3cfb75f7dd6dd808d8b4b22e452a432314f55197d7821ad3726bf3649d8b4eba

Sharing

Copy URL Twitter E-mail

General

Target

3cfb75f7dd6dd808d8b4b22e452a432314f55197d7821ad3726bf3649d8b4eba
Size

477KB
MD5

1d516f770f316deeeb829f9488022802
SHA1

b5798c88420d58404df82408f2ae18f37b583e20
SHA256

3cfb75f7dd6dd808d8b4b22e452a432314f55197d7821ad3726bf3649d8b4eba
SHA512

2a7d753a476cc2c6f919ccc01188d61f4e248993a9786345fb48fb9632e193793602540826b65c575eb0230952f4ecccc48886030cd8029b2349803d6bc6173b
SSDEEP

12288:TAnxiFtfRf4eJZ8mKaLmfqX8Rogmo3rBiOj:TWiFjYoL09ogNBiOj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/81866ba9249d43503a4905a8df592e577b341c74515eba7e16981d0e959234a7.exe

Files

3cfb75f7dd6dd808d8b4b22e452a432314f55197d7821ad3726bf3649d8b4eba
.zip

Password: infected
81866ba9249d43503a4905a8df592e577b341c74515eba7e16981d0e959234a7.exe
.exe windows:6 windows x64 arch:x64

167afe77d4c7c7c2076ad00416cf39fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

kernel32

InitializeSListHead
CloseHandle
Sleep
SetLastError
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
GetModuleHandleA
GetProcAddress
GetCurrentThread
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
GetTempPathW
CreateFileW
GetFullPathNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
AcquireSRWLockExclusive
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateThread
CreateNamedPipeW
ReadFileEx
SleepEx
WriteFileEx
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SetFilePointerEx
GetConsoleOutputCP
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlPcToFileHeader
WriteFile
ExitProcess
TerminateProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
HeapSize
FlushFileBuffers

ntdll

NtWriteFile
RtlNtStatusToDosError

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

167afe77d4c7c7c2076ad00416cf39fc

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

advapi32

kernel32

ntdll

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 401KB - Virtual size: 400KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 10KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 401KB - Virtual size: 400KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 10KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 3KB - Virtual size: 2KB