311b4bc483caf8033920b9f0c0dfdb8b17e9e1a0526753e69ef54638555b0320

Sharing

Copy URL Twitter E-mail

General

Target

311b4bc483caf8033920b9f0c0dfdb8b17e9e1a0526753e69ef54638555b0320
Size

8.2MB
MD5

caed4156d41d099578de4af08a2131b9
SHA1

357aad1e8da9332e5f4e797bdc6a00a0c19509d6
SHA256

311b4bc483caf8033920b9f0c0dfdb8b17e9e1a0526753e69ef54638555b0320
SHA512

c50cea64b97e6392ecbc852b838abe612fae1d9330f890c55e431bd2acd7f2c76b4ba12ab90cd2c1d260c2ea5c8e0f3f98abcf731d4b26ee331eaed27cfad2bc
SSDEEP

196608:riwyhFj6hMpiWSd6oxfwEX5BBEX+yyZIdHti2qPcmepOsn+v:Gwa+hMcWSX5BB+6Ziqf5v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
311b4bc483caf8033920b9f0c0dfdb8b17e9e1a0526753e69ef54638555b0320

Files

311b4bc483caf8033920b9f0c0dfdb8b17e9e1a0526753e69ef54638555b0320
.exe windows:6 windows x64 arch:x64

21393f9065afe5d74a207dc873868627

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

msvcrt

_CxxThrowException

ntdll

RtlCharToInteger

advapi32

MD5Init
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

comctl32

ord410

kernel32

GetSystemDirectoryW
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowThreadProcessId

Sections

.text
Size: - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tlyznk
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.niitwr
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nnfk
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21393f9065afe5d74a207dc873868627

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-security-sddl-l1-1-0

msvcrt

ntdll

advapi32

comctl32

kernel32

user32

Sections

.text Size: - Virtual size: 347KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: - Virtual size: 46KB

.tlyznk Size: - Virtual size: 8.2MB

.niitwr Size: 8.1MB - Virtual size: 8.1MB

.nnfk Size: 1024B - Virtual size: 736B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 347KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: - Virtual size: 46KB

.tlyznk
Size: - Virtual size: 8.2MB

.niitwr
Size: 8.1MB - Virtual size: 8.1MB

.nnfk
Size: 1024B - Virtual size: 736B

.rsrc
Size: 512B - Virtual size: 480B