fffe00fb1bb4135f645f0fa15f4e07e906f0711b870e11f353dbef8678ab847f

Sharing

Copy URL Twitter E-mail

General

Target

fffe00fb1bb4135f645f0fa15f4e07e906f0711b870e11f353dbef8678ab847f
Size

464KB
MD5

08a8193302c5c229fdece11636ae4b58
SHA1

a0f45d1bd0ea33e9b7155f157126c339ca5e0268
SHA256

fffe00fb1bb4135f645f0fa15f4e07e906f0711b870e11f353dbef8678ab847f
SHA512

f9db4e0c44a7454efaf0e981b7abc5e4e5ab45176e64d4fa7a4f354c10ff81e10bc83b7980abafed864457c9f910cf13b374555e84c588dd5b79fd52742327cd
SSDEEP

12288:rk5Marw/MdWSRBj1jidLgapEAkk6gmQbbeyKx0:rCZrSMdBRBj1WXmxyN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fffe00fb1bb4135f645f0fa15f4e07e906f0711b870e11f353dbef8678ab847f

Files

fffe00fb1bb4135f645f0fa15f4e07e906f0711b870e11f353dbef8678ab847f
.exe windows:6 windows x64 arch:x64

91946c05595610f8d4715a6b1f9f3330

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
CreateProcessAsUserA
CreateProcessWithLogonW
CreateProcessWithTokenW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
DuplicateTokenEx
FreeSid
GetTokenInformation
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
LogonUserA
LookupAccountSidA
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
RevertToSelf

kernel32

CloseHandle
CompareStringW
ConnectNamedPipe
CopyFileA
CreateDirectoryW
CreateFileA
CreateFileMappingA
CreateFileW
CreateNamedPipeA
CreatePipe
CreateProcessA
CreateRemoteThread
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileExW
FindNextFileA
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetFileAttributesA
GetFileSizeEx
GetFileType
GetFullPathNameA
GetLastError
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
GetVersionExA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeProcThreadAttributeList
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MapViewOfFile
MoveFileA
MultiByteToWideChar
OpenProcess
OpenThread
PeekNamedPipe
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
RemoveDirectoryW
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableW
SetErrorMode
SetFilePointerEx
SetLastError
SetNamedPipeHandleState
SetStdHandle
SetThreadContext
SetUnhandledExceptionFilter
Sleep
SystemTimeToTzSpecificLocalTime
TerminateProcess
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
UpdateProcThreadAttribute
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
Wow64DisableWow64FsRedirection
Wow64GetThreadContext
Wow64RevertWow64FsRedirection
Wow64SetThreadContext
WriteConsoleW
WriteFile
WriteProcessMemory

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
select
send
shutdown
socket

wininet

HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetQueryDataAvailable
InternetQueryOptionA
InternetReadFile
InternetSetOptionA
InternetSetStatusCallbackW

secur32

GetUserNameExA

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 92B

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91946c05595610f8d4715a6b1f9f3330

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ws2_32

wininet

secur32

Sections

.text Size: 331KB - Virtual size: 331KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 5KB - Virtual size: 50KB

.pdata Size: 15KB - Virtual size: 14KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 7KB - Virtual size: 7KB

.retplne Size: 512B - Virtual size: 92B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 331KB - Virtual size: 331KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 5KB - Virtual size: 50KB

.pdata
Size: 15KB - Virtual size: 14KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 7KB - Virtual size: 7KB

.retplne
Size: 512B - Virtual size: 92B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 2KB - Virtual size: 1KB