6769ef7f8e73d7cbccca222f5af760787f973167be074ab5b0a5ccfe3f2ba0a9

Sharing

Copy URL Twitter E-mail

General

Target

6769ef7f8e73d7cbccca222f5af760787f973167be074ab5b0a5ccfe3f2ba0a9
Size

3.2MB
MD5

c024eb3035dd010de98839a2eb90b46b
SHA1

0f8900d9c5b8cc0a2bce8db357dacea9bc06d683
SHA256

6769ef7f8e73d7cbccca222f5af760787f973167be074ab5b0a5ccfe3f2ba0a9
SHA512

50464b7d7ac2e74d559688eb6f49edf1c487b0c394c8c0af6b100664167b6f3a3c6deffd182722f1d12d67cd562224ebbb463f9e20e81c86f5eb534eee65078f
SSDEEP

49152:3iVwASO6GtlqAOIU6i2rM4lkbdqIzSOh5PlzTGHjOWObLGv26a5QhtKx6o+r86iB:U5+twIn9CKj+AHFwz7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6769ef7f8e73d7cbccca222f5af760787f973167be074ab5b0a5ccfe3f2ba0a9

Files

6769ef7f8e73d7cbccca222f5af760787f973167be074ab5b0a5ccfe3f2ba0a9
.exe windows:6 windows x64 arch:x64

509830d206320c104574ee616e7b7bb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcessHeap
HeapSize
WriteConsoleW
lstrcmpW
CreateProcessA
GetCurrentDirectoryW
CloseHandle
GetLastError
Sleep
MultiByteToWideChar
SetFileAttributesW
GetFileAttributesW
WaitForSingleObject
FindClose
GetTempPathW
PeekNamedPipe
CreatePipe
FindNextFileW
FindFirstFileW
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
WideCharToMultiByte
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LocalFree
GetModuleHandleExW
GetCurrentThreadId
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
GetCurrentProcessId
ConvertFiberToThread
ConvertThreadToFiber
RtlVirtualUnwind
FreeLibrary
LoadLibraryA
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
RtlUnwindEx
RtlPcToFileHeader
RaiseException
LoadLibraryExW
ExitProcess
SetEnvironmentVariableW
SetCurrentDirectoryW
GetDriveTypeW
GetFullPathNameW
DeleteFileW
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
CreateThread
ExitThread
FreeLibraryAndExitThread
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
HeapReAlloc
GetTimeZoneInformation
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
RtlUnwind

oleaut32

VariantClear
SysAllocString
SysFreeString

ws2_32

freeaddrinfo
listen
setsockopt
gethostname
sendto
connect
socket
WSAStartup
getaddrinfo
accept
closesocket
WSACleanup
ioctlsocket
getsockname
getsockopt
ntohs
WSAGetLastError
recv
send
WSASetLastError
bind
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
inet_pton
__WSAFDIsSet
select
getpeername
htons
WSAIoctl
ntohl
htonl
recvfrom

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertOpenStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore

bcrypt

BCryptGenRandom

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptEncrypt
CryptImportKey
CryptHashData

wldap32

ord35
ord33
ord32
ord27
ord26
ord30
ord41
ord50
ord60
ord211
ord46
ord143
ord200
ord301
ord79
ord22
ord45

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

509830d206320c104574ee616e7b7bb5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

ws2_32

crypt32

bcrypt

user32

advapi32

wldap32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 773KB - Virtual size: 773KB

.data Size: 30KB - Virtual size: 50KB

.pdata Size: 95KB - Virtual size: 94KB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 773KB - Virtual size: 773KB

.data
Size: 30KB - Virtual size: 50KB

.pdata
Size: 95KB - Virtual size: 94KB

.reloc
Size: 29KB - Virtual size: 28KB