13e18b3b11d5444230f53705a9cf7d30e43f7bd7105624cb591678971d035d9a

Sharing

Copy URL

Twitter E-mail

General

Target

13e18b3b11d5444230f53705a9cf7d30e43f7bd7105624cb591678971d035d9a
Size

4.1MB
MD5

928eb68b78e8944ad2587e8db977480e
SHA1

0c4970216dbb0649cf5b801ffb717bd28650adb5
SHA256

13e18b3b11d5444230f53705a9cf7d30e43f7bd7105624cb591678971d035d9a
SHA512

0dbc01891dae16e1674d7c9d5a9542e2db05093ab5fd88cf43ce24d17798bf3b536feed0aa92c016259550dcc401866aa25e5dbc475cc5693e08ffcf4b428e6a
SSDEEP

49152:VcSyfIKDjqyU6gf4xZL7Ojb8l+xCNUGpzefvoX6opaIfWhcIU6iYk:FK1Ib8lJNUGpzeHC6oWV+n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13e18b3b11d5444230f53705a9cf7d30e43f7bd7105624cb591678971d035d9a

Files

13e18b3b11d5444230f53705a9cf7d30e43f7bd7105624cb591678971d035d9a
.exe windows:6 windows x86 arch:x86

1aa1f3fa8c76b265ccb5cc5246de4da6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
SystemFunction036
RegOpenKeyExW
OpenProcessToken
StartServiceA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
CloseServiceHandle
CreateServiceW
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus

kernel32

SwitchToThread
CloseHandle
OpenMutexA
DeleteFileW
GetLastError
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
WaitForMultipleObjects
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
GetSystemInfo
GetNativeSystemInfo
GetCurrentProcess
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
OpenEventA
CreateEventA
GetCommandLineW
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapFree
HeapReAlloc
TlsGetValue
TlsSetValue
WakeAllConditionVariable
ReleaseSRWLockShared
AcquireSRWLockShared
Sleep
SetLastError
GetFinalPathNameByHandleW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetModuleHandleA
GetProcAddress
GetCurrentThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFullPathNameW
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ReadFile
ExitProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
GetCurrentDirectoryW
RtlCaptureContext
WakeConditionVariable
PostQueuedCompletionStatus
GetConsoleCP
FlushFileBuffers
HeapSize
DecodePointer
GetStringTypeW
SetStdHandle
SetEnvironmentVariableA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetFilePointerEx
GetFileType
LCMapStringW
CompareStringW
GetACP
GetCommandLineA
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
FreeLibrary
EncodePointer
RaiseException
RtlUnwind
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
GetVersionExA
InitializeCriticalSection
GetTickCount
CreateFileA
GetDriveTypeW
GetLogicalDriveStringsW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
WriteFile
QueryDosDeviceW
OpenProcess

ntdll

NtCreateFile
NtWriteFile
NtReadFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile

ws2_32

getsockname
recvfrom
sendto
getsockopt
connect
ioctlsocket
socket
WSAIoctl
getaddrinfo
htons
setsockopt
closesocket
listen
bind
WSAGetLastError
WSASend
freeaddrinfo
WSAStartup
WSACleanup
WSASocketW
shutdown
accept
send
recv
getpeername
WSARecvFrom
WSADuplicateSocketW

user32

GetSystemMetrics

bcrypt

BCryptGenRandom

psapi

GetModuleFileNameExA
GetModuleFileNameExW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1aa1f3fa8c76b265ccb5cc5246de4da6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

ws2_32

user32

bcrypt

psapi

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 11KB - Virtual size: 21KB

.vmp0 Size: 7KB - Virtual size: 7KB

.reloc Size: 87KB - Virtual size: 86KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 11KB - Virtual size: 21KB

.vmp0
Size: 7KB - Virtual size: 7KB

.reloc
Size: 87KB - Virtual size: 86KB