9dfb8ed499b667d782ae3a4ce40472893a789ed973f48884b47358536b6a76e8

Sharing

Copy URL

Twitter E-mail

General

Target

9dfb8ed499b667d782ae3a4ce40472893a789ed973f48884b47358536b6a76e8
Size

1.9MB
MD5

01a659ca1d5af3b405c297cf371fd845
SHA1

9a3c5d189041c3856d4ccbaab9229f0642000bb4
SHA256

9dfb8ed499b667d782ae3a4ce40472893a789ed973f48884b47358536b6a76e8
SHA512

ed204e2f968b1c843fe07345f619fdd5c3fcd2986fa045cecad38e7251fdba354ba03b8011032541da76dbd65fd15ad4fb38d2c4eccde9f5ad24bfde0ea29f56
SSDEEP

24576:v00FP4m2ERSmKKuxBmzFlZU3OpIgL56v9WvYFBpXNk/BKQJZs7l8:c0FAMpxl2O2/np+/B5JZu8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9dfb8ed499b667d782ae3a4ce40472893a789ed973f48884b47358536b6a76e8

Files

9dfb8ed499b667d782ae3a4ce40472893a789ed973f48884b47358536b6a76e8
.exe windows:6 windows x64 arch:x64

21604b84fc8d03196566bb782edf69f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReplaceFileA
ReadDirectoryChangesW
FindFirstVolumeMountPointA
GetVolumeNameForVolumeMountPointA
GetVolumePathNamesForVolumeNameA
GetStringTypeW
GetCPInfoExA
CompareStringA
GetLocaleInfoA
SetCalendarInfoA
GetGeoInfoA
EnumSystemGeoID
GetUserGeoID
ConvertDefaultLocale
GetUserDefaultLCID
GetStringTypeExA
GetStringTypeA
FoldStringA
PeekConsoleInputA
ReadConsoleA
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
SetConsoleActiveScreenBuffer
SetConsoleOutputCP
SetConsoleCursorInfo
SetConsoleScreenBufferSize
SetConsoleCursorPosition
MoveFileA
SetConsoleWindowInfo
WriteConsoleOutputAttribute
ReadConsoleOutputCharacterA
ReadConsoleOutputAttribute
ReadConsoleOutputA
SetConsoleTitleA
GetNumberOfConsoleMouseButtons
GetConsoleFontSize
VerLanguageNameA
WriteConsoleW
CopyFileExA
CopyFileA
CheckNameLegalDOS8Dot3A
BackupRead
lstrlenA
lstrcpyA
lstrcmpA
GetTapeParameters
GetTapePosition
ConvertThreadToFiber
ConvertFiberToThread
GetProcessAffinityMask
SetInformationJobObject
QueueUserWorkItem
GetProcessPriorityBoost
GetThreadTimes
GetProcessId
SetPriorityClass
TlsGetValue
SuspendThread
GetExitCodeThread
ExitThread
GetThreadPriorityBoost
GetProcessTimes
PostQueuedCompletionStatus
GetQueuedCompletionStatus
HeapCreate
SetFileApisToANSI
SetFileApisToOEM
GetTempFileNameA
GetModuleHandleA
GetTempPathA
AreFileApisANSI
GetCompressedFileSizeA
WriteFileEx
SetFilePointerEx
SetFileAttributesA
RemoveDirectoryA
ReadFileEx
ReadFile
LockFileEx
GetLongPathNameA
GetLogicalDrives
MoveFileExA
CloseHandle
CreateFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileSizeEx
GetFileInformationByHandle
GetDriveTypeA
FindVolumeClose
FindNextChangeNotification
FindFirstChangeNotificationA
FindCloseChangeNotification
FindClose
GetCommandLineA
GetProcAddress
SetConsoleTextAttribute
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType

gdi32

GdiGetBatchLimit
GetKerningPairsA
GetTextFaceA
ScaleWindowExtEx
SetWindowExtEx
Polygon
LPtoDP
GetArcDirection
StrokeAndFillPath
PathToRegion
BeginPath
ArcTo
SetDIBColorTable
GetDIBColorTable
CombineTransform
SetWinMetaFileBits
EnumMetaFile
PlayMetaFileRecord
SetTextAlign
SetROP2
StretchDIBits
SetMetaFileBitsEx
SetBitmapBits
ExtSelectClipRgn
Rectangle
PtInRegion
PlayMetaFile
PatBlt
GetTextExtentPoint32A
GetTextAlign
GetTextCharacterExtra
GetRasterizerCaps
GetPixel
GetGlyphOutlineA
GetCharWidth32A
GetBrushOrgEx
GetBoundsRect
GetBitmapDimensionEx
GetDCBrushColor
ExtFloodFill
EqualRgn
Ellipse
AbortPath

winspool.drv

ResetPrinterA
SetPortA
ConfigurePortA
EnumFormsA
SetFormA
SetPrinterDataExA
SetPrinterDataA
EnumPrinterKeyA
EnumPrinterDataExA
EnumPrinterDataA
GetPrinterDataA
FlushPrinter
GetPrinterA
SetPrinterA
EnumJobsA
GetJobA

advapi32

DecryptFileA
GetUserNameA

comctl32

ord410
ord413
ord15
PropertySheetA
ord411
ord14
ord412

dxgi

CreateDXGIFactory

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21604b84fc8d03196566bb782edf69f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

winspool.drv

advapi32

comctl32

dxgi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 5KB - Virtual size: 22KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 22KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB