82d4a0fef550af4f01a07041c16d851f262d859a3352475c62630e2c16a21def

Sharing

Copy URL Twitter E-mail

General

Target

82d4a0fef550af4f01a07041c16d851f262d859a3352475c62630e2c16a21def
Size

3.4MB
MD5

d9731b51c936aa57207b0efe435ab056
SHA1

9e223444d7b6b1837c4643f34e0f561613496569
SHA256

82d4a0fef550af4f01a07041c16d851f262d859a3352475c62630e2c16a21def
SHA512

512f753a6ef32be1721ff767c82d9b06648f5e414a6870ebfbf85dc2c40abb9c963ffbb74f72586421afafa9b5a02074a122e56700853d687815dbc26ef0a835
SSDEEP

49152:pZ9vJYUoU8sGNVftaU0wGNNPTClsZkq3V85OS+TG+LKymbT5TxPK6XvKG:/9vxdtTJENbq6XvK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82d4a0fef550af4f01a07041c16d851f262d859a3352475c62630e2c16a21def

Files

82d4a0fef550af4f01a07041c16d851f262d859a3352475c62630e2c16a21def
.exe windows:6 windows x64 arch:x64

fce816c740f81332f82b3995023ea1a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

RegisterClassA
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
PostThreadMessageW
DefWindowProcA
GetWindowLongPtrA
SetWindowLongPtrA
CreateWindowExA
DefWindowProcW
PostQuitMessage
DispatchMessageW
GetMessageW
CreateWindowExW
RegisterClassW
MessageBoxA

kernel32

SwitchToThread
GetSystemTimeAsFileTime
Sleep
ExitProcess
CreateMutexW
GetLastError
CloseHandle
GetFileAttributesW
DeleteFileW
QueryPerformanceCounter
LoadLibraryW
GetProcAddress
GetFileAttributesExW
GetStdHandle
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
CancelIoEx
CreateEventW
GetExitCodeThread
SetEvent
SetEndOfFile
CreateFileW
GetHandleInformation
GetFileSizeEx
SetFilePointerEx
ReadDirectoryChangesW
WriteFileEx
ReadFileEx
GetSystemInfo
WaitForSingleObject
ResumeThread
FreeLibrary
LoadLibraryA
GetModuleHandleA
ReadFile
GetFileSize
WriteFile
SetFilePointer
HeapSize
GetProcessHeap
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetModuleFileNameW
FlushFileBuffers
InitializeCriticalSection
RtlUnwind
LCMapStringW
CompareStringW
ReadConsoleW
HeapAlloc
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapFree
TerminateProcess
WriteConsoleW
ExitThread
CreateThread
GetFileType
SetStdHandle
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
FreeLibraryAndExitThread
VerifyVersionInfoW
VerSetConditionMask
GetModuleHandleExW
GetThreadContext
SuspendThread
TerminateThread
OpenThread
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcessId
ExpandEnvironmentStringsW
lstrlenW
GetEnvironmentVariableA
RtlCaptureContext
LocalFree
FormatMessageW
SetHandleInformation
CreateProcessW
ReleaseSemaphore
CreateSemaphoreA
MultiByteToWideChar
WideCharToMultiByte
GetConsoleOutputCP
GetConsoleScreenBufferInfo
DuplicateHandle
GetCurrentProcess
GetCurrentThread
CreatePipe
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
VirtualFree
VirtualAlloc
GetEnvironmentVariableW
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
QueryPerformanceFrequency
GetTimeZoneInformation

ws2_32

bind
closesocket
connect
WSAGetLastError
WSAAsyncSelect
setsockopt
listen
getsockname
getpeername
WSAIoctl
WSARecv
WSASend
WSASocketW
WSASendDisconnect
htonl
WSARecvFrom
WSASendTo
WSAAccept
WSAStartup
WSAStringToAddressW
GetAddrInfoW
select

