3526f514bc87fdf4d9ea140e2ee37e1faa78f6e0dbfaf7f40fd418445f69299c

Sharing

Copy URL Twitter E-mail

General

Target

3526f514bc87fdf4d9ea140e2ee37e1faa78f6e0dbfaf7f40fd418445f69299c
Size

1.3MB
MD5

1997f0bebc401c3d000701420363c34d
SHA1

7e0d6bfd2d24bb5459eabf3a59725ee321476ffc
SHA256

3526f514bc87fdf4d9ea140e2ee37e1faa78f6e0dbfaf7f40fd418445f69299c
SHA512

9f354dccf96387e51ba0d3781e3327b880184f46cc3234733e89f4ad997291a2a4df2e99646e56003971f42b6feafd520b4d9b908d0d83c073dc119a4a80bf14
SSDEEP

12288:oeEofYHT5+cEpEa/e6/vkrLE5280vC5d0A2hpU2J+R1WgrljwgEHGkwP5W291xY:Vp8a/43hpU2JgTJOGk2391xY1fts

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3526f514bc87fdf4d9ea140e2ee37e1faa78f6e0dbfaf7f40fd418445f69299c

Files

3526f514bc87fdf4d9ea140e2ee37e1faa78f6e0dbfaf7f40fd418445f69299c
.exe windows:6 windows x64 arch:x64

af97a25c883101c7d72d0f0dbb16c0b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

CommandLineToArgvW

advapi32

RegDeleteKeyW
RegEnumValueW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegOpenKeyW
RegOpenKeyExW
RegFlushKey
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW

kernel32

CreateSemaphoreA
HeapSize
FindClose
GetFileAttributesW
SetCurrentDirectoryW
GetLastError
GetCurrentDirectoryW
FlushFileBuffers
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetCommandLineW
WideCharToMultiByte
LocalFree
CreateFileW
GetFileSize
ReadFile
FindFirstFileW
FindNextFileW
SetFilePointer
WriteFile
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetLastError
GetEnvironmentVariableW
CreateProcessW
GetStdHandle
GetHandleInformation
SetHandleInformation
IsDebuggerPresent
GetTimeZoneInformation
GetFileAttributesExW
GetConsoleScreenBufferInfo
LoadLibraryW
GetProcAddress
FreeLibrary
GetConsoleOutputCP
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
InitializeCriticalSection
QueryPerformanceFrequency
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ResumeThread
GetExitCodeThread
Sleep
SwitchToThread
VirtualAlloc
VirtualFree
GetSystemInfo
QueryPerformanceCounter
TryEnterCriticalSection
FormatMessageW
LoadLibraryA
ReleaseSemaphore
lstrlenW
ExpandEnvironmentStringsW
GetEnvironmentVariableA
RtlCaptureContext
GetModuleHandleA
SetEvent
GlobalMemoryStatusEx
CreateEventW
OpenThread
TerminateThread
SuspendThread
GetThreadContext
GetModuleHandleExW
VerSetConditionMask
VerifyVersionInfoW
FreeLibraryAndExitThread
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetProcessHeap
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
ExitProcess
TerminateProcess
SetStdHandle
GetFileType
GetModuleFileNameW
WriteConsoleW
SetFilePointerEx
CreateThread
ExitThread
GetCommandLineA
GetFileSizeEx
GetConsoleMode
HeapFree
HeapAlloc
HeapReAlloc
CompareStringW
LCMapStringW
ReadConsoleW
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW

Sections

.text
Size: 897KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 339KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

._deh
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.minfo
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dp
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tp
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af97a25c883101c7d72d0f0dbb16c0b4

Headers

DLL Characteristics

File Characteristics

Imports

shell32

advapi32

kernel32

Sections

.text Size: 897KB - Virtual size: 897KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 339KB - Virtual size: 346KB

.pdata Size: 43KB - Virtual size: 43KB

._deh Size: 6KB - Virtual size: 5KB

.minfo Size: 1024B - Virtual size: 568B

.dp Size: 1024B - Virtual size: 536B

.tp Size: 512B - Virtual size: 212B

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 897KB - Virtual size: 897KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 339KB - Virtual size: 346KB

.pdata
Size: 43KB - Virtual size: 43KB

._deh
Size: 6KB - Virtual size: 5KB

.minfo
Size: 1024B - Virtual size: 568B

.dp
Size: 1024B - Virtual size: 536B

.tp
Size: 512B - Virtual size: 212B

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 16KB - Virtual size: 15KB