ae67ed945a1a24b2baa92bcccfe72182332fa0e4c6e18eae2f02928b5b76e686

Sharing

Copy URL

Twitter E-mail

General

Target

ae67ed945a1a24b2baa92bcccfe72182332fa0e4c6e18eae2f02928b5b76e686
Size

799KB
MD5

912d24791db8012151c1339647d4ac2f
SHA1

77ff946aadbbf87720cc92f32092dcb55014e6c7
SHA256

ae67ed945a1a24b2baa92bcccfe72182332fa0e4c6e18eae2f02928b5b76e686
SHA512

2c67b558b72c5559b6c37bb9e7eb788efe84e6afdddb325e550e54337dd875ccae7ce188b3ecd143accdeef3e4522da3cf78be7c6aaa0f303d246803336796af
SSDEEP

12288:oTIzWpRoHFmTNw/xyoxPFFFFFFFFFFFF5JI2EiEajx24fb3/Qo2iv0r/q:oTI6ro7xymbEiEajxW4v4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae67ed945a1a24b2baa92bcccfe72182332fa0e4c6e18eae2f02928b5b76e686

Files

ae67ed945a1a24b2baa92bcccfe72182332fa0e4c6e18eae2f02928b5b76e686
.exe windows:6 windows x64 arch:x64

7e9eb7cd9ff5c19b82acee4e2e9c86df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

project.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

bcryptprimitives

ProcessPrng

kernel32

GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
DuplicateHandle
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
QueryPerformanceCounter
GetStdHandle
GetCurrentProcessId
Sleep
WaitForSingleObject
WriteFileEx
SleepEx
GetExitCodeProcess
QueryPerformanceFrequency
SetWaitableTimer
GetCurrentProcess
HeapReAlloc
ReleaseMutex
GetProcessHeap
HeapAlloc
FindNextFileW
FindClose
CreateFileW
CreateWaitableTimerExW
FindFirstFileW
DeleteFileW
SetFileInformationByHandle
ReadFile
GetOverlappedResult
CancelIo
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetConsoleMode
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
CreateThread
GetFullPathNameW
GetModuleHandleA
GetTempPathW
InitializeSListHead
UnhandledExceptionFilter
MoveFileExW
WaitForSingleObjectEx
CreateMutexA
lstrlenW
SetUnhandledExceptionFilter
GetLastError
GetCurrentThread
VirtualProtect
VirtualAlloc
GetProcAddress
LoadLibraryA
IsDebuggerPresent
CloseHandle
GetSystemTimeAsFileTime
GetCurrentThreadId
CreateEventW
HeapFree
IsProcessorFeaturePresent

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

vcruntime140

memcpy
memcmp
__CxxFrameHandler3
__current_exception_context
__current_exception
memmove
memset
__C_specific_handler
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

exit
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_get_initial_narrow_environment
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_set_app_type
_initterm_e
_initialize_narrow_environment
_initterm

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e9eb7cd9ff5c19b82acee4e2e9c86df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

shell32

ole32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 198KB - Virtual size: 197KB

.rdata Size: 584KB - Virtual size: 584KB

.data Size: 512B - Virtual size: 792B

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 198KB - Virtual size: 197KB

.rdata
Size: 584KB - Virtual size: 584KB

.data
Size: 512B - Virtual size: 792B

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB