f42788631ecef3ebd8f75413b5b31e511e9d82f96fcc905590dfc417b28fea24

Sharing

Copy URL Twitter E-mail

General

Target

f42788631ecef3ebd8f75413b5b31e511e9d82f96fcc905590dfc417b28fea24
Size

1.5MB
MD5

098dcf193798f0da45eb2eacc70cc314
SHA1

15633f70bd9e2373f17e7c001c6c95a73dbc71b9
SHA256

f42788631ecef3ebd8f75413b5b31e511e9d82f96fcc905590dfc417b28fea24
SHA512

61ca9008b114574230493013ebf86fa6dc3788734aba7a4fe2264f00de6702c9472cbbe2a9dc507c718c91238600ef66f307c1e9e897e28e0ca71f5cb93b178b
SSDEEP

24576:kvSicXQmsitlOWROSXOTjcUiTZBC+wSpOl5MHnuZtGwJ1xEEbU85qOmAJbCh:YSicHROwOTjNiTj+Bl5MHnuZtjJj885k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/70a5cd603080342bbfb3bf02157336e5480a3450fa2bf59443c26cedbd6699d4.exe

Files

f42788631ecef3ebd8f75413b5b31e511e9d82f96fcc905590dfc417b28fea24
.zip

Password: infected
70a5cd603080342bbfb3bf02157336e5480a3450fa2bf59443c26cedbd6699d4.exe
.exe windows:6 windows x64 arch:x64

8f0b011d57f560864c19d21985cc2bcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
RegSetValueExW
OpenProcessToken
GetTokenInformation
DuplicateTokenEx
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
CheckTokenMembership
EventWrite
EventRegister
EventEnabled
AdjustTokenPrivileges
LookupPrivilegeValueW

bcrypt

BCryptDecrypt
BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptGenRandom
BCryptEncrypt

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
CloseThreadpoolIo
SetLastError
SetThreadErrorMode
GetLastError
GetModuleFileNameW
MultiByteToWideChar
GetStdHandle
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryExW
GetSystemTime
GetTickCount64
GetCurrentProcessorNumber
GetCurrentProcess
GetCurrentThread
Sleep
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
InitializeCriticalSection
InitializeConditionVariable
WaitForMultipleObjectsEx
GetFileAttributesExW
GetVolumeInformationW
ReplaceFileW
GetFullPathNameW
GetLongPathNameW
WideCharToMultiByte
GetCPInfo
LocalAlloc
GetConsoleOutputCP
WriteFile
GetProcAddress
RaiseFailFastException
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
CopyFileExW
CreateDirectoryW
CreateFileW
DeleteFileW
DeleteVolumeMountPointW
CreateSymbolicLinkW
DeviceIoControl
ExpandEnvironmentStringsW
FindNextFileW
FindClose
FindFirstFileExW
FreeLibrary
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetLogicalDrives
GetOverlappedResult
MoveFileExW
ReadFile
RemoveDirectoryW
SetFileAttributesW
SetFileInformationByHandle
DuplicateHandle
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
CloseHandle
SetEvent
CreateEventExW
FormatMessageW
CreateProcessA
GetConsoleWindow
LoadLibraryA
FreeConsole
AllocConsole
ResumeThread
ExitProcess
GetCurrentProcessId
FlushProcessWriteBuffers
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
TerminateProcess
SwitchToThread
CreateThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetEnvironmentVariableW
ResetEvent
DebugBreak
WaitForSingleObject
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateGuid
CoWaitForMultipleHandles
CoGetApartmentType

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

modf
pow
ceil
__setusermatherr

api-ms-win-crt-string-l1-1-0

wcsncmp
_wcsicmp
strcpy_s
strcmp

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
_seh_filter_exe
_set_app_type
abort
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
__p___argc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

8f0b011d57f560864c19d21985cc2bcf

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

ole32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 421KB - Virtual size: 420KB

.managed Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 121KB - Virtual size: 177KB

.pdata Size: 99KB - Virtual size: 98KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 236KB - Virtual size: 236KB

.reloc Size: 58KB - Virtual size: 57KB

.text
Size: 421KB - Virtual size: 420KB

.managed
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 121KB - Virtual size: 177KB

.pdata
Size: 99KB - Virtual size: 98KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 236KB - Virtual size: 236KB

.reloc
Size: 58KB - Virtual size: 57KB