9e8ab19997ff1bef195fadfea275f0970545d8de074c9659a5db9715b6fd1406

Sharing

Copy URL

Twitter E-mail

General

Target

9e8ab19997ff1bef195fadfea275f0970545d8de074c9659a5db9715b6fd1406
Size

1011KB
MD5

634542e6314b8e8292d207a30f546148
SHA1

347afc9918bc71e5de45ed38b33684da709de531
SHA256

9e8ab19997ff1bef195fadfea275f0970545d8de074c9659a5db9715b6fd1406
SHA512

a5ab7d74f616a35cc46aa6a428a9009f770da2166a2d3a5e4be8e77b2f0ff9618e801115bf2793d95491b143201810de7bdaaef889fcc2bec9276b4da3a66719
SSDEEP

24576:Q91vsDOaH4urtF2BHU+y9XvDJmzNlSduK:Q9dcYurtF2BHU+ytDJmBlSd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e8ab19997ff1bef195fadfea275f0970545d8de074c9659a5db9715b6fd1406

Files

9e8ab19997ff1bef195fadfea275f0970545d8de074c9659a5db9715b6fd1406
.dll windows:6 windows x64 arch:x64

f4fca2fea1a38c676a536a85c119f776

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\adwsf\axa\I Follow You\x64\Release\I Follow You.pdb

Imports

kernel32

ReadFile
GetFileSizeEx
FindFirstFileA
HeapFree
GetCurrentProcess
WriteFile
DeviceIoControl
FindNextFileA
CreatePipe
FindClose
FreeLibraryAndExitThread
GetModuleHandleA
Sleep
GetTempPathA
GetFileAttributesA
CreateFileA
LoadLibraryA
DeleteFileA
CloseHandle
GetSystemInfo
CreateThread
HeapAlloc
GetProcAddress
LocalFree
GetFileSize
ExitProcess
GetProcessHeap
GlobalMemoryStatusEx
FreeLibrary
CreateProcessA
IsDebuggerPresent
CheckRemoteDebuggerPresent
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
CreateFileW
GetLocaleInfoEx
FormatMessageA
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

user32

GetCursorPos
MessageBoxA

msvcp140

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Strxfrm
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Winerror_map@std@@YAHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Strcoll

winhttp

WinHttpOpenRequest
WinHttpCloseHandle
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpReceiveResponse

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
memset
memcmp
_CxxThrowException
__C_specific_handler
strchr
__std_terminate
__std_exception_copy
__std_exception_destroy
memmove
memcpy
memchr

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
abort
_crt_atexit
exit
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_cexit
_errno
_initterm
_initterm_e

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
malloc
free

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-string-l1-1-0

isspace
isalnum

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-math-l1-1-0

sqrt

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 857KB - Virtual size: 857KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4fca2fea1a38c676a536a85c119f776

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

winhttp

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 139KB - Virtual size: 139KB

.rdata Size: 857KB - Virtual size: 857KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 348B

.text
Size: 139KB - Virtual size: 139KB

.rdata
Size: 857KB - Virtual size: 857KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 348B