b4aabfb8f0327370ce80970c357b84782eaf0aabfc70f5e7340746f25252d541

Sharing

Copy URL Twitter E-mail

General

Target

b4aabfb8f0327370ce80970c357b84782eaf0aabfc70f5e7340746f25252d541
Size

113KB
MD5

1a96767957e193c45b1bf642f3293350
SHA1

97713366202b6914e6defc4dfcbdff430785f407
SHA256

b4aabfb8f0327370ce80970c357b84782eaf0aabfc70f5e7340746f25252d541
SHA512

b0e8b6dffc8fa5409e26b95dfd6113351508d1435602ef69a0954c74853c2463898c24cf4358de9a027ac4c2ba79dbd5e3d88ce2b42858a6eb1a611573e2326d
SSDEEP

3072:V97LLBkDNOjkm0bDG8Y7FFiOTVsaJVYvL2HHnZQJ9A0:V97LLBymkmyNQ3TVsanYvkHI9n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4aabfb8f0327370ce80970c357b84782eaf0aabfc70f5e7340746f25252d541

Files

b4aabfb8f0327370ce80970c357b84782eaf0aabfc70f5e7340746f25252d541
.exe windows:5 windows x64 arch:x64

61c1b6f838d2e5795c01ab4099a5158c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetExitCodeProcess
LocalReAlloc
CreateProcessA
TerminateProcess
FileTimeToSystemTime
ReadFile
GetModuleFileNameW
GetSystemDirectoryA
MultiByteToWideChar
GetFileSizeEx
GetStartupInfoA
FindFirstFileA
GetLastError
GetProcAddress
RemoveDirectoryA
CopyFileA
Sleep
LoadLibraryA
LocalAlloc
MoveFileA
CreateEventW
WaitForMultipleObjects
CreatePipe
GetModuleFileNameA
FindNextFileA
WTSGetActiveConsoleSessionId
CloseHandle
FileTimeToLocalFileTime
GetCurrentProcessId
LocalFree
DeleteFileA
LocalFileTimeToFileTime
WideCharToMultiByte
WriteFile
SetFileTime
FormatMessageA
GetTickCount
GetLogicalDrives
SetEvent
GetCurrentProcess
SystemTimeToFileTime
FreeLibrary
PeekNamedPipe
CreateFileA
GetComputerNameA
FindClose
GetSystemDefaultLangID
RaiseException
FlushFileBuffers
HeapSize
CreateFileW
LoadLibraryW
WriteConsoleW
SetFilePointer
RtlPcToFileHeader
GetStringTypeW
GetSystemTimeAsFileTime
QueryPerformanceCounter
DeleteCriticalSection
GetStartupInfoW
SetHandleCount
HeapFree
HeapAlloc
GetFileAttributesA
HeapReAlloc
GetCommandLineW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
DecodePointer
RtlUnwindEx
SetStdHandle
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetFileType
GetConsoleCP
GetConsoleMode
HeapSetInformation
GetVersion
HeapCreate
GetModuleHandleW
ExitProcess
GetStdHandle
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW

advapi32

CryptDestroyKey
CryptEncrypt
SetServiceStatus
CryptImportKey
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
CryptReleaseContext
RegisterServiceCtrlHandlerA
CryptSetKeyParam
CryptAcquireContextW
StartServiceCtrlDispatcherA
OpenProcessToken
CryptDecrypt

shell32

SHCreateDirectoryExA

ole32

CoInitialize

ws2_32

recvfrom
inet_addr
htonl
WSAGetLastError
WSAStartup
setsockopt
sendto
WSACleanup
socket
closesocket
gethostbyname
htons
ntohs

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61c1b6f838d2e5795c01ab4099a5158c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

ws2_32

userenv

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB