abee6076d890dbcd1cfe352afeac54ac8103c99517ead4395c32a78d78d3240d

Sharing

Copy URL Twitter E-mail

General

Target

abee6076d890dbcd1cfe352afeac54ac8103c99517ead4395c32a78d78d3240d
Size

5.6MB
MD5

dea2fc3582dc923956ed2ac9cbe98bb0
SHA1

f566a2503f76116afdfb8e8c1921ca555d99aaf5
SHA256

abee6076d890dbcd1cfe352afeac54ac8103c99517ead4395c32a78d78d3240d
SHA512

a67c10b714fdc110cb3ae8b4e0fd68beb80b92af5b76440d795a851f4c9a79858e2088dbe8733c0ab8ca16b033761f866087998552d667cb4b3ae1bb9e44448d
SSDEEP

98304:iPrMoCCXG5+M5O7hbLbojkzBAw7uijSoe1GEf5j7H9Bc/lw+:/9+G+ygaw7uiuv4E97Hfctd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abee6076d890dbcd1cfe352afeac54ac8103c99517ead4395c32a78d78d3240d

Files

abee6076d890dbcd1cfe352afeac54ac8103c99517ead4395c32a78d78d3240d
.exe windows:6 windows x64 arch:x64

78073c6faa8543d964f42d25c77bd29f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcess
GetLocalTime
GetVersionExA
GetProductInfo
FreeLibrary
GetModuleHandleA
LocalFree
FormatMessageW
LoadLibraryA
VerifyVersionInfoA
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
CreateMutexA
FindClose
FindFirstFileW
FindNextFileW
GetFullPathNameW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
SetLastError
LoadLibraryW
WriteFile
GetFileAttributesW
FileTimeToLocalFileTime
DeleteFileW
CreateFileW
GetCurrentDirectoryW
GetEnvironmentVariableW
VerSetConditionMask
CloseHandle
ReleaseSemaphore
CreateSemaphoreW
GetVersionExW
GetLastError
GetProcAddress

user32

GetSystemMetrics
PostMessageW
SendMessageW

advapi32

OpenProcessToken
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ConvertSidToStringSidA
ConvertStringSidToSidA
CryptAcquireContextW
CryptReleaseContext
CryptGenKey
CryptDestroyKey

shell32

SHCreateDirectoryExW
ord680

ole32

CoCreateGuid

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CertOpenStore
CertAddCertificateContextToStore
CertFindCertificateInStore

msvcr120

_CxxThrowException
_itoa
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
__winitenv
__C_specific_handler
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
printf
wprintf
memmove
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
strtol
wcstol
towupper
_purecall
wcsrchr
isspace
memcpy
memset
strcmp
strlen
_strdup
strncat
strncmp
strtok
wcslen
calloc
free
malloc
realloc
_open_osfhandle
fclose
_fdopen
fopen
fread
fseek
ftell
fwrite
_snprintf_s
__CxxFrameHandler3
_snprintf
sprintf
_snwprintf
_wassert
strncpy
strcat
_strlwr
_wcslwr
__iob_func
fprintf
vfprintf
_vsnprintf_s
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z

setupapi

SetupUninstallOEMInfW
SetupCopyOEMInfW

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78073c6faa8543d964f42d25c77bd29f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wintrust

crypt32

msvcr120

msvcp120

setupapi

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 5.5MB - Virtual size: 5.5MB

.data Size: 72KB - Virtual size: 74KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 72KB - Virtual size: 74KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 7KB - Virtual size: 7KB