915b503140ade847aac4effb9a4766bb77fdcb433f222326daf9e6f4d9e36f73

Sharing

Copy URL Twitter E-mail

General

Target

915b503140ade847aac4effb9a4766bb77fdcb433f222326daf9e6f4d9e36f73
Size

620KB
MD5

c6e9311b3573f448ed656b16f8837dd3
SHA1

2f28eb052f6e97c40f571a5a4e20f2321e7994e3
SHA256

915b503140ade847aac4effb9a4766bb77fdcb433f222326daf9e6f4d9e36f73
SHA512

5523f76497984cdb08de953505991ca5c1166ecd12ea8c38dbac1ee7860d9f2c3c960d9d45790c899a66d0687dda947e41e3efd38146651e761b0dd489037f39
SSDEEP

12288:fxqus4VhqknQKIY/lf+ul2wQ5jLKPOFbWZ3TjnoIJhOmxbuaToo:JqNQl/2wkLrFbWlnBO9a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
915b503140ade847aac4effb9a4766bb77fdcb433f222326daf9e6f4d9e36f73

Files

915b503140ade847aac4effb9a4766bb77fdcb433f222326daf9e6f4d9e36f73
.exe windows:5 windows x86 arch:x86

8bb12760be715b94ff3bf7193ffac3f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\WindowsClient\CODE\Release\NamLoader.pdb

Imports

kernel32

FormatMessageA
CreateEventW
WTSGetActiveConsoleSessionId
OpenProcess
WaitForMultipleObjects
Sleep
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ProcessIdToSessionId
CreateThread
WideCharToMultiByte
LocalFree
CreateMutexW
OpenEventW
HeapFree
GetProcessHeap
HeapAlloc
WaitForSingleObject
SetEvent
CloseHandle
SetFilePointer
DeleteFileW
GetModuleFileNameA
GetLastError
CreateDirectoryA
MultiByteToWideChar
GetFileAttributesA
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
SetEnvironmentVariableW
LoadLibraryW
PeekNamedPipe
GetFileInformationByHandle
ReadConsoleW
SetEndOfFile
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
ReadFile
GetTimeZoneInformation
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetOEMCP
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
GetStringTypeW
TlsGetValue
GetCurrentProcessId
OutputDebugStringW
TlsSetValue
TlsAlloc
TlsFree
UnlockFile
LockFileEx
GetSystemTimeAsFileTime
GetCurrentDirectoryW
InitializeCriticalSection
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
InterlockedCompareExchange
InterlockedExchangeAdd
GetCurrentThreadId
SwitchToThread
GetCurrentProcess
AllocConsole
SetConsoleTextAttribute
WriteFile
GetConsoleMode
WriteConsoleW
GetStdHandle
GetConsoleScreenBufferInfo
GetFileType
GetCommandLineW
RaiseException
RtlUnwind
IsProcessorFeaturePresent
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetStartupInfoW
GetModuleHandleW
GetProcAddress
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
MoveFileExW
CreateFileW
SetStdHandle
FileTimeToLocalFileTime
FindClose
FindFirstFileExW
GetDriveTypeW
FileTimeToSystemTime
CreateDirectoryW
GetFullPathNameW
ExitThread
LoadLibraryExW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
HeapSize
GetModuleFileNameW
IsValidCodePage
GetACP
VirtualQuery

advapi32

RegisterEventSourceW
CopySid
RegCreateKeyExW
DeregisterEventSource
ReportEventW
GetLengthSid
RegSetValueExW
CloseServiceHandle
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RevertToSelf
CreateProcessAsUserW
DuplicateTokenEx
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation

ws2_32

gethostname
connect
WSAStartup
htonl
WSASocketW
WSAGetLastError
htons
shutdown
setsockopt
WSACleanup
recv
closesocket
gethostbyname
send
WSAStringToAddressW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bb12760be715b94ff3bf7193ffac3f8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

userenv

Sections

.text Size: 453KB - Virtual size: 453KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 15KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 453KB - Virtual size: 453KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 15KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 53KB - Virtual size: 53KB