bc473abcb1c6b4375774942c985a4564b0a6ad9df57561979fcc3f057b5d0702

Sharing

Copy URL Twitter E-mail

General

Target

bc473abcb1c6b4375774942c985a4564b0a6ad9df57561979fcc3f057b5d0702
Size

911KB
MD5

27264efa2ed8245ef1392b9fcab04647
SHA1

13c8f618f97b6ba07ae4fe0adfde9eee5394c1b0
SHA256

bc473abcb1c6b4375774942c985a4564b0a6ad9df57561979fcc3f057b5d0702
SHA512

d3bbd7fe48fd27c355b1f571017a8bbfcce96f8a0c2c2602ae269cbb02215925cbc9efd2dc7ac0a064c85bdc583a32b61db509ef23fdbbc71b1c937dc6f1e02b
SSDEEP

24576:nVuvPjrhLRXahrdYGTt1DHroCRrXRt3Q3diajKt48g7WGV:nVuvPjrhLaaGTt1DHroCRr33oiXS/7j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc473abcb1c6b4375774942c985a4564b0a6ad9df57561979fcc3f057b5d0702

Files

bc473abcb1c6b4375774942c985a4564b0a6ad9df57561979fcc3f057b5d0702
.exe windows:6 windows x64 arch:x64

dfb691ecf5ffbab777f531a53f615021

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\yasin\source\repos\MySetup\x64\Release\MySetup.pdb

Imports

ws2_32

send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
inet_ntop
ntohs
inet_pton
WSAGetLastError
WSASetLastError
closesocket
WSAWaitForMultipleEvents
getsockopt

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

bcrypt

BCryptGenRandom

kernel32

GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
CompareStringW
HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetExitCodeProcess
CreateProcessW
SetStdHandle
FlushFileBuffers
SetEndOfFile
GetTimeZoneInformation
GetACP
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
HeapSize
WriteConsoleW
FlsAlloc
CreateDirectoryW
GetCommandLineW
GetCommandLineA
ExitProcess
GetModuleFileNameW
WriteFile
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
SetConsoleTextAttribute
GetStdHandle
TerminateProcess
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
CreateThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLastError
SetLastError
FormatMessageW
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
CreateEventW
MultiByteToWideChar
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
Sleep
WideCharToMultiByte
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
LocalFree
FormatMessageA
GetLocaleInfoEx
GetStringTypeW
GetCurrentDirectoryW
RtlUnwind
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
TlsFree
TlsSetValue
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue

Sections

.text
Size: 680KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfb691ecf5ffbab777f531a53f615021

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

advapi32

bcrypt

kernel32

Sections

.text Size: 680KB - Virtual size: 679KB

.rdata Size: 183KB - Virtual size: 182KB

.data Size: 7KB - Virtual size: 14KB

.pdata Size: 33KB - Virtual size: 33KB

.rsrc Size: 1024B - Virtual size: 656B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 680KB - Virtual size: 679KB

.rdata
Size: 183KB - Virtual size: 182KB

.data
Size: 7KB - Virtual size: 14KB

.pdata
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 1024B - Virtual size: 656B

.reloc
Size: 5KB - Virtual size: 4KB