751f71931d28fb3098dd63ec4def6bb2e5d81e4ea154c213f862b7c7fdeca8b8

Sharing

Copy URL Twitter E-mail

General

Target

751f71931d28fb3098dd63ec4def6bb2e5d81e4ea154c213f862b7c7fdeca8b8
Size

274KB
MD5

c6bc4ab09cc1d6aab5fd5d7a44c01108
SHA1

a66b2ffc49a91fd7319c5eecc36961ef49d2ea6c
SHA256

751f71931d28fb3098dd63ec4def6bb2e5d81e4ea154c213f862b7c7fdeca8b8
SHA512

f7475ae806d46c4b72046a837bd3e0c9fcb15469d3aabdb3bb422f6a1b066dbab443a546e59a7acc1f2cd6e58fd7d99dc40639693f55ddb4f61117ea2c6f32e8
SSDEEP

6144:sIR8pmI+qQWfTiX+HJ8rM/1toXSYM/VU6jt1:s0zHSJxQiYYxL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
751f71931d28fb3098dd63ec4def6bb2e5d81e4ea154c213f862b7c7fdeca8b8

Files

751f71931d28fb3098dd63ec4def6bb2e5d81e4ea154c213f862b7c7fdeca8b8
.exe windows:5 windows x64 arch:x64

bf99bb7eaae7cf45230276bdee99453b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\nsmsrc\nsm\1410\1410\RunPlugin\Release_unicode\RunPlugin64.pdb

Imports

kernel32

OpenProcess
MapViewOfFile
GetLastError
OpenFileMappingW
ResetEvent
CreateThread
GetCurrentThreadId
CreateEventW
GetTickCount
GetModuleFileNameW
LocalFree
CreateFileMappingW
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
TerminateProcess
CreateRemoteThread
GetExitCodeProcess
DuplicateHandle
GetModuleHandleW
GetLocalTime
GetTempPathW
OutputDebugStringW
GetSystemTimeAsFileTime
GetProcessTimes
ExitProcess
CreateFileW
VirtualQueryEx
DeleteFileW
RaiseException
ResumeThread
GetThreadContext
SuspendThread
GetExitCodeThread
OpenThread
IsBadReadPtr
SetThreadPriority
TerminateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
OpenMutexA
OpenEventW
ReleaseMutex
CreateMutexW
SetProcessShutdownParameters
SetUnhandledExceptionFilter
GetPrivateProfileIntW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
FatalAppExitA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
ReadFile
GetFileType
SetHandleCount
GetLocaleInfoW
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetStdHandle
WriteFile
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
HeapCreate
HeapSetInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
FlsAlloc
WaitForSingleObject
GetVersionExW
Sleep
WaitForMultipleObjects
UnmapViewOfFile
SetEvent
CloseHandle
GetCurrentProcess
CompareStringW
GetVersion
GetCurrentProcessId
SetLastError
GetProcAddress
FreeLibrary
CreateMutexA
LoadLibraryW
GetCurrentThread
FlsFree
FlsSetValue
FlsGetValue
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc
RtlPcToFileHeader
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineW
GetStartupInfoW

user32

GetWindowTextW
FindWindowW
GetClassNameW
IsWindow
LoadAcceleratorsW
TranslateAcceleratorW
RegisterWindowMessageW
LoadIconW
LoadCursorW
RegisterClassExW
LoadStringW
DestroyWindow
GetClientRect
SetWindowPos
CreateWindowExW
ShowWindow
DialogBoxParamW
DefWindowProcW
SendMessageTimeoutW
EndDialog
UpdateWindow
SetWindowTextW
wsprintfA
wvsprintfW
GetKeyState
GetMessageW
TranslateMessage
DispatchMessageW
GetGuiResources
SetTimer
MessageBoxW
KillTimer
PeekMessageW
PostQuitMessage
wsprintfW
PostThreadMessageW
SendMessageW
PostMessageW

gdi32

GetStockObject

advapi32

LookupAccountSidW
FreeSid
GetTokenInformation
AllocateAndInitializeSid
EqualSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf99bb7eaae7cf45230276bdee99453b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

version

Sections

.text Size: 194KB - Virtual size: 193KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 8KB - Virtual size: 23KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 194KB - Virtual size: 193KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 8KB - Virtual size: 23KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 3KB