advapi32

CryptGenRandom
CryptAcquireContextA
CryptAcquireContextW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegOpenKeyW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegFlushKey
RegEnumKeyExW
RegEnumValueW

wsock32

socket
getprotobyname
inet_ntoa
getsockopt
accept
shutdown
gethostname
send
sendto
recv
recvfrom
WSACleanup
ntohs
ntohl
htons
inet_addr
ioctlsocket
gethostbyaddr
gethostbyname
getservbyport
getprotobynumber
getservbyname

libssl-1_1-x64

SSL_CTX_set_session_id_context
SSL_CTX_set_cipher_list
TLS_client_method
TLSv1_client_method
DTLSv1_client_method
TLS_server_method
TLSv1_server_method
DTLSv1_server_method
SSL_CTX_new
SSL_CTX_set_options
SSL_CTX_free
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_callback_ctrl
SSL_CTX_ctrl
SSL_get_servername
SSL_set_SSL_CTX
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_PrivateKey_file
SSL_CTX_load_verify_locations
SSL_load_client_CA_file
SSL_CTX_set_client_CA_list
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_data
SSL_ctrl
SSL_set_bio
SSL_set_ex_data
SSL_accept
SSL_connect
SSL_get_peer_certificate
SSL_get_verify_result
SSL_shutdown
SSL_free
SSL_peek
SSL_pending
SSL_read
SSL_write
SSL_get_error
OPENSSL_init_ssl
SSL_new

libcrypto-1_1-x64

OBJ_sn2nid
DH_free
PEM_read_DHparams
EC_KEY_free
BN_get_rfc3526_prime_2048
DH_new
CRYPTO_get_ex_new_index
RAND_poll
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_error
X509_STORE_CTX_get_error_depth
X509_STORE_CTX_get_ex_data
X509_get_subject_name
X509_NAME_oneline
X509_get_issuer_name
X509_STORE_CTX_set_error
X509_verify_cert_error_string
BIO_get_new_index
BIO_meth_new
BIO_meth_set_write
BIO_meth_set_read
BIO_meth_set_ctrl
BIO_meth_set_destroy
BIO_set_init
BIO_set_data
BIO_meth_set_create
BIO_set_shutdown
BIO_new
X509_NAME_entry_count
X509_NAME_get_entry
X509_NAME_ENTRY_get_object
X509_NAME_ENTRY_get_data
OBJ_obj2nid
OBJ_nid2ln
X509_free
ERR_clear_error
ERR_get_error
ERR_get_error_line_data
ERR_error_string
ERR_put_error
OPENSSL_sk_value
OPENSSL_sk_num
ERR_peek_error
ERR_error_string_n
CRYPTO_free
ASN1_STRING_to_UTF8
X509_NAME_get_index_by_NID
GENERAL_NAMES_free
X509_get_ext_d2i
EC_KEY_new_by_curve_name
BIO_clear_flags
BIO_get_shutdown
BIO_get_data
BN_bin2bn
ERR_add_error_data

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 713KB - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

._deh
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.minfo
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tp
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dp
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fce816c740f81332f82b3995023ea1a0

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

ws2_32

advapi32

wsock32

libssl-1_1-x64

libcrypto-1_1-x64

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 713KB - Virtual size: 723KB

.pdata Size: 96KB - Virtual size: 95KB

._deh Size: 17KB - Virtual size: 16KB

.minfo Size: 2KB - Virtual size: 1KB

.tp Size: 1024B - Virtual size: 704B

.dp Size: 1KB - Virtual size: 1KB

_RDATA Size: 512B - Virtual size: 148B

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 713KB - Virtual size: 723KB

.pdata
Size: 96KB - Virtual size: 95KB

._deh
Size: 17KB - Virtual size: 16KB

.minfo
Size: 2KB - Virtual size: 1KB

.tp
Size: 1024B - Virtual size: 704B

.dp
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 32KB - Virtual size: 32KB