TARE961424[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TARE961424.exe
Size

875KB
MD5

2c6a865a746ca9f37f9381aa64c2c1eb
SHA1

08526537a12a645cace2fa84650cb21be87a2cb4
SHA256

2ad2dea7acc4cee8554a072d445bbee5c0ddfcf6b5bd1a2da8eb78c3bea96cba
SHA512

5dcfc4ee7db499b132f689ee7d9801d06a3920e2ed86a6994322b9be1b1ce7516e5d20c2183802d912faccff1c9bd5636e47217181e9ca383f605bb91a98a30b
SSDEEP

24576:dY5L0yJ9zyAynnbesLme8DN+SJaQzNQL/c+Ih6:+BRJunnbesLme8DN+SJaQhQLrE6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TARE961424.exe

Files

TARE961424.exe
.exe windows:6 windows x86 arch:x86

538bd7ad003acf54b1cadc30b9b99350

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
VirtualFree
VirtualAlloc
CreateFileW
CloseHandle
GetProcAddress
GetFileSize
GetFileAttributesW
GetConsoleWindow
WriteConsoleW
HeapSize
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
FormatMessageA
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LocalFree
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
SetLastError
GetLastError
GetCurrentProcess
GetModuleHandleW
GetModuleHandleA
GetNativeSystemInfo
LoadLibraryA
FreeLibrary
GetThreadLocale
lstrlenW
VirtualProtect
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
VirtualQuery
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
GetCurrentThread
GetTempPathW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
SetConsoleCtrlHandler
HeapReAlloc
GetTimeZoneInformation
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP

user32

ShowWindow
wsprintfW

urlmon

URLOpenBlockingStreamW

shlwapi

SHCreateStreamOnFileEx

Exports

Exports

FreeLibraryMemoryAndExitThread
NtUnloadDllMemoryAndExitThread

Sections

.text
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

538bd7ad003acf54b1cadc30b9b99350

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

urlmon

shlwapi

Exports

Exports

Sections

.text Size: 636KB - Virtual size: 636KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 111KB - Virtual size: 110KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 636KB - Virtual size: 636KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 111KB - Virtual size: 110KB

.reloc
Size: 27KB - Virtual size: 27KB