6c64fa9f4c77cc39aa7436191c58fb7f4834295e29b4c80c0ced7241049e79b5

Sharing

Copy URL

Twitter E-mail

General

Target

6c64fa9f4c77cc39aa7436191c58fb7f4834295e29b4c80c0ced7241049e79b5
Size

1.4MB
MD5

835253d200014d705a7429d4cce4c221
SHA1

e7582a923743187908a82518e6df841c4b865d6f
SHA256

6c64fa9f4c77cc39aa7436191c58fb7f4834295e29b4c80c0ced7241049e79b5
SHA512

30be37f216bd92ae3efd2a0f193717928b8d2421d96d2388cb06ce8a4c94d86cadfd897a34ff548a8129cd9569c92fa986f613b054a6b27887b4ac60ae940eab
SSDEEP

12288:VrWlln5UXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:VrIn5UsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c64fa9f4c77cc39aa7436191c58fb7f4834295e29b4c80c0ced7241049e79b5

Files

6c64fa9f4c77cc39aa7436191c58fb7f4834295e29b4c80c0ced7241049e79b5
.exe windows:10 windows x64 arch:x64

8bea6f3f5d5ccc2af12610f2748d9e8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

SetupPlatform.pdb

Imports

msvcrt

__CxxFrameHandler3
wcschr
_vscwprintf
_wcsnicmp
__RTDynamicCast
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
memmove_s
wcsrchr
free
iswalpha
_wcsicmp
calloc
_vsnwprintf
_fmode
memset

wdscore

ConstructPartialMsgVW
CurrentIP
WdsSetupLogMessageW

unbcl

??1ArgumentException@UnBCL@@UEAA@XZ
??1Win32Exception@UnBCL@@UEAA@XZ
??1ArgumentOutOfRangeException@UnBCL@@UEAA@XZ
??1InvalidOperationException@UnBCL@@UEAA@XZ
??1NotSupportedException@UnBCL@@UEAA@XZ
??0Win32Exception@UnBCL@@QEAA@KPEBG@Z
??0Object@UnBCL@@QEAA@XZ
??1Object@UnBCL@@UEAA@XZ
?Equals@Object@UnBCL@@UEBAHPEBV12@@Z
?GetHashCode@Object@UnBCL@@UEBAHXZ
?GetType@Object@UnBCL@@UEBAPEAVType@2@XZ
?ToString@Object@UnBCL@@UEBAPEAVString@2@XZ
?GetObjectID@Object@UnBCL@@UEBAIXZ
?CompareTo@Object@UnBCL@@UEBAHPEBV12@@Z
?Clone@Object@UnBCL@@UEBAPEAV12@XZ
??2Object@UnBCL@@SAPEAX_K@Z
??3Object@UnBCL@@SAXPEAX@Z
?AddRef@Object@UnBCL@@QEAAXXZ
?DecRef@Object@UnBCL@@QEAAHXZ
?SetLiteralStorage@_@UnBCL@@YAXPEAPEBVString@2@PEBG@Z
??0String@UnBCL@@QEAA@PEBG@Z
??1String@UnBCL@@UEAA@XZ
?Equals@String@UnBCL@@UEBAHPEBVObject@2@@Z
?GetHashCode@String@UnBCL@@UEBAHXZ
??1ArgumentNullException@UnBCL@@UEAA@XZ
?Clone@String@UnBCL@@UEBAPEAVObject@2@XZ
?CompareTo@String@UnBCL@@QEBAHPEBGH@Z
?CompareTo@String@UnBCL@@UEBAHPEBVObject@2@@Z
?get_Length@String@UnBCL@@QEBAHXZ
?get_CString@String@UnBCL@@QEBAPEBGXZ
?StartsWith@String@UnBCL@@QEBAHPEBGH@Z
?Remove@String@UnBCL@@QEBAPEAV12@HH@Z
?Substring@String@UnBCL@@QEBAPEAV12@HH@Z
?Compare@String@UnBCL@@SAHPEBG0H@Z
?Format@String@UnBCL@@SAPEAV12@PEBGZZ
?Combine@Path@UnBCL@@SAPEAVString@2@PEBV32@0@Z
?MemAllocFailed@Allocator@UnBCL@@SAHXZ
?ToString@Exception@UnBCL@@UEBAPEAVString@2@XZ
?get_InnerException@Exception@UnBCL@@UEBAPEBV12@XZ
?get_Message@Exception@UnBCL@@UEBAPEBVString@2@XZ
?get_Source@Exception@UnBCL@@UEBAPEBVString@2@XZ
?set_Source@Exception@UnBCL@@UEAAXPEBVString@2@@Z
?AddStackTrace@Exception@UnBCL@@QEAAXPEBD@Z
?GetBaseException@Exception@UnBCL@@UEBAPEBV12@XZ
?get_HResult@Exception@UnBCL@@UEBAJXZ
?set_HResult@Exception@UnBCL@@MEAAXJ@Z
?SetMessage@Exception@UnBCL@@MEAAXPEAVString@2@@Z
??0ArgumentNullException@UnBCL@@QEAA@PEBG@Z
??0NotSupportedException@UnBCL@@QEAA@PEBG@Z
??0ArgumentException@UnBCL@@QEAA@PEBG@Z
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@PEAVString@1@@Z
??1?$SmartPtr@VString@UnBCL@@@UnBCL@@UEAA@XZ
??4?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z
??C?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@1@XZ
?get_P@?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@2@XZ
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBG@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@@Z
??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBG@Z
?ToString@String@UnBCL@@UEBAPEAV12@XZ

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
RtlFreeHeap

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

kernel32

WaitForSingleObject
FindClose
SetErrorMode
GetModuleFileNameW
ExpandEnvironmentStringsW
GetCurrentProcess
FindFirstFileNameW
GetPrivateProfileStringW
GetLastError
CloseHandle
FindNextFileNameW
SetCurrentDirectoryW
CreateProcessW
GetExitCodeProcess
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
SetEvent
CreateEventW
UnhandledExceptionFilter
OpenThread
GetFullPathNameW
GetFileAttributesW
VirtualQuery
FreeLibrary
GetProcAddress
GetSystemInfo
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
TerminateProcess
HeapFree
SetLastError
HeapAlloc
GetProcessHeap
CreateThread

user32

UnregisterHotKey
PostThreadMessageW
LoadStringW
GetMessageW
RegisterHotKey
MessageBoxW

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 185KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8bea6f3f5d5ccc2af12610f2748d9e8a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

wdscore

unbcl

ntdll

advapi32

kernel32

user32

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 185KB - Virtual size: 188KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 185KB - Virtual size: 188KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB