4a0118228d292b4a333ffeee4cf2155631c3dd4ee2666869af1a95d9e8aa9dec

Sharing

Copy URL Twitter E-mail

General

Target

4a0118228d292b4a333ffeee4cf2155631c3dd4ee2666869af1a95d9e8aa9dec
Size

857KB
MD5

f56c8e63c76d2d0a056c229e18c48d43
SHA1

c7badb1f3039efb2e529f1b219d820326348e278
SHA256

4a0118228d292b4a333ffeee4cf2155631c3dd4ee2666869af1a95d9e8aa9dec
SHA512

4425f34566c7d9324549c1289d74aac34a86b03745d5b5083e7be8b85f9a753b6805afcd00befcba6fab88c1479e04ef1567bbd232f653040a537f0e97c98d40
SSDEEP

12288:f6jD9sXoDAHYJCrdnmst4oCCtBHysm+ztyMSfATjof3k9DMLftDF/:f6jD9nDAH1rdnXf/HysLolATjIv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a0118228d292b4a333ffeee4cf2155631c3dd4ee2666869af1a95d9e8aa9dec

Files

4a0118228d292b4a333ffeee4cf2155631c3dd4ee2666869af1a95d9e8aa9dec
.exe windows:5 windows x64 arch:x64

0131ea7e4070bea0c9babfe18926e1c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dbghelp

SymSetOptions
MiniDumpWriteDump
SymGetTypeInfo
SymEnumSymbols
SymFromAddr
SymSetContext
SymInitialize
SymGetLineFromAddr64
SymGetModuleBase64
SymFunctionTableAccess64
SymCleanup
StackWalk64

kernel32

RemoveDirectoryW
GetCurrentDirectoryW
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
TlsAlloc
TlsFree
LocalFree
FormatMessageA
VerSetConditionMask
CloseHandle
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
CancelIoEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
SleepEx
CreateMutexW
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
CreateSemaphoreW
QueueUserAPC
GetCurrentProcessId
TerminateThread
TlsGetValue
TlsSetValue
CreateWaitableTimerA
VerifyVersionInfoA
CreateFileW
WideCharToMultiByte
GetStdHandle
GetCurrentProcess
SetPriorityClass
GetProcessAffinityMask
SetProcessAffinityMask
GetConsoleMode
SetConsoleMode
FlushConsoleInputBuffer
SetConsoleScreenBufferSize
SetConsoleWindowInfo
CreateDirectoryA
CreateFileA
SetFilePointer
WriteFile
IsDebuggerPresent
RaiseException
SetUnhandledExceptionFilter
GetCurrentThread
OpenThread
GetThreadContext
GetSystemInfo
GetLocalTime
VirtualQuery
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalMemoryStatus
LocalAlloc
CreateToolhelp32Snapshot
Thread32First
Thread32Next
WriteConsoleW
GetFileAttributesA
Sleep
GetDynamicTimeZoneInformation
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetOEMCP
GetACP
IsValidCodePage
CreateDirectoryW
HeapSize
SetEndOfFile
SetConsoleTitleA
ReleaseSRWLockExclusive
MoveFileExW
GetTimeZoneInformation
DeleteFileW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetFullPathNameW
GetDriveTypeW
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
InitializeSRWLock
RtlUnwind
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
RtlPcToFileHeader
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
MultiByteToWideChar
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
InitializeSListHead
RtlUnwindEx
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
CreateThread
ExitThread
FreeLibraryAndExitThread
ReadFile
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetStdHandle
GetFileType

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ws2_32

WSASetLastError
shutdown
ntohl
htonl
getsockopt
getpeername
WSAAddressToStringW
WSASend
WSAGetLastError
setsockopt
listen
htons
ioctlsocket
closesocket
bind
WSACleanup
WSAStartup
WSARecv
WSASocketW

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 615KB - Virtual size: 615KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0131ea7e4070bea0c9babfe18926e1c7

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

kernel32

advapi32

ws2_32

mswsock

Sections

.text Size: 615KB - Virtual size: 615KB

.rdata Size: 183KB - Virtual size: 182KB

.data Size: 22KB - Virtual size: 34KB

.pdata Size: 30KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 615KB - Virtual size: 615KB

.rdata
Size: 183KB - Virtual size: 182KB

.data
Size: 22KB - Virtual size: 34KB

.pdata
Size: 30KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB