f3fe04a7e8da68dc05acb7164b402ffc6675a478972cf624de84b3e2e4945b93

Sharing

Copy URL Twitter E-mail

General

Target

f3fe04a7e8da68dc05acb7164b402ffc6675a478972cf624de84b3e2e4945b93
Size

216KB
MD5

86764b49d2a94f88c5aae7aebacc3428
SHA1

9bc39326727481c9420c801a7eaacdcc3305c0ba
SHA256

f3fe04a7e8da68dc05acb7164b402ffc6675a478972cf624de84b3e2e4945b93
SHA512

cd1572b11b7d14cafa86cbc7c7f6ef729fdd4ae875d9b31ca3afa12e658f25408aac0bb9c9ca2b04c4d26b3c74261b27f57fd9be00aa826b7042fcd86d359d5c
SSDEEP

6144:fottN6fDmc9sP2tTD7XWzH2cNXgstbNBg:QsyheZD7XWzWeXM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3fe04a7e8da68dc05acb7164b402ffc6675a478972cf624de84b3e2e4945b93

Files

f3fe04a7e8da68dc05acb7164b402ffc6675a478972cf624de84b3e2e4945b93
.exe windows:6 windows x86 arch:x86

6de7e9137c7af58214d3229b6cf59598

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DocumentPackage.pdb

Imports

bcrypt

BCryptGenRandom

advapi32

SystemFunction036
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey

kernel32

GetLastError
GetNativeSystemInfo
SetFilePointerEx
GetConsoleOutputCP
FlushFileBuffers
HeapSize
LCMapStringW
CreateFileW
WriteFile
CloseHandle
GetModuleHandleW
GetProcAddress
CompareStringW
GetFileAttributesW
CreateDirectoryW
CreateProcessW
SetLastError
GetModuleFileNameW
GetTempPathW
GetFullPathNameW
SetFileInformationByHandle
AcquireSRWLockExclusive
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
HeapFree
HeapReAlloc
GetModuleHandleA
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
FormatMessageW
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
lstrlenW
ReleaseMutex
WideCharToMultiByte
ExitProcess
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
RtlCaptureContext
GetEnvironmentVariableW
GetStringTypeW
GetFileType
SetStdHandle
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RaiseException
RtlUnwind
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
DecodePointer

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpOpen

shell32

ShellExecuteW
SHGetKnownFolderPath

ole32

CoTaskMemFree

ntdll

RtlNtStatusToDosError
NtWriteFile

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6de7e9137c7af58214d3229b6cf59598

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

advapi32

kernel32

winhttp

shell32

ole32

ntdll

Sections

.text Size: 151KB - Virtual size: 151KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB