8f20a67005731eaff876a57e0589f46ce0c55eb5758812a7ca532beb74dac2ba

Sharing

Copy URL Twitter E-mail

General

Target

8f20a67005731eaff876a57e0589f46ce0c55eb5758812a7ca532beb74dac2ba
Size

907KB
MD5

8c840379a731c3ceb2de97c15792dd32
SHA1

6f4118f26da6179eee36eeaa42efb12173cec967
SHA256

8f20a67005731eaff876a57e0589f46ce0c55eb5758812a7ca532beb74dac2ba
SHA512

fbf28bd78809e91eb32e6e878b01fef1f5a63bb449bf6acb816cf0411a9c399c1e6384985de5061da56aedb0ead4431137cde714e13822623621e22aa898d065
SSDEEP

24576:0JD5lUbdrFt/sBlDqgZQd6XKtiMJYiPU:4D5lUbdrn/snji6attJM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f20a67005731eaff876a57e0589f46ce0c55eb5758812a7ca532beb74dac2ba

Files

8f20a67005731eaff876a57e0589f46ce0c55eb5758812a7ca532beb74dac2ba
.exe windows:10 windows x64 arch:x64

702a07ff266ecfbceeac19b4bdb17820

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vshadow.pdb

Imports

kernel32

GetLastError
GetVolumePathNamesForVolumeNameW
WriteFile
CloseHandle
CreateFileW
WideCharToMultiByte
QueryDosDeviceW
GetFileAttributesW
FindFirstFileW
FindClose
FindNextFileW
GetThreadLocale
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
ExpandEnvironmentStringsW
VerSetConditionMask
VerifyVersionInfoW
HeapSetInformation
GetExitCodeProcess
LocalFree
CreateProcessW
ReadFile
GetFileSize
GetCommandLineW
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
MultiByteToWideChar
WaitForSingleObject
FormatMessageW
TerminateProcess

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
memcpy
memmove
_errno
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__uncaught_exception
setlocale
_lock
_unlock
_fsopen
fseek
__pctype_func
isupper
calloc
__iob_func
fputc
memset
islower
__mb_cur_max
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
abort
_callnewh
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
strcspn
fputwc
ungetwc
fclose
localeconv
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
_purecall
_vsnwprintf
wprintf
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
malloc
getchar
_wcsnicmp
_wcsicmp
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
fflush
setvbuf
free
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
sprintf_s
fwrite
memcpy_s
ungetc
fgetc
fgetwc
fgetpos
_fseeki64
fsetpos
_wcsdup

atl

ord30

oleaut32

SysFreeString
SysAllocString

ole32

CLSIDFromString
CoInitializeSecurity
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal
ShouldBlockRevertInternal

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

resutils

ClusterPrepareSharedVolumeForBackup
ClusterIsPathOnSharedVolume
ClusterGetVolumePathName
ClusterGetVolumeNameForVolumeMountPoint

shlwapi

PathFileExistsW

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

702a07ff266ecfbceeac19b4bdb17820

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

atl

oleaut32

ole32

vssapi

ntdll

resutils

shlwapi

Sections

.text Size: 210KB - Virtual size: 210KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 210KB - Virtual size: 210KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB