ad21d5b2559cb0489af4ba819bf85888e2909c894d2d751cd459b705a10df8d6

Sharing

Copy URL Twitter E-mail

General

Target

ad21d5b2559cb0489af4ba819bf85888e2909c894d2d751cd459b705a10df8d6
Size

1.3MB
MD5

0d5f5d090168b52ffbbde6d448b140dd
SHA1

88a27e2b1b979b0ff0fb1c502f187ea5e2c696d7
SHA256

ad21d5b2559cb0489af4ba819bf85888e2909c894d2d751cd459b705a10df8d6
SHA512

8113a96d29c6e4e02780f4d47a9eec19ff1a0ee52672422a80a0c14e9d2955f4964277e63e79fe4c1b6bde8c373fd89db2f83b04f87f102277f7d05b8d77287b
SSDEEP

12288:UmEpv9QMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:y15SkQ/7Gb8NLEbeZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad21d5b2559cb0489af4ba819bf85888e2909c894d2d751cd459b705a10df8d6

Files

ad21d5b2559cb0489af4ba819bf85888e2909c894d2d751cd459b705a10df8d6
.exe windows:6 windows x64 arch:x64

b6ffaae8ad145b27b7f899bf03c8eee0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mscorsvw.pdb

Imports

advapi32

DuplicateTokenEx
SetTokenInformation
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
EventWrite
RegQueryValueExW

kernel32

DebugBreak
LoadLibraryExW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcessId
VirtualQuery
TlsFree
TlsGetValue
SleepEx
CreateSemaphoreW
DeleteCriticalSection
HeapDestroy
ResetEvent
TlsAlloc
GetFileType
HeapValidate
ReleaseMutex
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
VirtualAlloc
ReleaseSemaphore
VirtualFree
EnterCriticalSection
VirtualProtect
TlsSetValue
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentThreadId
SetLastError
LocalFree
FormatMessageW
GetACP
GetCPInfo
RaiseException
GetModuleHandleW
HeapSetInformation
MultiByteToWideChar
CreateFileW
WaitForSingleObject
FindClose
GetEnvironmentVariableW
FreeLibrary
GetProcAddress
GetWindowsDirectoryW
CreateThread
CloseHandle
SetEvent
OutputDebugStringW
GetLastError
CreateEventW
GetFileAttributesW
SetEnvironmentVariableW
WaitForMultipleObjects
GetModuleFileNameW
TerminateProcess
WriteFile
GetStdHandle
GetCurrentProcess
GetCommandLineW
WerSetFlags
WaitForSingleObjectEx
HeapFree
HeapAlloc
GetProcessHeap
FindFirstFileW

vcruntime140_clr0400

memcpy
memset
__C_specific_handler
_purecall
memmove
__CxxFrameHandler3
_CxxThrowException

ucrtbase_clr0400

_c_exit
_cexit
_set_fmode
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
malloc
free
strcpy_s
__stdio_common_vsnprintf_s
wcsncmp
strncmp
iswspace
_errno
wcscat_s
wcsncpy_s
_wcsnicmp
__stdio_common_vsnwprintf_s
wcstoul
wcscpy_s
__stdio_common_vfwprintf
fflush
_wcsicmp
__acrt_iob_func
freopen
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate

mscoree

GetRequestedRuntimeInfo

ole32

CoAddRefServerProcess
CoTaskMemFree
CoMarshalInterface
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoReleaseServerProcess

oleaut32

SysAllocString
SysFreeString
SetErrorInfo
SysStringLen

user32

MsgWaitForMultipleObjectsEx
LoadStringW
PeekMessageW
DispatchMessageW

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b6ffaae8ad145b27b7f899bf03c8eee0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140_clr0400

ucrtbase_clr0400

mscoree

ole32

oleaut32

user32

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1.1MB - Virtual size: 1.1MB