a36507bed12a62a4355af53353f1328271ea6294622e3d7e3f77f97a7125db85

Sharing

Copy URL

Twitter E-mail

General

Target

a36507bed12a62a4355af53353f1328271ea6294622e3d7e3f77f97a7125db85
Size

942KB
MD5

ed7b8ac222d27da7c6833efb8cfbc916
SHA1

077a3048a3892396045009ef60590d25b231ecc7
SHA256

a36507bed12a62a4355af53353f1328271ea6294622e3d7e3f77f97a7125db85
SHA512

92136b010126f682750f40d115d518c35fc29105568c71f0cc70330a6637db2c69e2fc794d1d847985979a65d61c97101d571545c8450fcd3829db39b5374d1f
SSDEEP

12288:B+l6y+u7YtJMiYOGLk44SsUsskLMr4DDVKO9WBNjOV89ON/I5fyxWoeG22X:fuzO/sssk1DlWBNjI89OFI5fyY3G2U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a36507bed12a62a4355af53353f1328271ea6294622e3d7e3f77f97a7125db85

Files

a36507bed12a62a4355af53353f1328271ea6294622e3d7e3f77f97a7125db85
.exe windows:5 windows x64 arch:x64

107d400aa8a7cd732bca06268765204d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

chrome_elf

SignalChromeElf
SignalInitializeCrashReporting

advapi32

ImpersonateNamedPipeClient
GetUserNameW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
SystemFunction036
RegDisablePredefinedCache
RevertToSelf
GetLengthSid
SetKernelObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetKernelObjectSecurity
SetSecurityInfo
OpenProcessToken
ConvertStringSidToSidW
SetTokenInformation
GetAce
GetSecurityDescriptorSacl
ConvertSidToStringSidW
CreateProcessAsUserW
SetThreadToken
GetTokenInformation
DuplicateTokenEx
DuplicateToken
CreateRestrictedToken
EqualSid
LookupPrivilegeValueW
CopySid
CreateWellKnownSid
GetSecurityInfo
SetEntriesInAclW

kernel32

GetModuleHandleA
GetProcAddress
SetLastError
GetCurrentThreadId
CreateEventW
GetLastError
GetCurrentProcess
GetProcessId
WaitForSingleObject
DuplicateHandle
SetProcessShutdownParameters
SetCurrentDirectoryW
LoadLibraryExW
VirtualFree
VirtualAlloc
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetComputerNameExW
GetModuleHandleW
GetVersionExW
GetNativeSystemInfo
ExpandEnvironmentStringsW
GetCommandLineW
LocalFree
Sleep
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
WriteFile
GetModuleFileNameW
CreateFileW
DeleteFileW
CloseHandle
GetCurrentDirectoryW
GetCurrentProcessId
FormatMessageA
GetTickCount
TerminateProcess
OpenProcess
GetExitCodeProcess
ReadFile
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
FlushFileBuffers
RaiseException
CreateThread
IsDebuggerPresent
GetSystemInfo
GetProcessTimes
VirtualQueryEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetUserDefaultLangID
RegisterWaitForSingleObject
UnregisterWaitEx
CreateDirectoryW
QueryDosDeviceW
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
GetFileAttributesW
UnmapViewOfFile
SetFileAttributesW
ReplaceFileW
CreateFileMappingW
GetSystemDefaultLCID
MoveFileW
GetThreadId
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetModuleHandleExW
HeapSetInformation
SizeofResource
LockResource
LoadResource
FindResourceW
FindFirstFileW
FindFirstFileExW
FindNextFileW
FindClose
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
VirtualQuery
LoadLibraryW
SetEvent
ResetEvent
SetInformationJobObject
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CompareStringW
InitializeCriticalSectionAndSpinCount
DecodePointer
DeleteCriticalSection
GetSystemDirectoryW
GetUserDefaultLCID
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TerminateJobObject
SetHandleInformation
GetProcessHandleCount
SignalObjectAndWait
ProcessIdToSessionId
GetFileType
WriteProcessMemory
AssignProcessToJobObject
VirtualProtectEx
QueryFullProcessImageNameW
VirtualAllocEx
VirtualFreeEx
CreateProcessW
CreateRemoteThread
CreateJobObjectW
CreateNamedPipeW
CreateMutexW
lstrlenW
DebugBreak
ReadProcessMemory
SearchPathW
VirtualProtect
FreeLibrary
LoadLibraryExA
GetThreadContext
SuspendThread
Wow64GetThreadContext
CreateSemaphoreW
ReleaseSemaphore
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
ConnectNamedPipe
GetVersion
DisconnectNamedPipe
LockFileEx
UnlockFileEx
GetUserDefaultUILanguage
ResumeThread
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
WriteConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
GetACP
GetStdHandle
ExitProcess
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
PeekNamedPipe
GetDriveTypeW
GetProcessHeap
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
EncodePointer
InitializeSListHead
GetThreadLocale
MapViewOfFile
GetWindowsDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW

psapi

GetMappedFileNameW

shell32

SHGetKnownFolderPath
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW

user32

FindWindowExW
GetThreadDesktop
CreateDesktopW
SetProcessWindowStation
GetUserObjectInformationW
GetProcessWindowStation
CloseWindowStation
CloseDesktop
GetWindowThreadProcessId
AllowSetForegroundWindow
SendMessageTimeoutW
IsWindow
CreateWindowStationW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeGetTime

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

rpcrt4

UuidCreate

winhttp

WinHttpCloseHandle
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpOpen
WinHttpReadData
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpAddRequestHeaders

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 668KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

107d400aa8a7cd732bca06268765204d

Headers

DLL Characteristics

File Characteristics

Imports

chrome_elf

advapi32

kernel32

psapi

shell32

user32

version

winmm

wtsapi32

rpcrt4

winhttp

Exports

Exports

Sections

.text Size: 668KB - Virtual size: 668KB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 5KB - Virtual size: 21KB

.pdata Size: 33KB - Virtual size: 32KB

.didat Size: 512B - Virtual size: 32B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 668KB - Virtual size: 668KB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 5KB - Virtual size: 21KB

.pdata
Size: 33KB - Virtual size: 32KB

.didat
Size: 512B - Virtual size: 32B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 6KB - Virtual size: 5KB