c838ca30d0924fc4891b02c3d744416ae690c48b1b2ae7daf30a6921132e4a51

Sharing

Copy URL

Twitter E-mail

General

Target

c838ca30d0924fc4891b02c3d744416ae690c48b1b2ae7daf30a6921132e4a51
Size

673KB
MD5

ae87a8b30a3dd58a1e9d1f8c0ff0b121
SHA1

cb64491c012cc2c0ba2a3ae24620593505f4a0d8
SHA256

c838ca30d0924fc4891b02c3d744416ae690c48b1b2ae7daf30a6921132e4a51
SHA512

5377eeb5b9d89a4fc417b214d254b0adda5b0a98556eb8a73f5292bef9c7d4f189ed07444c2a57b7206e9ad04d772046a95c2b9b50007210ec627b09affa3e3d
SSDEEP

12288:6yXELFx4mUU41nZ1lSxmdtSR7oVdL/S2gaBO:/ELhukxm3SR7gMoO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c838ca30d0924fc4891b02c3d744416ae690c48b1b2ae7daf30a6921132e4a51

Files

c838ca30d0924fc4891b02c3d744416ae690c48b1b2ae7daf30a6921132e4a51
.exe windows:6 windows x64 arch:x64

c483c7515c85fe380af32b1fc9cbf1bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

project.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

bcryptprimitives

ProcessPrng

kernel32

SetFileInformationByHandle
InitializeSListHead
GetFullPathNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetCurrentProcess
DuplicateHandle
CreateThread
InitializeProcThreadAttributeList
GetEnvironmentVariableW
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ReadFile
ExitProcess
HeapAlloc
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
CreateMutexA
ReleaseMutex
RtlVirtualUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentDirectoryW
CreateFileW
GetModuleHandleW
GetModuleHandleA
WriteConsoleW
MultiByteToWideChar
IsDebuggerPresent
UnhandledExceptionFilter
GetConsoleMode
GetStdHandle
HeapReAlloc
HeapFree
SetThreadStackGuarantee
AddVectoredExceptionHandler
MoveFileExW
GetCurrentThread
VirtualProtect
VirtualAlloc
GetProcAddress
LoadLibraryA
DeleteFileW
SetLastError
FindClose
FindFirstFileW
FindNextFileW
SetUnhandledExceptionFilter
lstrlenW
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
SetWaitableTimer
CreateWaitableTimerExW
GetExitCodeProcess
WaitForSingleObject
GetLastError
GetOverlappedResult
WaitForMultipleObjects
CloseHandle
FormatMessageW
GetTempPathW
UpdateProcThreadAttribute
IsProcessorFeaturePresent

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ntdll

RtlNtStatusToDosError
NtWriteFile
NtReadFile

vcruntime140

memmove
memcmp
__C_specific_handler
__CxxFrameHandler3
memcpy
__current_exception_context
memset
__current_exception

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_exit
exit
_cexit
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_set_app_type
_seh_filter_exe
_initterm_e
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c483c7515c85fe380af32b1fc9cbf1bc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

shell32

ole32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 174KB - Virtual size: 174KB

.rdata Size: 323KB - Virtual size: 322KB

.data Size: 512B - Virtual size: 688B

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 165KB - Virtual size: 164KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 174KB - Virtual size: 174KB

.rdata
Size: 323KB - Virtual size: 322KB

.data
Size: 512B - Virtual size: 688B

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 165KB - Virtual size: 164KB

.reloc
Size: 1KB - Virtual size: 1KB