1bf068b0635face1c96c5654f3471c897eff25478f55cbf805f1f2c108544b87

Sharing

Copy URL Twitter E-mail

General

Target

1bf068b0635face1c96c5654f3471c897eff25478f55cbf805f1f2c108544b87
Size

9.4MB
MD5

b91b19755286f89f843bd55800fb6a11
SHA1

c3f6c80abaa82d492e09b3f64e654b7563940efe
SHA256

1bf068b0635face1c96c5654f3471c897eff25478f55cbf805f1f2c108544b87
SHA512

b141fb7a29a6a368d994cc3ed9c0effbef68905e36d8bbdfaa025f0e3638881a38e626900a1ff2bc12884f8b2a64ac0455c62615397fcd3ad559e39cf61b565e
SSDEEP

98304:Dx4M0Mr5O2lBleNyfQ5b2WpogzEBt0QJcc5o60o5:DxT5hBl8MZ08J5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bf068b0635face1c96c5654f3471c897eff25478f55cbf805f1f2c108544b87

Files

1bf068b0635face1c96c5654f3471c897eff25478f55cbf805f1f2c108544b87
.exe windows:6 windows x64 arch:x64

4b091ca768d9ef4cc1947656889dac33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

heyz.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

ntdll

NtQuerySystemInformation
RtlGetVersion
VerSetConditionMask
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
NtReadFile
NtWriteFile
RtlUnwind
NtCreateFile
NtCancelIoFileEx
NtQueryInformationProcess
RtlUnwindEx
RtlPcToFileHeader
RtlNtStatusToDosError
NtDeviceIoControlFile

kernel32

GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetTimeZoneInformation
GetConsoleOutputCP
GetCommandLineA
GetModuleHandleW
GetSystemInfo
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
GetTickCount
FlushFileBuffers
QueryPerformanceCounter
SetLastError
GetFinalPathNameByHandleW
SetFileInformationByHandle
LCMapStringW
lstrlenW
GetProcAddress
GetModuleHandleA
Sleep
GetLastError
SetStdHandle
FindFirstFileExW
CloseHandle
IsValidCodePage
GetProcessHeap
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetOEMCP
GetCPInfo
DuplicateHandle
GetCommandLineW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFilePointerEx
SetEnvironmentVariableW
GetCurrentProcessId
GetEnvironmentVariableW
GetCurrentProcess
SetHandleInformation
GetEnvironmentStringsW
SystemTimeToFileTime
GetCurrentDirectoryW
CreateMutexA
GetCurrentThread
CreateThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SetEvent
CreateEventA
ReadConsoleW
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
QueryPerformanceFrequency
GetSystemDirectoryA
GetWindowsDirectoryW
GetSystemDirectoryW
MoveFileExA
GetEnvironmentVariableA
ReadFileEx
CreateNamedPipeW
GetStringTypeW
SwitchToThread
SetThreadStackGuarantee
PostQueuedCompletionStatus
SleepEx
VerifyVersionInfoW
GetFileSizeEx
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
CancelIoEx
WriteFile
GetOverlappedResult
AddVectoredExceptionHandler
ExitProcess
GetComputerNameExW
LoadLibraryExW
CompareStringOrdinal
DeleteProcThreadAttributeList
GetModuleFileNameW
GlobalMemoryStatusEx
GetFileType
GetConsoleMode
CancelIo
FreeEnvironmentStringsW
CreateWaitableTimerA
WaitForMultipleObjects
CancelWaitableTimer
SetWaitableTimer
ResetEvent
FreeLibrary
WideCharToMultiByte
GetACP
GetSystemTimeAsFileTime
ReadProcessMemory
VirtualQueryEx
OpenProcess
GetSystemTimes
GetProcessTimes
VerifyVersionInfoA
GetExitCodeProcess
GetProcessIoCounters
CopyFileExW
SetFileAttributesW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GetFileInformationByHandle
K32GetPerformanceInfo
GetDriveTypeW
FindClose
DeviceIoControl
FindNextFileW
ReleaseMutex
IsWow64Process
GetVersionExA
GetQueuedCompletionStatus
TlsFree
TlsSetValue
TlsAlloc
SleepConditionVariableCS
ReadFile
LoadLibraryExA
GetSystemTimePreciseAsFileTime
CreateEventW
TerminateProcess
WriteFileEx
GetStdHandle
TlsGetValue
InitializeConditionVariable
WakeAllConditionVariable

ws2_32

send
recv
getpeername
getsockname
accept
WSASocketW
setsockopt
WSACloseEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
WSASetLastError
htons
ntohs
__WSAFDIsSet
select
WSAStartup
WSACleanup
getaddrinfo
htonl
WSACreateEvent
listen
connect
closesocket
ioctlsocket
socket
WSAGetLastError
WSAIoctl
getsockopt
bind
freeaddrinfo

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertFindCertificateInStore
CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
PFXImportCertStore
CertOpenStore
CertCloseStore
CryptUnprotectData
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext
CryptStringToBinaryA
CryptDecodeObjectEx

shell32

CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoTaskMemFree

advapi32

CryptReleaseContext
CopySid
CryptAcquireContextA
GetTokenInformation
GetLengthSid
IsValidSid
OpenProcessToken
GetUserNameW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
SystemFunction036

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
VariantClear
SafeArrayAccessData
SysStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayUnaccessData

bcrypt

BCryptGenRandom

pdh

PdhGetFormattedCounterValue
PdhOpenQueryA
PdhRemoveCounter
PdhCollectQueryData
PdhAddEnglishCounterW
PdhCloseQuery

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

powrprof

CallNtPowerInformation

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 174KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b091ca768d9ef4cc1947656889dac33

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ntdll

kernel32

ws2_32

crypt32

shell32

ole32

advapi32

oleaut32

bcrypt

pdh

psapi

powrprof

Sections

.text Size: 7.2MB - Virtual size: 7.2MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 174KB - Virtual size: 191KB

.pdata Size: 394KB - Virtual size: 393KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 7.2MB - Virtual size: 7.2MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 174KB - Virtual size: 191KB

.pdata
Size: 394KB - Virtual size: 393KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 26KB - Virtual size: 26KB