31a1600a9d1eba4f2c9204c53290c046f44d105efeeeb44401f8038b8a58a649

Sharing

Copy URL Twitter E-mail

General

Target

31a1600a9d1eba4f2c9204c53290c046f44d105efeeeb44401f8038b8a58a649
Size

14.0MB
MD5

b55065abaab914e20a6ebb8b3c027eeb
SHA1

a329222c99f78c60b7a9b4cbfac144017badae43
SHA256

31a1600a9d1eba4f2c9204c53290c046f44d105efeeeb44401f8038b8a58a649
SHA512

973362e97471d8794e65fd75501e0a797f75d00207df1d99d8114a0b7aa6c1d18727bd6ba61792fefb51d3e039c8f48d4808426cf49738e65f0e3fd77d5e8222
SSDEEP

393216:pRe71Mz9PT/vSiU8kFXgesIYg6nAMWqStTiLsO2G+THfHuJsv6tWKFdu9C:mZWPT/vjnkt7sIY0MWTnG+T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31a1600a9d1eba4f2c9204c53290c046f44d105efeeeb44401f8038b8a58a649

Files

31a1600a9d1eba4f2c9204c53290c046f44d105efeeeb44401f8038b8a58a649
.exe windows:5 windows x64 arch:x64

d0891d4d6d66855c989675bd862cbcf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
GetCurrentThread
TlsAlloc
CloseHandle
TerminateThread
WaitForSingleObject
SetThreadPriority
ResumeThread
GetThreadPriority
TlsGetValue
WaitForMultipleObjects
SetEvent
CreateThread
CreateEventW
DuplicateHandle
GetCurrentProcess
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
GetStartupInfoW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
CreateFileW
ReleaseSemaphore
CreateSemaphoreW
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
CreatePipe
TerminateProcess
GetExitCodeProcess
SetFilePointer
WriteFile
GetStdHandle
ReadFile
PeekNamedPipe
CreateProcessW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
FindFirstFileW
GetFileInformationByHandle
SetErrorMode
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
SwitchToThread
GetFullPathNameW
GetTempPathW
GetCurrentDirectoryW
GetLogicalDrives
GetFileAttributesExW
GetFileType
SetFilePointerEx
SetEndOfFile
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetLocalTime
GetLocaleInfoW
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
ResetEvent
GetOverlappedResult
FindNextFileW
FindFirstFileExW
GetStringTypeW
LCMapStringW
lstrlenA
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
SetEnvironmentVariableW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
HeapCreate
GetVersion
HeapSetInformation
SetHandleCount
GetModuleFileNameA
HeapSize
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlsAlloc
SetLastError
GetSystemInfo
GetCurrentThreadId
TlsSetValue
TlsFree
GetLastError
FormatMessageW
LocalFree
GetUserDefaultLCID
CompareStringW
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetConsoleWindow
GetVersionExW
VerSetConditionMask
DeviceIoControl
VerifyVersionInfoW
FlsFree
FlsSetValue
FlsGetValue
InitializeCriticalSectionAndSpinCount
SetStdHandle
SetFileAttributesW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
ExitThread
ExitProcess
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc

user32

ShowWindow
MessageBoxA
CharNextExA
PeekMessageW
PostMessageW
SetTimer
KillTimer
GetQueueStatus
EnumWindows
PostThreadMessageW
GetWindowThreadProcessId
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
SetWindowsHookExW
UnhookWindowsHookEx
DestroyWindow
UnregisterClassW
RegisterClassW
CreateWindowExW
SetWindowLongPtrW
GetWindowLongPtrW
DefWindowProcW
CallNextHookEx

ole32

CoUninitialize
CoInitialize
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

advapi32

RegDeleteKeyW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegFlushKey
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
FreeSid
RegDeleteValueW

ws2_32

WSAAsyncSelect

oleaut32

VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 833KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13.0MB - Virtual size: 13.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0891d4d6d66855c989675bd862cbcf4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

advapi32

ws2_32

oleaut32

Sections

.text Size: 833KB - Virtual size: 832KB

.rdata Size: 13.0MB - Virtual size: 13.0MB

.data Size: 17KB - Virtual size: 27KB

.pdata Size: 42KB - Virtual size: 42KB

text Size: 5KB - Virtual size: 5KB

data Size: 10KB - Virtual size: 9KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 833KB - Virtual size: 832KB

.rdata
Size: 13.0MB - Virtual size: 13.0MB

.data
Size: 17KB - Virtual size: 27KB

.pdata
Size: 42KB - Virtual size: 42KB

text
Size: 5KB - Virtual size: 5KB

data
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 26KB - Virtual size: 25KB