a80aefdf6abe46a9dd8180cf9bf5a1e74a3ed11b3674c846a29654044d400b61

Sharing

Copy URL Twitter E-mail

General

Target

a80aefdf6abe46a9dd8180cf9bf5a1e74a3ed11b3674c846a29654044d400b61
Size

16.5MB
MD5

4916689e7879b8593a931f94a57dd28b
SHA1

55b947eff2a16495ec87e84cc2af60bf80045362
SHA256

a80aefdf6abe46a9dd8180cf9bf5a1e74a3ed11b3674c846a29654044d400b61
SHA512

5657e122624e5b62a439671915808f6dca9450211a7cc43604c708711f204c64db3a9e1abe98981dd7012830e1901cccd04847b621248ce87c5180b7ddc68555
SSDEEP

393216:ulDXeasBhSJDH5binvzH33XOB2qFY4wo9OP3/NGIzI:uNuPSJ7ivzH33w2NDs8vN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a80aefdf6abe46a9dd8180cf9bf5a1e74a3ed11b3674c846a29654044d400b61

Files

a80aefdf6abe46a9dd8180cf9bf5a1e74a3ed11b3674c846a29654044d400b61
.exe windows:6 windows x64 arch:x64

0118aee732bfa6395e08d534e15126a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

MessageBoxW

pdh

PdhAddEnglishCounterW

kernel32

CreateRemoteThread
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

iphlpapi

GetIfTable2

netapi32

NetApiBufferFree

secur32

LsaFreeReturnBuffer

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

shell32

CommandLineToArgvW

ole32

CoSetProxyBlanket

ws2_32

WSASocketW

ntdll

NtDeviceIoControlFile

crypt32

CertDuplicateCertificateChain

powrprof

CallNtPowerInformation

oleaut32

GetErrorInfo

psapi

GetPerformanceInfo

Sections

.text
Size: - Virtual size: 984KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata0
Size: - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata2
Size: 16.4MB - Virtual size: 16.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0118aee732bfa6395e08d534e15126a8

Headers

DLL Characteristics

File Characteristics

Imports

user32

pdh

kernel32

iphlpapi

netapi32

secur32

bcrypt

advapi32

shell32

ole32

ws2_32

ntdll

crypt32

powrprof

oleaut32

psapi

Sections

.text Size: - Virtual size: 984KB

.rdata Size: - Virtual size: 464KB

.data Size: - Virtual size: 7KB

.pdata Size: - Virtual size: 32KB

_RDATA Size: - Virtual size: 348B

.rdata0 Size: - Virtual size: 9.6MB

.rdata1 Size: 4KB - Virtual size: 3KB

.rdata2 Size: 16.4MB - Virtual size: 16.4MB

.rsrc Size: 131KB - Virtual size: 131KB

.text
Size: - Virtual size: 984KB

.rdata
Size: - Virtual size: 464KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 32KB

_RDATA
Size: - Virtual size: 348B

.rdata0
Size: - Virtual size: 9.6MB

.rdata1
Size: 4KB - Virtual size: 3KB

.rdata2
Size: 16.4MB - Virtual size: 16.4MB

.rsrc
Size: 131KB - Virtual size: 131KB