9b12bf83262c903ecf57df278a64f5197a80fba00ce4ae9fb4050c03e29919be

Sharing

Copy URL Twitter E-mail

General

Target

9b12bf83262c903ecf57df278a64f5197a80fba00ce4ae9fb4050c03e29919be
Size

637KB
MD5

b272f09a737a36da7fc278b7d9cc54e7
SHA1

c5e68b1a459b5a3fd22fa9a281a9e80a61a4c1bc
SHA256

9b12bf83262c903ecf57df278a64f5197a80fba00ce4ae9fb4050c03e29919be
SHA512

507f0c188e4ec6e595bd96bfedc60584a6f9b999818e1cd3211bc7d3002049441f58d2e18e99ae90489cea6bfdb045fdb7800bd6fc9002ef6ad9375001d74e7b
SSDEEP

6144:JnbHeFX6uO3KRuZy3yq7oNwJazhuSmKCPK30pGRd+86jFTDy2wohvjCKgIVacNW:JaX6LquZy3uq+sKL3zq3RPwoNCK1M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b12bf83262c903ecf57df278a64f5197a80fba00ce4ae9fb4050c03e29919be

Files

9b12bf83262c903ecf57df278a64f5197a80fba00ce4ae9fb4050c03e29919be
.exe windows:6 windows x64 arch:x64

2879a2b4c2b7cb478506bc022885fb45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\oem\GoingBus\gb\src\out\x64\Release\ipify-service-x64.pdb

Imports

kernel32

WaitForSingleObject
WriteFile
LoadLibraryW
GetProcAddress
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
TerminateProcess
CreateFileA
GetCommandLineW
GetTickCount
WriteConsoleW
HeapSize
GetConsoleOutputCP
GetConsoleMode
GetCurrentThreadId
LocalFree
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
WideCharToMultiByte
GetModuleFileNameW
Sleep
GetStdHandle
GetStartupInfoW
CloseHandle
OpenMutexW
GetLastError
CreateMutexW
GetFileSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCommandLineA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
RtlPcToFileHeader
RaiseException
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
MultiByteToWideChar
LCMapStringEx
CompareStringEx
GetCPInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
InitializeSListHead
CreateFileW
GetFileType
SetLastError
GetFileAttributesExW
SetFilePointerEx
FlushFileBuffers
FindFirstFileExW
FindNextFileW
FindClose
RtlUnwindEx
RtlUnwind

shell32

CommandLineToArgvW

ws2_32

getnameinfo
shutdown
WSACleanup
WSAStartup
getpeername
getsockname
WSAGetLastError
closesocket
bind
htons
socket
send
recv
select
setsockopt
accept
freeaddrinfo
listen
WSASocketW
getaddrinfo
ntohs

libssl-1_1-x64

OPENSSL_init_ssl

Sections

.text
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2879a2b4c2b7cb478506bc022885fb45

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ws2_32

libssl-1_1-x64

Sections

.text Size: 361KB - Virtual size: 360KB

.rdata Size: 129KB - Virtual size: 128KB

.data Size: 31KB - Virtual size: 37KB

.pdata Size: 17KB - Virtual size: 17KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 361KB - Virtual size: 360KB

.rdata
Size: 129KB - Virtual size: 128KB

.data
Size: 31KB - Virtual size: 37KB

.pdata
Size: 17KB - Virtual size: 17KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 4KB - Virtual size: 3KB