f381fde4e7e4874c9c97b435d08ceb41c32cee7cb4d953c3f3def5e18d8368a6

Sharing

Copy URL Twitter E-mail

General

Target

f381fde4e7e4874c9c97b435d08ceb41c32cee7cb4d953c3f3def5e18d8368a6
Size

6.9MB
MD5

a7b161f179663b67566862fdd2f1c0f2
SHA1

39b93db8db55bb2ad05baa40f251cd7370026e7a
SHA256

f381fde4e7e4874c9c97b435d08ceb41c32cee7cb4d953c3f3def5e18d8368a6
SHA512

eb3973728f0795d5177e884a3165af57414f0ce94f593b3a8133acd173718691b51a047e6c6f7478db7253448387c91702b2cf624252e3a2618923c5038b2b2a
SSDEEP

196608:ki7tCHLMzUVMjy48Uwsf9mX9DX3bpAE2E:2HLBY9Tf9mX9z3rp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f381fde4e7e4874c9c97b435d08ceb41c32cee7cb4d953c3f3def5e18d8368a6

Files

f381fde4e7e4874c9c97b435d08ceb41c32cee7cb4d953c3f3def5e18d8368a6
.exe windows:6 windows x86 arch:x86

bd40b84b9dc32228f771b1cbc97bdcdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

bcrypt

BCryptDestroySecret
BCryptDeriveKey
BCryptOpenAlgorithmProvider
BCryptSecretAgreement
BCryptImportKeyPair
BCryptDestroyKey
BCryptCloseAlgorithmProvider

advapi32

RegSetKeyValueW

kernel32

TlsGetValue
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
InitializeSListHead
GetProcessHeap
SetFilePointerEx
IsDebuggerPresent
GetFileInformationByHandleEx
GetDateFormatW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetLastError
GetModuleFileNameW
SetFileTime
GetModuleHandleA
GetSystemTimeAsFileTime
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
CloseHandle
MultiByteToWideChar
WriteConsoleW
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
RtlCaptureContext
GetEnvironmentVariableW
CreateFileW
SetFileInformationByHandle
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
FindClose
CreateThread
HeapAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
DuplicateHandle
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
LoadLibraryExA
WaitForSingleObject
IsProcessorFeaturePresent
HeapReAlloc
SwitchToThread
TlsSetValue
GetCurrentThreadId
GetModuleHandleW
HeapFree
MulDiv
GetProcAddress
TerminateProcess

ntdll

NtCreateFile
RtlNtStatusToDosError
NtWriteFile
NtReadFile

user32

EndPaint
GetSystemMenu
SetCursor
BeginPaint
PtInRect
DefWindowProcW
EnableMenuItem
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
ShowWindow
GetWindowLongW
EnableWindow
SendMessageW
GetClientRect
ReleaseDC
GetWindowDC
SetWindowLongW
CreateWindowExW
RegisterClassW
LoadIconW
LoadCursorW
GetMonitorInfoW
MonitorFromPoint
GetCursorPos
GetDlgItem
InvalidateRect
SetWindowTextW
PostMessageW
MessageBoxW
PostQuitMessage

oleaut32

SysFreeString
GetErrorInfo
SysStringLen

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitialize

gdiplus

GdipDeleteFont
GdipDeletePen
GdipDisposeImage
GdiplusShutdown
GdipLoadImageFromStream
GdipCreateSolidFill
GdipCreateFontFromLogfontW
GdipDeleteBrush
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetPageUnit
GdipSetTextRenderingHint
GdipGraphicsClear
GdipDrawImageRectI
GdipStringFormatGetGenericDefault
GdipSetStringFormatAlign
GdipCreatePen1
GdipDeleteStringFormat
GdipFillRectangle
GdipDrawString
GdiplusStartup
GdipDrawRectangle
GdipDrawLine
GdipCreateFromHDC
GdipDrawImage
GdipDeleteGraphics

dwmapi

DwmSetWindowAttribute

gdi32

GetDeviceCaps
CreateFontIndirectW

shlwapi

SHCreateMemStream

shell32

ShellExecuteW
SHGetKnownFolderPath

vcruntime140

memcmp
__CxxFrameHandler3
__current_exception_context
__current_exception
memcpy
_except_handler4_common
_CxxThrowException
memset
memmove

api-ms-win-crt-string-l1-1-0

wcslen

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm_e
exit
_exit
_crt_atexit
__p___argc
__p___argv
terminate
_cexit
_initterm
_register_thread_local_exe_atexit_callback
_controlfp_s
_seh_filter_exe
_c_exit
_register_onexit_function

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 907KB - Virtual size: 906KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd40b84b9dc32228f771b1cbc97bdcdf

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

advapi32

kernel32

ntdll

user32

oleaut32

ole32

gdiplus

dwmapi

gdi32

shlwapi

shell32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 379KB - Virtual size: 378KB

.rdata Size: 907KB - Virtual size: 906KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 87KB - Virtual size: 86KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 379KB - Virtual size: 378KB

.rdata
Size: 907KB - Virtual size: 906KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 87KB - Virtual size: 86KB

.reloc
Size: 18KB - Virtual size: 17KB