ef73952702d81d9599d64e7980834cd6becf3d7d8f8bd3b51bca94e8049b599d[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ef73952702d81d9599d64e7980834cd6becf3d7d8f8bd3b51bca94e8049b599d.exe
Size

425KB
MD5

740b5d37417003708e0f273733535c01
SHA1

b3ce8cc6a34f92cc41450c33ef448c667aaa15a8
SHA256

ef73952702d81d9599d64e7980834cd6becf3d7d8f8bd3b51bca94e8049b599d
SHA512

b081f0525cd82fef7aeb9f79c1569cff01771e506103c59178cc68d715f8813ff2f0d1910116ddb84e27007b2a8a0eeb452078ff06edb10c5924cfae82766191
SSDEEP

6144:9I34yb5apnrPnPQgY1INa6shJYP62aHYoa4AhdNorGvHdbi09GJwhO:9IIyNIr0ml2JY/aHYo7AHhly

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
ef73952702d81d9599d64e7980834cd6becf3d7d8f8bd3b51bca94e8049b599d.exe

Files

ef73952702d81d9599d64e7980834cd6becf3d7d8f8bd3b51bca94e8049b599d.exe
.dll windows:4 windows x64 arch:x64

a70ceb19dcecfe96ba384e8ae70efcb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\isfb3\x64\Release\client.pdb

Imports

ntdll

ZwOpenProcess
ZwQueryInformationToken
ZwClose
NtUnmapViewOfSection
NtMapViewOfSection
NtCreateSection
RtlRandomEx
NtQuerySystemInformation
RtlNtStatusToDosError
ZwQueryInformationProcess
memcmp
_strupr
_wcsupr
memmove
bsearch
_vsnwprintf
_strlwr
atoi
strstr
wcscpy
RtlFreeUnicodeString
ZwQueryKey
RtlUpcaseUnicodeString
sprintf
_snprintf
memset
RtlAdjustPrivilege
mbstowcs
strcpy
memcpy
RtlImageDirectoryEntryToData
RtlImageNtHeader
ZwOpenProcessToken
__C_specific_handler
__chkstk

kernel32

VirtualQueryEx
CreateRemoteThread
GetModuleFileNameW
FileTimeToSystemTime
GetLocalTime
OpenProcess
GetVersion
ExitThread
GetTempFileNameA
VirtualProtect
VirtualFree
GetSystemInfo
DeleteCriticalSection
CloseHandle
CreateFileMappingA
WriteProcessMemory
CreateFileA
lstrcmpA
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
lstrcmpiA
GetModuleHandleA
Sleep
LoadLibraryA
GetCurrentProcess
GlobalUnlock
HeapAlloc
lstrcpyA
GlobalLock
lstrlenA
WriteFile
CreateDirectoryA
GetLastError
HeapFree
RemoveDirectoryA
DeleteFileA
lstrcatA
GetTickCount
HeapDestroy
HeapCreate
SetEvent
HeapReAlloc
FindFirstFileW
LocalFree
WaitForMultipleObjects
SuspendThread
TerminateProcess
ResumeThread
lstrcpyW
FindClose
CreateThread
ResetEvent
SwitchToThread
lstrcatW
FindNextFileW
CreateProcessW
CopyFileW
SetWaitableTimer
LocalAlloc
GetCurrentThreadId
GetCurrentThread
lstrlenW
CreateEventA
GetSystemTimeAsFileTime
GetWindowsDirectoryA
DeleteFileW
CreateDirectoryW
GetTempPathA
CreateFileW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetFileAttributesW
GetFileSize
GetComputerNameA
EnterCriticalSection
CreateMutexA
OpenWaitableTimerA
OpenMutexA
GetVolumeInformationA
WaitForSingleObject
ReleaseMutex
GetComputerNameW
LeaveCriticalSection
SetLastError
InitializeCriticalSection
LoadLibraryExW
GetProcAddress
GetFileAttributesA
OpenFileMappingA
GetExitCodeProcess
VirtualAlloc
GetDriveTypeW
GetLogicalDriveStringsW
lstrcpynA
LocalReAlloc
TlsAlloc
TlsGetValue
TlsSetValue
FreeLibrary
LoadLibraryW
GetVersionExW
ReadFile
SetFilePointer
Thread32First
QueueUserAPC
CreateToolhelp32Snapshot
OpenThread
GetCurrentProcessId
Thread32Next
FindFirstFileA
FindNextFileA
ConnectNamedPipe
GetOverlappedResult
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
GetSystemTime
WaitNamedPipeA
SetEndOfFile
GetFileTime
ExitProcess
AddVectoredExceptionHandler
CompareFileTime
GetTempPathW
OpenEventA
RemoveVectoredExceptionHandler
RemoveDirectoryW
SleepEx
lstrcmpiW
RaiseException
Process32FirstW
Process32NextW
ExpandEnvironmentStringsA
QueueUserWorkItem
FileTimeToLocalFileTime
CreateWaitableTimerA
CreateProcessA
VirtualProtectEx

avifil32

AVIFileExit
AVIMakeCompressedStream
AVIStreamRelease
AVIFileRelease
AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileInit

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a70ceb19dcecfe96ba384e8ae70efcb7

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

avifil32

Sections

.text Size: 225KB - Virtual size: 224KB

.rdata Size: 167KB - Virtual size: 166KB

.data Size: 17KB - Virtual size: 19KB

.pdata Size: 6KB - Virtual size: 6KB

.bss Size: 6KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 225KB - Virtual size: 224KB

.rdata
Size: 167KB - Virtual size: 166KB

.data
Size: 17KB - Virtual size: 19KB

.pdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 2KB