895d6d2d3509bc0f687ed20b22ea4a1bdfb671e40eba028dc0fef3d297371f95

Sharing

Copy URL Twitter E-mail

General

Target

895d6d2d3509bc0f687ed20b22ea4a1bdfb671e40eba028dc0fef3d297371f95
Size

2.2MB
MD5

338d3cacc05368de38b7d191c1b208da
SHA1

c7888789180b8129eb7daaf9ec554262e4ebc376
SHA256

895d6d2d3509bc0f687ed20b22ea4a1bdfb671e40eba028dc0fef3d297371f95
SHA512

ff6580cfc2d7486fb3dd5c7c6a1073343a0620d4aa59f80ac260671694589aef5c57d9073088b9ab8fcde5eb533aeb37b7d73ec8e60301b4a727c3c69e60860d
SSDEEP

49152:E3UISWFDzQXAvciqHmXGQe5ipqq7NVcPmKYV/YMALzR7l:E32WFDzQQvcifXGQQq7NV1BV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
895d6d2d3509bc0f687ed20b22ea4a1bdfb671e40eba028dc0fef3d297371f95

Files

895d6d2d3509bc0f687ed20b22ea4a1bdfb671e40eba028dc0fef3d297371f95
.exe windows:5 windows x86 arch:x86

2c6183cb2bdca3d5733cd33192e3c8ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

Sleep
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TerminateThread
CreateThread
FindNextFileW
FindFirstFileW
LoadLibraryW
lstrcpyW
FindClose
GetLongPathNameW
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetVersionExW
GetFileSize
WriteFile
ReadFile
GetTempPathW
CreateFileW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
CopyFileW
MoveFileExW
GetTickCount
DecodePointer
HeapReAlloc
HeapSize
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
GetPrivateProfileIntW
CreateDirectoryW
LocalFree
GetSystemInfo
GlobalAlloc
GlobalFree
LocalAlloc
GetExitCodeProcess
CreateProcessW
ProcessIdToSessionId
GetSystemDirectoryW
FileTimeToSystemTime
CreateEventW
DeviceIoControl
OutputDebugStringA
SetPriorityClass
GetTempFileNameW
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
OpenProcess
GetLocalTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLastError
GetFullPathNameW
GetCurrentDirectoryW
CloseHandle
IsBadReadPtr
LoadLibraryA
GetNativeSystemInfo
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
VirtualProtect
SetConsoleMode
ReadConsoleInputA
GetVolumeInformationW
VirtualFree
VirtualAlloc
GetProcAddress
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
SystemTimeToFileTime
GetSystemTime
GlobalMemoryStatus
FlushConsoleInputBuffer
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
VerSetConditionMask
SleepEx
GetFileAttributesExA
QueryPerformanceFrequency

advapi32

CryptDestroyKey
CryptEnumProvidersA
RegCloseKey
ImpersonateLoggedOnUser
RevertToSelf
RegEnumKeyW
RegOpenKeyW
RegOpenKeyExW
DuplicateTokenEx
LookupPrivilegeValueW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetTokenInformation
GetTokenInformation
RegSetValueExW
RegisterEventSourceA
RegQueryValueExW
ReportEventA
CryptAcquireContextA
CryptReleaseContext
RegCreateKeyExW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashA
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CreateProcessAsUserW
OpenProcessToken

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

PathFileExistsW

wtsapi32

WTSQueryUserToken

user32

GetUserObjectInformationW
MessageBoxA
GetProcessWindowStation
wsprintfW
LoadStringW

iphlpapi

GetAdaptersInfo

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

psapi

EnumProcesses
GetProcessImageFileNameW

wldap32

ord32
ord22
ord41
ord50
ord60
ord211
ord46
ord217
ord143
ord200
ord301
ord27
ord30
ord79
ord35
ord26
ord33

wininet

InternetReadFile
InternetCloseHandle
InternetQueryOptionW
InternetOpenW
HttpQueryInfoW
InternetSetOptionW
InternetOpenUrlW

ws2_32

gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
getservbyname
gethostbyname
recv
WSASetLastError
htonl
shutdown
WSAGetLastError
select
__WSAFDIsSet
socket

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c6183cb2bdca3d5733cd33192e3c8ae

Headers

DLL Characteristics

File Characteristics

Imports

userenv

kernel32

advapi32

shell32

ole32

shlwapi

wtsapi32

user32

iphlpapi

crypt32

psapi

wldap32

wininet

ws2_32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 386KB - Virtual size: 386KB

.data Size: 46KB - Virtual size: 70KB

.gfids Size: 512B - Virtual size: 436B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 204KB - Virtual size: 204KB

.reloc Size: 72KB - Virtual size: 72KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 386KB - Virtual size: 386KB

.data
Size: 46KB - Virtual size: 70KB

.gfids
Size: 512B - Virtual size: 436B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 204KB - Virtual size: 204KB

.reloc
Size: 72KB - Virtual size: 72KB