33e09323192e213fc1cafb4317bf2a12b326ba9465d0ff2eb926197eaf7dfa0e

Sharing

Copy URL Twitter E-mail

General

Target

33e09323192e213fc1cafb4317bf2a12b326ba9465d0ff2eb926197eaf7dfa0e
Size

1.1MB
MD5

d72e2225a784275449bf6abf8f234146
SHA1

e463c37bcdead50fa2a2cd476d4b920ed9487057
SHA256

33e09323192e213fc1cafb4317bf2a12b326ba9465d0ff2eb926197eaf7dfa0e
SHA512

500837f0b1b2016f18125842917d7140cd082112014f508700a1a95947127a988877ced22ff6085599ae2b89b13e22f275662909b1304893cd9bba8e8669c9a9
SSDEEP

24576:EG88u8FpJqH1bzria7/mKt2rR8FfBhRJUEbDk1ulUU:37ZFPqVea7/9t2r4PRSEk1ul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33e09323192e213fc1cafb4317bf2a12b326ba9465d0ff2eb926197eaf7dfa0e

Files

33e09323192e213fc1cafb4317bf2a12b326ba9465d0ff2eb926197eaf7dfa0e
.exe windows:6 windows x64 arch:x64

bd4934ebbf4e2bc5682edd185235025c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ssh-agent.pdb

Imports

libcrypto

BN_dup
RSA_generate_key_ex
DSA_generate_parameters_ex
DSA_generate_key
DSA_get0_pqg
BN_set_flags
RSA_public_decrypt
RSA_new
RSA_set0_crt_params
RSA_free
BN_free
BN_set_word
RSA_sign
BN_div
RSA_set0_factors
RSA_get0_factors
RSA_get0_crt_params
RSA_set0_key
BN_CTX_new
BN_CTX_free
EVP_sha384
EVP_md5
EVP_sha256
EVP_Digest
DSA_SIG_free
EVP_sha1
EVP_sha512
DSA_set0_pqg
DSA_SIG_new
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_aes_256_cbc
EVP_CipherInit
EVP_aes_128_ctr
EVP_aes_256_ctr
DSA_new
DSA_SIG_get0
EVP_des_ede3_cbc
DSA_set0_key
DSA_do_verify
BN_bn2bin
DSA_get0_key
DSA_do_sign
EVP_aes_192_cbc
EVP_CIPHER_CTX_ctrl
DSA_free
DSA_SIG_set0
EC_POINT_point2oct
EC_POINT_oct2point
EVP_CIPHER_CTX_set_key_length
EVP_aes_192_ctr
EVP_Cipher
EVP_aes_256_gcm
EVP_aes_128_gcm
EVP_CIPHER_CTX_free
ECDSA_do_sign
EC_POINT_cmp
EC_KEY_set_private_key
EC_KEY_generate_key
ECDSA_SIG_get0
EC_KEY_set_public_key
EC_KEY_free
ECDSA_SIG_free
ECDSA_SIG_set0
EC_KEY_set_asn1_flag
ECDSA_do_verify
EC_KEY_new_by_curve_name
ECDSA_SIG_new
RSA_blinding_on
EC_GROUP_get_order
BN_clear_free
BN_value_one
EC_METHOD_get_field_type
EC_POINT_mul
EC_POINT_get_affine_coordinates_GFp
EC_KEY_set_group
EC_POINT_is_at_infinity
arc4random_buf
RSA_get0_key
EC_POINT_free
EVP_aes_128_cbc
EC_KEY_get0_public_key
EC_GROUP_free
EC_POINT_new
EC_GROUP_cmp
EC_GROUP_set_asn1_flag
EC_GROUP_get_curve_name
BN_new
EC_KEY_get0_private_key
EC_KEY_get0_group
BN_cmp
BN_sub
explicit_bzero
EC_GROUP_new_by_curve_name
EC_GROUP_method_of
BN_num_bits
EC_KEY_METHOD_set_sign
RSA_up_ref
d2i_ECDSA_SIG
EC_KEY_set_method
RSA_meth_set_priv_enc
EC_KEY_METHOD_get_sign
RSA_meth_set1_name
RSA_set_method
RSA_meth_dup
RSA_size
RSA_get_default_method
EC_KEY_METHOD_new
BN_bin2bn
EC_KEY_up_ref
EC_KEY_OpenSSL

