7901b30056a1f0bae9177a5e603aeb01d08e131cca1ee611699ca5a07dd7a6d0

Sharing

Copy URL Twitter E-mail

General

Target

7901b30056a1f0bae9177a5e603aeb01d08e131cca1ee611699ca5a07dd7a6d0
Size

392KB
MD5

eeb53438f2af2c5e730b8e87fc62dcf0
SHA1

e9a602919823384d2cf6c340ea4d0298c004c46d
SHA256

7901b30056a1f0bae9177a5e603aeb01d08e131cca1ee611699ca5a07dd7a6d0
SHA512

9405e7da40675d24ebaa34fd9a048d43a2cb312166e1e677aaa9079bce01017784f9521e0cb49ec9dd5118594d1254b2e7e40af71509fc44fa437b27f8f61f26
SSDEEP

12288:w58mjmuPCl52ZKMiIZZZVulMIt5PoUcV84:w58hcZKMpXVul7PbcVP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7901b30056a1f0bae9177a5e603aeb01d08e131cca1ee611699ca5a07dd7a6d0

Files

7901b30056a1f0bae9177a5e603aeb01d08e131cca1ee611699ca5a07dd7a6d0
.exe windows:5 windows x64 arch:x64

babddf69b7eead0db4b4e61cc835cf09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\slimjet\current\src\out\release_x64\crash_service.exe.pdb

Imports

wininet

HttpSendRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
HttpQueryInfoW
InternetCrackUrlW
HttpAddRequestHeadersW
HttpOpenRequestW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW

kernel32

SetEnvironmentVariableA
LoadResource
LockResource
SizeofResource
FindResourceW
GetUserDefaultUILanguage
CreateMutexW
SetFilePointer
WaitForSingleObject
GetTickCount
WriteFile
GetModuleFileNameW
CreateFileW
GetLastError
SetLastError
OutputDebugStringA
ReleaseMutex
CloseHandle
DeleteFileW
GetCurrentProcessId
GetCommandLineW
LocalFree
MoveFileExW
GetCurrentProcess
CreateDirectoryW
CopyFileW
GetFileAttributesW
ReadFile
GetTempPathW
GetCurrentDirectoryW
SetFileAttributesW
Sleep
RaiseException
IsDebuggerPresent
GetCurrentThreadId
DuplicateHandle
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindFirstFileW
FindClose
FindNextFileW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetModuleHandleW
GetProcAddress
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleHandleExW
GetNativeSystemInfo
GetVersionExW
CreateEventW
ExpandEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
RegisterWaitForSingleObject
UnregisterWaitEx
SetEvent
ResetEvent
GetDriveTypeW
LoadLibraryW
QueueUserWorkItem
GetProcessTimes
OpenProcess
ReadProcessMemory
UnregisterWait
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
InitializeCriticalSection
FreeLibrary
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
LoadLibraryExW
ReadConsoleW
GetOEMCP
GetACP
IsValidCodePage
WriteConsoleW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TerminateProcess
FindFirstFileExW
LoadLibraryExA
GetStringTypeW
EncodePointer
DecodePointer
IsProcessorFeaturePresent
HeapFree
GetConsoleCP
GetConsoleMode
GetFullPathNameW
SetStdHandle
GetFileType
HeapAlloc
GetProcessHeap
ExitProcess
HeapReAlloc
GetCPInfo
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ole32

CoTaskMemFree

user32

PostMessageW
TranslateMessage
RegisterClassExW
CreateWindowExW
DefWindowProcW
PostQuitMessage
GetMessageW
UpdateWindow
DispatchMessageW

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

babddf69b7eead0db4b4e61cc835cf09

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

advapi32

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 283KB - Virtual size: 282KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 8KB - Virtual size: 24KB

.pdata Size: 16KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 283KB - Virtual size: 282KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 8KB - Virtual size: 24KB

.pdata
Size: 16KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 3KB - Virtual size: 3KB