ea018385dc694013e34b663dc25cee6fc23a06ea74e9168ded9a5156c07f091a[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ea018385dc694013e34b663dc25cee6fc23a06ea74e9168ded9a5156c07f091a.exe
Size

5.2MB
MD5

6f5196db4ea6bce13a14a00c955d4de7
SHA1

2eabc413b7d3d727cae42cf46050aedeafbbe09a
SHA256

ea018385dc694013e34b663dc25cee6fc23a06ea74e9168ded9a5156c07f091a
SHA512

1fd2de1f2a70c0188a782c03bba7538626db702074846a36b62c3e17c33ce452b509b0107beeecca29cae1c8c5f99eb211e8d0e53a07b56d8311d9c96fa2b5c3
SSDEEP

49152:AVDPrmUer+As3r+hXFDD5y8peM7JhehO8KpahR1ik9kfU/cCpeby8/hIcW0Jsw7p:nCAsop7DJaLZ9qecull3r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea018385dc694013e34b663dc25cee6fc23a06ea74e9168ded9a5156c07f091a.exe

Files

ea018385dc694013e34b663dc25cee6fc23a06ea74e9168ded9a5156c07f091a.exe
.exe windows:6 windows x64 arch:x64

0fd97ac01fa3d8dc67d15b391f0ef37b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WakeByAddressSingle
WaitOnAddress

bcryptprimitives

ProcessPrng

ntdll

RtlNtStatusToDosError
RtlPcToFileHeader
NtDeviceIoControlFile
NtCancelIoFileEx
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtReadFile
NtWriteFile
NtCreateFile

kernel32

GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
GetModuleHandleA
GetProcAddress
CreateWaitableTimerExW
SetWaitableTimer
Sleep
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
lstrlenW
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
GetFullPathNameW
FlushFileBuffers
GetQueuedCompletionStatusEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
SetLastError
GetSystemInfo
WaitForSingleObject
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetCurrentProcess
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
SetThreadStackGuarantee
GetCurrentThread
CreateMutexA
ReleaseMutex
DeleteFileW
CopyFileExW
SwitchToThread
SetFileInformationByHandle
GetModuleFileNameW
CreateFileW
PostQueuedCompletionStatus
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetExitCodeProcess
TerminateProcess
GetLastError
GetSystemTimePreciseAsFileTime
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
LoadLibraryA
AddVectoredExceptionHandler
CloseHandle
GetFileInformationByHandle
HeapFree
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FindClose
WaitForSingleObjectEx
SetFilePointerEx
LoadLibraryExW

ws2_32

getpeername
getsockopt
select
getsockname
WSAGetLastError
accept
WSAIoctl
ioctlsocket
socket
listen
setsockopt
getaddrinfo
closesocket
freeaddrinfo
WSAStartup
WSACleanup
recv
send
WSASend
shutdown
connect
bind
WSASocketW

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance

user32

EnumDisplayMonitors
GetMonitorInfoW
EnumDisplaySettingsExW

gdi32

CreateDCW
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
DeleteDC

bcrypt

BCryptGenRandom

advapi32

FreeSid
RegQueryValueExW
RegCloseKey
CheckTokenMembership
SystemFunction036
AllocateAndInitializeSid
RegOpenKeyExW

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CryptUnprotectData
CertVerifyCertificateChainPolicy
CertOpenStore
CertCloseStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateChain

secur32

QueryContextAttributesW
FreeCredentialsHandle
ApplyControlToken
AcquireCredentialsHandleA
EncryptMessage
DecryptMessage
DeleteSecurityContext
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer

oleaut32

SafeArrayGetLBound
SafeArrayUnaccessData
SysAllocStringLen
SafeArrayGetUBound
SafeArrayAccessData
SysFreeString
SafeArrayDestroy
VariantClear

rstrtmgr

RmRegisterResources
RmGetList
RmStartSession

api-ms-win-crt-math-l1-1-0

log
__setusermatherr
exp2f
_dclass
ceil
truncf
roundf
pow

api-ms-win-crt-string-l1-1-0

strcmp
wcsncmp
strlen
strcpy_s
strncmp
strcspn

api-ms-win-crt-heap-l1-1-0

calloc
_msize
realloc
malloc
_set_new_mode
free

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_endthreadex
terminate
_beginthreadex
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_crt_atexit
_initterm_e
exit
_exit
abort
_register_thread_local_exe_atexit_callback
__p___argc
_seh_filter_exe
__p___argv
_register_onexit_function
_cexit
_c_exit
_initialize_onexit_table
_set_app_type

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fd97ac01fa3d8dc67d15b391f0ef37b

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

ntdll

kernel32

ws2_32

ole32

user32

gdi32

bcrypt

advapi32

crypt32

secur32

oleaut32

rstrtmgr

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 24KB - Virtual size: 28KB

.pdata Size: 82KB - Virtual size: 82KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 24KB - Virtual size: 28KB

.pdata
Size: 82KB - Virtual size: 82KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 35KB - Virtual size: 35KB