263fb685e4c862e1093569995f5a2381d40a078e71d6f654daf91c392fca0bf1

Sharing

Copy URL

Twitter E-mail

General

Target

263fb685e4c862e1093569995f5a2381d40a078e71d6f654daf91c392fca0bf1
Size

2.2MB
MD5

ba2005b4661659631994efdea384f7d4
SHA1

b740f9306a5626e54e7bc8412c2bee72b3b1620e
SHA256

263fb685e4c862e1093569995f5a2381d40a078e71d6f654daf91c392fca0bf1
SHA512

445165414c32992059142e7b5a38e11c42d577f1b51961efcbcacaa937449af813089dd32dd84ac9965ec9cf3ee28ce5022b59dbe0a0fe45556d4ee996e3bbdf
SSDEEP

49152:4gPbL9QMwgW6Hm9riCZL5JSs+PKQRq7NtcPvCUrQupgVw:4wbiMwH6HmVi85ks+Jq7Nt3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
263fb685e4c862e1093569995f5a2381d40a078e71d6f654daf91c392fca0bf1

Files

263fb685e4c862e1093569995f5a2381d40a078e71d6f654daf91c392fca0bf1
.exe windows:5 windows x86 arch:x86

bc4ff09165f8b1f219cce9d935070bf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyW
PathFileExistsW

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetModuleHandleW
GetLogicalDriveStringsW
GetLastError
GetCurrentProcessId
VirtualFree
VirtualAlloc
LocalFree
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleFileNameW
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateDirectoryW
SetFileAttributesW
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetFileSize
ReadFile
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
LocalAlloc
lstrcpyW
GetFileAttributesExW
GlobalAlloc
GlobalFree
WaitForSingleObject
Sleep
GetVolumeInformationW
GetVersionExW
GetLongPathNameW
ReleaseMutex
CreateMutexW
GetTickCount
DeviceIoControl
OutputDebugStringA
SetPriorityClass
RtlUnwind
EncodePointer
SetLastError
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetPrivateProfileStringW
TerminateProcess
OpenProcess
GetTempPathW
GetFullPathNameW
GetCurrentDirectoryW
CreateThread
lstrlenW
MoveFileExW
FindNextFileW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
FindClose
GetSystemDirectoryW
LoadLibraryW
CloseHandle
GetProcAddress
FreeLibrary
SetConsoleMode
ReadConsoleInputA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
WriteFile
GetCommandLineW
ExitThread
SystemTimeToFileTime
GetSystemTime
GlobalMemoryStatus
FlushConsoleInputBuffer
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerSetConditionMask
SleepEx
InitializeCriticalSection
GetFileAttributesExA

advapi32

CryptDecrypt
CryptEnumProvidersA
RegOpenKeyW
DuplicateTokenEx
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
RegEnumKeyW
RegCreateKeyExA
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
CryptCreateHash
DeregisterEventSource
CryptDestroyHash
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
QueryServiceStatus
OpenServiceW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
CloseServiceHandle
ControlService
DeleteService
OpenSCManagerW
CryptSignHashA

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

crypt32

CertGetNameStringW
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertGetCertificateContextProperty
CryptQueryObject

user32

LoadStringW
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

iphlpapi

GetAdaptersInfo

wldap32

ord41
ord50
ord60
ord211
ord46
ord217
ord143
ord301
ord22
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26

ws2_32

htons
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
htonl
getservbyname
getaddrinfo
gethostname
ioctlsocket
sendto
recvfrom
getsockopt
getsockname
getpeername
connect
listen
accept
gethostbyname
freeaddrinfo
shutdown
socket
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc4ff09165f8b1f219cce9d935070bf3

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

shell32

psapi

crypt32

user32

ole32

iphlpapi

wldap32

ws2_32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 382KB - Virtual size: 382KB

.data Size: 45KB - Virtual size: 69KB

.gfids Size: 512B - Virtual size: 428B

.rsrc Size: 204KB - Virtual size: 204KB

.reloc Size: 71KB - Virtual size: 70KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 382KB - Virtual size: 382KB

.data
Size: 45KB - Virtual size: 69KB

.gfids
Size: 512B - Virtual size: 428B

.rsrc
Size: 204KB - Virtual size: 204KB

.reloc
Size: 71KB - Virtual size: 70KB