e615ea30dd37644526060689544c1a1d263b6bb77fe3084aa7883669c1fde12f

Sharing

Copy URL

Twitter E-mail

General

Target

e615ea30dd37644526060689544c1a1d263b6bb77fe3084aa7883669c1fde12f
Size

1.9MB
MD5

9846e2e45000984719804ec2236405bd
SHA1

f1b325a6b927f62a911dd3bf199262223983fbb9
SHA256

e615ea30dd37644526060689544c1a1d263b6bb77fe3084aa7883669c1fde12f
SHA512

4ca859eb3fca88c676ed96d540207a54656fce2a44c3ba6ded7bb2f0d608328a17fdec1950f90ccc03ea9fa2613e31738823a97810f93de55cc676c92e9c7a34
SSDEEP

24576:Y4ENdUyGCaeU3wxE3ICbhYrC2RQdyrE8SQsg2XOfjvJpbPTvYRrJGcti9:Y4ENdi3ICbhYrC4Qd2XwXOfXbPT2t1t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e615ea30dd37644526060689544c1a1d263b6bb77fe3084aa7883669c1fde12f

Files

e615ea30dd37644526060689544c1a1d263b6bb77fe3084aa7883669c1fde12f
.exe windows:6 windows x64 arch:x64

c4a0213bb099203c783857a5e2fe3edc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

DispatchMessageW
PostQuitMessage
DefWindowProcW
GetMessageW
RegisterClassW
CreateWindowExW

kernel32

GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
LCMapStringW
CompareStringW
GetFileSizeEx
GetConsoleCP
GetLastError
GetConsoleMode
HeapReAlloc
HeapAlloc
HeapFree
TerminateProcess
SetFilePointerEx
WriteConsoleW
ExitThread
CreateThread
GetFileType
SetStdHandle
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
GetFileAttributesExW
GetProcAddress
LoadLibraryW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetFileAttributesW
ExitProcess
Sleep
GetCPInfo
GetCommandLineA
GetCommandLineW
GetStringTypeW
GetProcessHeap
HeapSize
ReadConsoleW
GetCurrentProcess
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FlushFileBuffers
GetModuleFileNameW
CreateFileW
SetFilePointer
WriteFile
CloseHandle
GetFileSize
ReadFile
ResumeThread
WaitForSingleObject
GetExitCodeThread
SwitchToThread
GetSystemInfo
GetModuleHandleA
QueryPerformanceFrequency
GetTimeZoneInformation
GetStdHandle
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetLastError
GetEnvironmentVariableW
CreatePipe
GetCurrentThreadId
GetCurrentThread
DuplicateHandle
GetConsoleScreenBufferInfo
FreeLibrary
GetConsoleOutputCP
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
TryEnterCriticalSection
LoadLibraryA
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
CreateProcessW
GetHandleInformation
SetHandleInformation
FormatMessageW
LocalFree
CreateSemaphoreA
ReleaseSemaphore
VirtualAlloc
VirtualFree
RtlCaptureContext
GetEnvironmentVariableA
lstrlenW
ExpandEnvironmentStringsW
GetCurrentProcessId
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
SetEvent
CreateEventW
OpenThread
TerminateThread
SuspendThread
GetThreadContext
GetModuleHandleExW
VerSetConditionMask
VerifyVersionInfoW
FreeLibraryAndExitThread
InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue

ws2_32

htons
htonl
ntohl
ntohs
WSACleanup
WSAStartup
WSAGetLastError
WSAIoctl
setsockopt
recvfrom
recv
sendto
inet_addr
getsockname
getpeername
gethostname
closesocket
shutdown
accept
listen
connect
bind
getsockopt
ioctlsocket
getprotobyname
socket
getprotobynumber
inet_ntoa
getservbyname
getservbyport
gethostbyname
gethostbyaddr
send

advapi32

RegEnumValueW
RegEnumKeyExW
RegFlushKey
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
CryptGenRandom
CryptAcquireContextA
CryptAcquireContextW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 435KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

._deh
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.minfo
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dp
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tp
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4a0213bb099203c783857a5e2fe3edc

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

ws2_32

advapi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 435KB - Virtual size: 442KB

.pdata Size: 55KB - Virtual size: 54KB

._deh Size: 9KB - Virtual size: 8KB

.minfo Size: 1024B - Virtual size: 1000B

.dp Size: 1024B - Virtual size: 944B

.tp Size: 512B - Virtual size: 236B

_RDATA Size: 512B - Virtual size: 148B

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 435KB - Virtual size: 442KB

.pdata
Size: 55KB - Virtual size: 54KB

._deh
Size: 9KB - Virtual size: 8KB

.minfo
Size: 1024B - Virtual size: 1000B

.dp
Size: 1024B - Virtual size: 944B

.tp
Size: 512B - Virtual size: 236B

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 20KB - Virtual size: 20KB