77bcebc65a7ac66da8ad8689b437b0cffecb2247dc58ade041cefe7ed2d46b5e

Sharing

Copy URL

Twitter E-mail

General

Target

77bcebc65a7ac66da8ad8689b437b0cffecb2247dc58ade041cefe7ed2d46b5e
Size

736KB
MD5

2a68a55b226abc4e7aa940471088ceab
SHA1

ca87a9142d0cf4064ca4b606bd1bcbf67b454ab2
SHA256

77bcebc65a7ac66da8ad8689b437b0cffecb2247dc58ade041cefe7ed2d46b5e
SHA512

439034349ef8ad6ca2979a755a40babff03faeb40fda5c2b7e3f99038becda395130e87a2f1a6f301daf1289917644d867f309bdf21b922c3a7445d088c2b516
SSDEEP

12288:fslEk9afbJdEuQWFxy6ecjy8V73P2TKfdzohPq:UlPUTJiunxy6ecm8V3+Tczmq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77bcebc65a7ac66da8ad8689b437b0cffecb2247dc58ade041cefe7ed2d46b5e

Files

77bcebc65a7ac66da8ad8689b437b0cffecb2247dc58ade041cefe7ed2d46b5e
.exe windows:6 windows x64 arch:x64

266266234186cc9234db281453b02a2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Wow64SetThreadContext
Wow64GetThreadContext
GetThreadContext
SetThreadContext
lstrlenA
CreateFileA
GetStartupInfoW
GetModuleFileNameW
GetNativeSystemInfo
GetWindowsDirectoryW
CreateProcessW
CopyFileW
GetModuleFileNameA
GetTickCount64
CreateThread
GetComputerNameA
OpenProcess
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
CreateFileTransactedW
CreateFileW
GetFileSizeEx
GetCurrentProcess
WaitForSingleObject
GetFileAttributesA
GetVersionExA
FreeLibrary
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WriteProcessMemory
QueryPerformanceFrequency
QueryPerformanceCounter
DecodePointer
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
GetVersionExW
GetDiskFreeSpaceExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVolumeInformationA
SetErrorMode
FindNextFileA
GetDriveTypeA
GetTempFileNameW
GetProcAddress
MultiByteToWideChar
GetModuleHandleA
ResumeThread
GetTempPathW
GetOEMCP
SetFileAttributesW
CreateProcessA
GetCurrentProcessId
GetStartupInfoA
DeleteFileA
GetSystemDirectoryA
GetLastError
CopyFileA
SetCurrentDirectoryA
CreatePipe
TerminateProcess
VirtualAlloc
WriteFile
VirtualFree
VirtualProtect
MoveFileA
ReadFile
FindClose
FindFirstFileA
FindFirstFileW
GetProcessHeap
HeapAlloc
Sleep
HeapFree
CloseHandle
Process32Next
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
RtlUnwind
SignalObjectAndWait
SetEvent
CreateTimerQueue
SetEndOfFile
HeapSize
WriteConsoleW
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
CreateToolhelp32Snapshot
DeleteCriticalSection
Process32First
IsValidCodePage
FindFirstFileExA
HeapReAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetStringTypeW
SetFilePointerEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FreeLibraryAndExitThread
ExitThread
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
EncodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
LocalFree
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList

user32

GetDesktopWindow
IsRectEmpty
ReleaseDC
GetWindowRect
ExitWindowsEx
GetDC
EnumDisplaySettingsA

gdi32

CreateDCA
GetObjectA
DeleteObject
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
RealizePalette
GetStockObject
GetDIBits
GetDeviceCaps
DeleteDC
SelectPalette

advapi32

ImpersonateLoggedOnUser
RegOpenKeyExW
RegSetValueExW
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegCreateKeyA
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA
LookupPrivilegeValueA
RegFlushKey
RegSetValueExA
RegDeleteValueA
RevertToSelf
RegCreateKeyExW
OpenProcessToken
GetUserNameA
RegCloseKey
RegQueryValueExW

shell32

ord680
SHCreateDirectoryExW

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear

ws2_32

setsockopt
closesocket
send
socket
connect
recv
inet_ntoa
htons
WSAStartup
WSAIoctl
WSACleanup
gethostname
WSAGetLastError
inet_addr
gethostbyname

iphlpapi

GetAdaptersInfo
GetTcpTable

wininet

InternetQueryOptionA

shlwapi

PathFileExistsA

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
NtCreateSection
NtMapViewOfSection
RtlCaptureContext

ktmw32

CreateTransaction
RollbackTransaction

Exports

Exports

StartWork

Sections

.text
Size: 527KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

266266234186cc9234db281453b02a2a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

iphlpapi

wininet

shlwapi

ntdll

ktmw32

Exports

Exports

Sections

.text Size: 527KB - Virtual size: 526KB

.rdata Size: 161KB - Virtual size: 160KB

.data Size: 13KB - Virtual size: 25KB

.pdata Size: 29KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 527KB - Virtual size: 526KB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 13KB - Virtual size: 25KB

.pdata
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB