897a39112a435d30

Sharing

Copy URL Twitter E-mail

General

Target

47e017b40d418374c0889e4d22aa48633b1d41b16b61b1f2897a39112a435d30
Size

3.4MB
MD5

12e399411185e386c863954eaa6f6595
SHA1

8cf133d72ba6d476e28dfc18e3ba13dc15f99071
SHA256

47e017b40d418374c0889e4d22aa48633b1d41b16b61b1f2897a39112a435d30
SHA512

b3c10ddbca7eac5d8744fb16c4ebd9e0ad02ac0ceb897625edec4d0e7a9112781043211afe1329a902227c0d139599adcf7b1d1181f44706b003128c739479dd
SSDEEP

49152:Vur6CMNij4oRzzsfEZtJfax+j/Cf5OHlSPFJTXzCwoQF88jJGRNvTsAiPdX5ZR70:JCMNvUEeaO+59G2dX5r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47e017b40d418374c0889e4d22aa48633b1d41b16b61b1f2897a39112a435d30

Files

47e017b40d418374c0889e4d22aa48633b1d41b16b61b1f2897a39112a435d30
.exe windows:6 windows x64 arch:x64

4f756589e602fa2a505c60c0ffe501a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

RegisterClassA
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
PostThreadMessageW
DefWindowProcA
GetWindowLongPtrA
SetWindowLongPtrA
CreateWindowExA
DefWindowProcW
PostQuitMessage
DispatchMessageW
GetMessageW
CreateWindowExW
RegisterClassW
MessageBoxA

kernel32

ResumeThread
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetLastError
CloseHandle
GetFileAttributesW
DeleteFileW
QueryPerformanceCounter
LoadLibraryW
GetProcAddress
FreeLibrary
GetStdHandle
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
CancelIoEx
CreateEventW
InitializeCriticalSection
SetEvent
SetEndOfFile
CreateFileW
GetHandleInformation
GetFileSizeEx
SetFilePointerEx
ReadDirectoryChangesW
WriteFileEx
ReadFileEx
WaitForSingleObject
LoadLibraryA
GetModuleHandleA
ReadFile
GetFileSize
WriteFile
SetFilePointer
GetModuleFileNameW
FlushFileBuffers
GetFileAttributesExW
RtlUnwind
HeapSize
GetProcessHeap
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
CompareStringW
ReadConsoleW
HeapAlloc
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapFree
TerminateProcess
WriteConsoleW
ExitThread
CreateThread
GetFileType
SetStdHandle
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
FreeLibraryAndExitThread
VerifyVersionInfoW
VerSetConditionMask
GetModuleHandleExW
GetThreadContext
SuspendThread
TerminateThread
OpenThread
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcessId
ExpandEnvironmentStringsW
lstrlenW
GetEnvironmentVariableA
RtlCaptureContext
LocalFree
FormatMessageW
SetHandleInformation
CreateProcessW
ReleaseSemaphore
CreateSemaphoreA
MultiByteToWideChar
WideCharToMultiByte
GetConsoleOutputCP
GetConsoleScreenBufferInfo
DuplicateHandle
GetCurrentProcess
GetCurrentThread
CreatePipe
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
VirtualFree
VirtualAlloc
GetEnvironmentVariableW
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetSystemInfo
QueryPerformanceFrequency
SwitchToThread
GetExitCodeThread
GetTimeZoneInformation