kernel32

SetCurrentDirectoryW
SetEnvironmentVariableW
RtlPcToFileHeader
RaiseException
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentDirectoryW
GetCommandLineA
GetFullPathNameW
LoadLibraryExW
ReadConsoleOutputA
SetConsoleCursorPosition
GetConsoleWindow
Beep
FillConsoleOutputAttribute
WriteConsoleOutputA
ReadConsoleInputW
SetConsoleCursorInfo
SetConsoleWindowInfo
GetConsoleCursorInfo
ScrollConsoleScreenBufferA
GetConsoleOutputCP
SetConsoleScreenBufferSize
SetConsoleTextAttribute
FillConsoleOutputCharacterA
CreateWaitableTimerA
WriteConsoleW
CancelSynchronousIo
GetConsoleMode
SetConsoleMode
WaitForSingleObjectEx
WaitForMultipleObjectsEx
GetDriveTypeW
GetCommandLineW
GetModuleHandleExW
FindClose
FindFirstFileExW
GetFinalPathNameByHandleW
FindNextFileW
QueueUserAPC
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
ResetEvent
SleepEx
ReadFileEx
CreateFileA
WriteFileEx
SetConsoleCtrlHandler
CreateThread
GetModuleFileNameW
ExitThread
GetLastError
FreeLibraryAndExitThread
HeapFree
HeapAlloc
SetHandleInformation
FlsAlloc
CreateNamedPipeW
WaitForMultipleObjects
FlsGetValue
GetNamedPipeClientProcessId
FlsSetValue
GetQueuedCompletionStatus
FlsFree
OpenProcess
CompareStringW
LCMapStringW
SetEvent
CloseHandle
GetCurrentProcessId
CreateProcessW
CreateEventA
CreateIoCompletionPort
ConnectNamedPipe
ReadFile
WriteFile
CancelIoEx
GetOverlappedResult
HeapReAlloc
GetStringTypeW
LocalFree
ReadConsoleW
SetStdHandle
GetFileSizeEx
CreateNamedPipeA
GetCurrentProcess
GetStdHandle
TerminateProcess
IsValidCodePage
ExitProcess
SetEndOfFile
GetCurrentThreadId
DuplicateHandle
GetTickCount64
CancelIo
SetFilePointerEx
GetFileType
GetExitCodeProcess
GetWindowsDirectoryW
OpenThread
FlushFileBuffers
GetSystemDirectoryW
GetACP
GetConsoleScreenBufferInfo
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
WaitForSingleObject
CreateFileW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize
GetLocalTime
GetProcAddress
GetComputerNameW
FreeLibrary
WideCharToMultiByte
ExpandEnvironmentStringsW

advapi32

LookupAccountSidW
GetSidIdentifierAuthority
EventWrite
EventRegister
CopySid
IsValidSecurityDescriptor
GetLengthSid
LookupAccountNameW
CreateProcessAsUserW
RegDeleteTreeA
RevertToSelf
RegCloseKey
RegOpenCurrentUser
RegCreateKeyExA
RegDeleteKeyExA
RegEnumKeyExW
ImpersonateLoggedOnUser
RegDeleteTreeW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
CreateWellKnownSid
RegCreateKeyExW
IsWellKnownSid
RegSetValueExW
OpenProcessToken
CheckTokenMembership
DuplicateToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateTokenEx
GetTokenInformation
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceA
StartServiceCtrlDispatcherW
OpenServiceW
ConvertSidToStringSidW

crypt32

CryptUnprotectData
CryptStringToBinaryA
CryptProtectData
CryptBinaryToStringA

ws2_32

WSARecv
socket
getsockname
closesocket
WSAStartup
WSAGetOverlappedResult
WSASend
setsockopt
WSAGetLastError
WSASocketW
WSADuplicateSocketW

user32

ShowWindow
GetWindowPlacement

Sections

.text
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd4934ebbf4e2bc5682edd185235025c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcrypto

kernel32

advapi32

crypt32

ws2_32

user32

Sections

.text Size: 325KB - Virtual size: 325KB

.rdata Size: 195KB - Virtual size: 195KB

.data Size: 3KB - Virtual size: 145KB

.pdata Size: 14KB - Virtual size: 13KB

_RDATA Size: 1024B - Virtual size: 640B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 325KB - Virtual size: 325KB

.rdata
Size: 195KB - Virtual size: 195KB

.data
Size: 3KB - Virtual size: 145KB

.pdata
Size: 14KB - Virtual size: 13KB

_RDATA
Size: 1024B - Virtual size: 640B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 568KB - Virtual size: 572KB