df7fafee65fdd595f3ddde46e63cb538463bd1441a6acdf90c0cadfde598d384[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

df7fafee65fdd595f3ddde46e63cb538463bd1441a6acdf90c0cadfde598d384.exe
Size

13.1MB
MD5

ed248b880f0a90736365f80e07af828e
SHA1

8311b80faf4cf4d246c0264228bc8ac9268c417f
SHA256

df7fafee65fdd595f3ddde46e63cb538463bd1441a6acdf90c0cadfde598d384
SHA512

23182e2487ec12883d97da2bb727933a9155241b813b050a58f3f7316e89bf939d69c5f4014c125b8faf81cf15920ec2a3ba033d2ae50fe9990900c1bd8e96d4
SSDEEP

6144:WbG4Q0j4/Cti960SbWRv+lQ2HkYr5H8DsxAa:BKYv8lv6+/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df7fafee65fdd595f3ddde46e63cb538463bd1441a6acdf90c0cadfde598d384.exe

Files

df7fafee65fdd595f3ddde46e63cb538463bd1441a6acdf90c0cadfde598d384.exe
.exe windows:4 windows x64 arch:x64

4f80d798e1bfa2e06aeb467256593a2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetLastError
LocalFree
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetCPInfo
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlVirtualUnwind
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
HeapReAlloc
LoadLibraryA
SetFilePointer
GetConsoleCP
VirtualAlloc

user32

SendMessageW

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

CommandLineToArgvW

difxapi

DriverPackageGetPathW
DriverPackagePreinstallW
DriverPackageUninstallW
DriverPackageInstallW

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12.8MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f80d798e1bfa2e06aeb467256593a2f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

difxapi

setupapi

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 12.8MB - Virtual size: 12.8MB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 160KB - Virtual size: 159KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 12.8MB - Virtual size: 12.8MB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 160KB - Virtual size: 159KB