e64bea4032cf2694e85ede1745811e7585d3580821a00ae1b9123bb3d2d442d6

Sharing

Copy URL Twitter E-mail

General

Target

e64bea4032cf2694e85ede1745811e7585d3580821a00ae1b9123bb3d2d442d6
Size

2.6MB
MD5

382b4d0a9c8d397577cfa26ba4b4df8d
SHA1

f5f18ca3ca0fce3e4d5b67802fec850ec0c95ac2
SHA256

e64bea4032cf2694e85ede1745811e7585d3580821a00ae1b9123bb3d2d442d6
SHA512

46f84e2eeb5e3a90e66d8839bc9d9374e9856cef7543f213774909d3053f67976c4875db06916525807f2fe7b355516b4bc91f615d0440e177321df18dc9e40b
SSDEEP

49152:WVhBHDe7bLgClxL57iXECv/CFaUwmeWYoGneas5JTxyDuF7wC/0:I3qkruUb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e64bea4032cf2694e85ede1745811e7585d3580821a00ae1b9123bb3d2d442d6

Files

e64bea4032cf2694e85ede1745811e7585d3580821a00ae1b9123bb3d2d442d6
.exe windows:6 windows x64 arch:x64

928303578fc08460a629ed66bc9881b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcrypt

BCryptDeriveKeyPBKDF2
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptSetProperty
BCryptDecrypt
BCryptGenerateSymmetricKey

crypt32

CryptUnprotectData

esent

JetCloseTable
JetEndSession
JetMove
JetDetachDatabaseW
JetSetSystemParameterA
JetAttachDatabaseW
JetBeginSessionA
JetCreateInstanceA
JetGetCurrentIndexW
JetOpenDatabaseW
JetInit
JetCloseDatabase
JetRetrieveColumn
JetTerm
JetGetDatabaseFileInfoW
JetGetTableColumnInfoA
JetOpenTableA

netapi32

NetApiBufferFree
NetUserGetInfo
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

rpcrt4

RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
UuidCreate
NdrClientCall2
RpcStringBindingComposeW

kernel32

CreateDirectoryW
GetModuleHandleExW
OpenProcess
GetFileAttributesW
TerminateProcess
ReadFile
GetModuleFileNameW
GetTempPathW
LoadLibraryA
SetDllDirectoryW
LocalAlloc
GetFileType
RemoveDirectoryW
GetModuleHandleA
GetFileTime
OutputDebugStringA
DuplicateHandle
GetWindowsDirectoryW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TerminateThread
GetExitCodeThread
CreateThread
GetSystemTime
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
LocalFree
FindNextFileW
FindClose
FindFirstFileW
CreateFileMappingW
CreateFileW
Sleep
WriteFile
MapViewOfFile
GetFileSize
DeleteFileW
CopyFileW
FreeLibrary
CloseHandle
GetCurrentThreadId
SetConsoleCtrlHandler
GetCurrentProcess
UnmapViewOfFile
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetConsoleMode
SetStdHandle
GetExitCodeProcess
VirtualQuery
SetFilePointer
IsBadReadPtr
CreateProcessA
WriteConsoleW
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
OpenEventW
WaitForMultipleObjects
CreateEventExW
ResetEvent
SetEvent
IsBadStringPtrW
GetSystemTimeAsFileTime
WaitForSingleObject
CompareFileTime
CreateProcessW
GetCurrentThread
GetProcAddress
GetLastError
lstrlenW
GetModuleHandleW
SetEnvironmentVariableA
OpenFileMappingW
ReadConsoleInputA
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RaiseException
LoadLibraryExW
ExitThread
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
ExitProcess
DecodePointer
EncodePointer
GetStringTypeW
GetVersionExW
DeleteFileA
AreFileApisANSI
GetTempPathA
GetCurrentProcessId
WTSGetActiveConsoleSessionId
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
CreateMutexW
HeapCompact
TryEnterCriticalSection
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
GetTickCount
UnlockFileEx
GetProcessHeap
FormatMessageA
InitializeCriticalSection
FormatMessageW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW

user32

LockWorkStation
GetThreadDesktop
GetProcessWindowStation

advapi32

RegCloseKey
ImpersonateLoggedOnUser
RegOpenKeyExW
RegEnumValueW
RegOpenCurrentUser
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyW
CryptGenKey
CryptGetProvParam
CryptAcquireContextA
CryptExportKey
CryptSetHashParam
ConvertSidToStringSidW
IsValidSid
AllocateLocallyUniqueId
DuplicateTokenEx
LookupAccountSidW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
ConvertStringSidToSidW
InitializeSecurityDescriptor
GetTokenInformation
GetUserNameW
OpenThreadToken
IsWellKnownSid
GetSidSubAuthority
OpenProcessToken
IsTextUnicode
CryptDecrypt
CryptDestroyKey
CryptImportKey
CryptSetKeyParam
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
LsaRetrievePrivateData
LsaClose
LsaOpenPolicy
RevertToSelf
SetSecurityInfo
CreateProcessWithTokenW
SetThreadToken

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

ntdll

RtlCreateAcl
NtCreateToken
RtlAddAccessAllowedAce
RtlAllocateAndInitializeSid
RtlPcToFileHeader
RtlLookupFunctionEntry
NtSetInformationToken
RtlVirtualUnwind
RtlFreeSid
RtlUnwindEx
RtlCaptureContext

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 726KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

928303578fc08460a629ed66bc9881b6

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

crypt32

esent

netapi32

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

ntdll

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 726KB - Virtual size: 725KB

.data Size: 36KB - Virtual size: 52KB

.pdata Size: 101KB - Virtual size: 100KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 726KB - Virtual size: 725KB

.data
Size: 36KB - Virtual size: 52KB

.pdata
Size: 101KB - Virtual size: 100KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 7KB