libcrypto-1_1-x64

CRYPTO_get_ex_new_index
DH_new
BN_get_rfc3526_prime_2048
BN_bin2bn
PEM_read_DHparams
DH_free
OBJ_sn2nid
EC_KEY_new_by_curve_name
EC_KEY_free
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_error
X509_STORE_CTX_get_error_depth
X509_STORE_CTX_get_ex_data
X509_get_subject_name
X509_NAME_oneline
X509_get_issuer_name
X509_STORE_CTX_set_error
X509_verify_cert_error_string
BIO_get_new_index
BIO_meth_new
BIO_meth_set_write
BIO_meth_set_read
BIO_meth_set_ctrl
BIO_meth_set_create
BIO_meth_set_destroy
X509_get_ext_d2i
BIO_set_init
BIO_set_data
BIO_set_shutdown
BIO_new
X509_NAME_entry_count
X509_NAME_get_entry
X509_NAME_ENTRY_get_object
X509_NAME_ENTRY_get_data
OBJ_obj2nid
OBJ_nid2ln
X509_free
ERR_clear_error
ERR_get_error
ERR_get_error_line_data
OPENSSL_sk_value
OPENSSL_sk_num
ERR_peek_error
ERR_error_string_n
CRYPTO_free
ASN1_STRING_to_UTF8
X509_NAME_get_index_by_NID
GENERAL_NAMES_free
ERR_error_string
BIO_clear_flags
BIO_get_shutdown
BIO_get_data
ERR_add_error_data
ERR_put_error
RAND_poll

libssl-1_1-x64

OPENSSL_init_ssl
SSL_CTX_set_session_id_context
SSL_CTX_set_cipher_list
TLS_client_method
TLSv1_client_method
DTLSv1_client_method
TLS_server_method
TLSv1_server_method
DTLSv1_server_method
SSL_CTX_new
SSL_CTX_set_options
SSL_CTX_free
SSL_CTX_set_verify
SSL_CTX_callback_ctrl
SSL_CTX_ctrl
SSL_get_servername
SSL_set_SSL_CTX
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_PrivateKey_file
SSL_CTX_load_verify_locations
SSL_load_client_CA_file
SSL_CTX_set_client_CA_list
SSL_new
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_data
SSL_ctrl
SSL_set_bio
SSL_set_ex_data
SSL_accept
SSL_connect
SSL_get_peer_certificate
SSL_get_verify_result
SSL_shutdown
SSL_free
SSL_peek
SSL_pending
SSL_read
SSL_write
SSL_get_error
SSL_CTX_set_verify_depth

ws2_32

bind
closesocket
connect
WSAGetLastError
WSAAsyncSelect
setsockopt
listen
getsockname
getpeername
WSAIoctl
WSARecv
WSASend
WSAStartup
WSASendDisconnect
htonl
WSARecvFrom
WSASendTo
WSAAccept
WSAStringToAddressW
GetAddrInfoW
select
WSASocketW

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegFlushKey
RegEnumKeyExW
CryptGenRandom
CryptAcquireContextA
CryptAcquireContextW
RegQueryInfoKeyW
RegEnumValueW

wsock32

getprotobyname
inet_ntoa
getsockopt
accept
shutdown
gethostname
send
sendto
gethostbyaddr
gethostbyname
getservbyport
getservbyname
getprotobynumber
ioctlsocket
inet_addr
htons
ntohl
ntohs
WSACleanup
recvfrom
socket
recv

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 713KB - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

._deh
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.minfo
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tp
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dp
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f756589e602fa2a505c60c0ffe501a6

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

libcrypto-1_1-x64

libssl-1_1-x64

ws2_32

advapi32

wsock32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 713KB - Virtual size: 723KB

.pdata Size: 96KB - Virtual size: 95KB

._deh Size: 17KB - Virtual size: 16KB

.minfo Size: 2KB - Virtual size: 1KB

.tp Size: 1024B - Virtual size: 704B

.dp Size: 1KB - Virtual size: 1KB

_RDATA Size: 512B - Virtual size: 148B

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 713KB - Virtual size: 723KB

.pdata
Size: 96KB - Virtual size: 95KB

._deh
Size: 17KB - Virtual size: 16KB

.minfo
Size: 2KB - Virtual size: 1KB

.tp
Size: 1024B - Virtual size: 704B

.dp
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 32KB - Virtual size: 32KB