068ef78225ab94c3f9c228d6248911986c23317d269f0bb5d0a46bd15cd93e80

Sharing

Copy URL Twitter E-mail

General

Target

068ef78225ab94c3f9c228d6248911986c23317d269f0bb5d0a46bd15cd93e80
Size

1.2MB
MD5

5cc421c63500bf1b86a6ca91ba3ff59d
SHA1

aabc165f59fa0ff48f1e43a25aadf7d1b6f9be33
SHA256

068ef78225ab94c3f9c228d6248911986c23317d269f0bb5d0a46bd15cd93e80
SHA512

f44eb23c99a69309c7474371f95412b4d7f0ed753f325bb6361789e13ded199e3787615ceaed11ab34f37dc47bfa9b18466f6bbe14da9a19496fd8443327e9aa
SSDEEP

24576:CZFIW9d25anjboPJz7fminWVHeXj69KtyBZnIG61M4nftgHJ2H8/:CByPmO+HeXj60W664ftgIc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
068ef78225ab94c3f9c228d6248911986c23317d269f0bb5d0a46bd15cd93e80

Files

068ef78225ab94c3f9c228d6248911986c23317d269f0bb5d0a46bd15cd93e80
.exe windows:6 windows x86 arch:x86

2cbd641bfb81cbbd2f07e64ae5d9597c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtWriteFile
RtlUnwind
NtQueryInformationProcess
RtlNtStatusToDosError
NtQuerySystemInformation
RtlGetVersion
RtlCaptureContext

kernel32

GetSystemTimes
GetProcessIoCounters
IsProcessorFeaturePresent
GetCurrentProcess
GetProcAddress
HeapAlloc
ReadProcessMemory
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
LoadLibraryExW
LocalFree
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
LoadLibraryA
GetModuleFileNameA
CloseHandle
OpenProcess
GetProcessTimes
GetLastError
WaitForSingleObject
GetCurrentThreadId
K32GetPerformanceInfo
LoadLibraryExA
FreeLibrary
HeapFree
GlobalMemoryStatusEx
FormatMessageW
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
GetComputerNameExW
VirtualQueryEx
GetProcessHeap
FreeEnvironmentStringsW
RaiseException
ReleaseMutex
DeleteProcThreadAttributeList
ReleaseSRWLockShared
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
Sleep
QueryPerformanceCounter
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetSystemInfo
DuplicateHandle
VirtualProtectEx
EncodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WriteProcessMemory
CreateFileW
DeleteCriticalSection
GetStdHandle
VirtualProtect
InitializeCriticalSectionAndSpinCount
WriteFileEx
SleepEx
ReadFileEx
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
GetCurrentProcessId
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexA
GetModuleHandleA
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
CopyFileExW
GetConsoleMode
FindClose
GetModuleHandleW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
CreateThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetSystemTimeAsFileTime
VirtualAlloc

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
SystemFunction036
CopySid
GetLengthSid
RegCloseKey
RegSetValueExA
IsValidSid

pdh

PdhCollectQueryData
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery
PdhOpenQueryA

powrprof

CallNtPowerInformation

oleaut32

SysFreeString
GetErrorInfo
SysStringLen

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

shell32

CommandLineToArgvW

bcrypt

BCryptGenRandom

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_set_new_mode
free

api-ms-win-crt-string-l1-1-0

strcpy_s
wcslen
wcsncmp

api-ms-win-crt-runtime-l1-1-0

__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
exit
_initterm_e
_initialize_onexit_table
_register_onexit_function
__p___argc
_crt_atexit
abort
_controlfp_s
terminate
_initterm
_get_initial_narrow_environment
_exit
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cbd641bfb81cbbd2f07e64ae5d9597c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

pdh

powrprof

oleaut32

psapi

shell32

bcrypt

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 263KB - Virtual size: 263KB

.rdata Size: 916KB - Virtual size: 916KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 263KB - Virtual size: 263KB

.rdata
Size: 916KB - Virtual size: 916KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB