3ea91733a3ece123bd7c94c70639915e2cb3f9e52e6f54e2aad0833efea811c3

Sharing

Copy URL Twitter E-mail

General

Target

3ea91733a3ece123bd7c94c70639915e2cb3f9e52e6f54e2aad0833efea811c3
Size

1.4MB
MD5

2870c614e5b88bbdf9f06df5a05e8f27
SHA1

a88bc1afae3a53a2b250e7c1da697a0a7675b0b4
SHA256

3ea91733a3ece123bd7c94c70639915e2cb3f9e52e6f54e2aad0833efea811c3
SHA512

c554e3a4b4857df0fc96fd3d0ae67175e2f8efe9d40570c302b1630d52db0da6d7d73bdb0b3d82b1b477703306b089b0e96d44304f02cd92172c515a66073fe4
SSDEEP

24576:NqmoJy7OCSBi4x8cJPijctRRCZFM0VIH06iyg4I:N9IeZSBAyPij2CD5IU6iTf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ea91733a3ece123bd7c94c70639915e2cb3f9e52e6f54e2aad0833efea811c3

Files

3ea91733a3ece123bd7c94c70639915e2cb3f9e52e6f54e2aad0833efea811c3
.exe windows:6 windows x64 arch:x64

990210395efa7d0260f259b4423a0c8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
SetFilePointerEx
GetLastError
GetProcAddress
SetCurrentDirectoryW
CompareStringW
LCMapStringW
HeapSize
FlushFileBuffers
GetConsoleCP
FreeLibrary
AcquireSRWLockExclusive
CreateIoCompletionPort
GetCommandLineW
ReleaseSRWLockExclusive
AddVectoredExceptionHandler
HeapFree
HeapReAlloc
SetLastError
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
GetStringTypeW
GetFileType
SetFileCompletionNotificationModes
SetStdHandle
GetModuleHandleA
GetStdHandle
SetEnvironmentVariableW
MultiByteToWideChar
WriteConsoleW
GetModuleHandleW
FormatMessageW
SetThreadStackGuarantee
GetCurrentThread
GetEnvironmentVariableW
QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenW
GetCurrentProcess
WideCharToMultiByte
GetModuleFileNameW
GetFileInformationByHandle
GetFileInformationByHandleEx
FreeEnvironmentStringsW
CreateFileW
SetFileInformationByHandle
GetFullPathNameW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetHandleInformation
ExitProcess
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlVirtualUnwind
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
PostQueuedCompletionStatus
CreateThread
FindNextFileW
FindFirstFileExW
FindClose
SetConsoleCtrlHandler
GetCommandLineA
GetModuleHandleExW
WaitForSingleObject
GetConsoleMode
WriteFile
CloseHandle
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException

ws2_32

freeaddrinfo
recv
send
WSAGetLastError
WSASend
shutdown
bind
getaddrinfo
WSAStartup
WSACleanup
WSAIoctl
setsockopt
accept
getsockopt
connect
ioctlsocket
socket
closesocket
listen
WSASocketW

iphlpapi

CreateUnicastIpAddressEntry
InitializeUnicastIpAddressEntry
GetUnicastIpAddressTable
DeleteUnicastIpAddressEntry

advapi32

RegSetKeyValueA
SetServiceStatus
SystemFunction036
RegOpenKeyA
StartServiceCtrlDispatcherA
RegCloseKey
RegisterServiceCtrlHandlerExA
RegGetValueA
RegEnumKeyA

user32

GetProcessWindowStation
GetUserObjectInformationA

bcrypt

BCryptGenRandom

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtReadFile

Sections

.text
Size: 987KB - Virtual size: 987KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

990210395efa7d0260f259b4423a0c8a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

iphlpapi

advapi32

user32

bcrypt

ntdll

Sections

.text Size: 987KB - Virtual size: 987KB

.rdata Size: 381KB - Virtual size: 380KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 34KB - Virtual size: 33KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 987KB - Virtual size: 987KB

.rdata
Size: 381KB - Virtual size: 380KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 34KB - Virtual size: 33KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 8KB - Virtual size: 7KB