36071c51d0e0bbf356d9e5ceb6253fb64d3e5317393a4936e01483b08cf41d4c[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

36071c51d0e0bbf356d9e5ceb6253fb64d3e5317393a4936e01483b08cf41d4c.exe
Size

8.8MB
MD5

ea11399b7466f4f0ed36c45cf2e51637
SHA1

6cf240ea2aa7c644f32edca431508b377ffd6a41
SHA256

36071c51d0e0bbf356d9e5ceb6253fb64d3e5317393a4936e01483b08cf41d4c
SHA512

d2698eb28701f56339a33c5853e3ce5c1b81b3d69a2d22b68e6c96290574bb4d0ea1861c511d9a1c4f583dbe74bf330bd56fdd6a61f2f24f916a1081373ddb70
SSDEEP

98304:m+DzECtkIYMlPxcIyywmFG8L0tWZFt6Wx3UD1F6L:mWECtZdeFyZFG8AtWZFtIJcL

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36071c51d0e0bbf356d9e5ceb6253fb64d3e5317393a4936e01483b08cf41d4c.exe

Files

36071c51d0e0bbf356d9e5ceb6253fb64d3e5317393a4936e01483b08cf41d4c.exe
.exe windows:6 windows x64 arch:x64

219e97a42d145725cbe8b4b0a8646ab3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitOnceExecuteOnce
GetTickCount64
GetModuleHandleW
SetFileCompletionNotificationModes
EnterCriticalSection
InitializeCriticalSection
SetConsoleTextAttribute
GetLastError
RaiseException
GetHandleInformation
SetThreadAffinityMask
GetProcessAffinityMask
SetThreadPriority
RtlUnwind
CreateMutexA
GetConsoleScreenBufferInfo
CreatePipe
OpenProcess
GetCurrentProcessId
GetExitCodeProcess
GetProcessTimes
DuplicateHandle
SetDllDirectoryW
GetFileSize
TryEnterCriticalSection
GetCurrentThreadId
WaitForSingleObject
IsDebuggerPresent
SetHandleInformation
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
Sleep
SetEvent
GetConsoleWindow
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
VirtualProtectEx
GetCurrentProcess
CreateEventA
GetProcessHeap
HeapFree
HeapAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
WriteConsoleW
HeapSize
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
DeleteCriticalSection
CreateProcessW
LeaveCriticalSection
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
InitializeCriticalSectionEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
ReleaseSemaphore
GetSystemInfo
OpenEventA
ResetEvent
WaitForMultipleObjectsEx
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
GetModuleHandleA
CreateWaitableTimerA
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetLogicalDriveStringsW
GetLongPathNameW
GetTempPathW
GetSystemDirectoryW
GetModuleFileNameW
CreateDirectoryW
CreateFileW
DeleteFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
CopyFileW
MoveFileExW
CreateHardLinkW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExW
GetComputerNameW
FindClose
FindFirstFileW
FindNextFileW
ReleaseMutex
CreateMutexW
CreateEventW
WaitForMultipleObjects
VirtualAlloc
VirtualProtect
VirtualFree
VirtualLock
SwitchToFiber
DeleteFiber
CreateFiberEx
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
GetSystemDirectoryA
CreateSemaphoreA
GetACP
GetStdHandle
GetFileType
WriteFile
RtlVirtualUnwind
ConvertFiberToThread
ConvertThreadToFiberEx
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
ExitProcess
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
HeapReAlloc
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
SetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FindFirstFileExW
IsValidCodePage
EnumSystemFirmwareTables

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
ShowWindow

advapi32

RegSetValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW

mswsock

TransmitFile

ws2_32

gethostname
WSASendTo
WSASend
WSARecvFrom
WSARecv
socket
shutdown
getservbyname
sendto
recvfrom
inet_ntoa
inet_addr
freeaddrinfo
getaddrinfo
ntohl
WSAIoctl
select
getpeername
getnameinfo
WSASocketA
WSACleanup
WSAStartup
setsockopt
send
recv
listen
htons
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
WSAGetLastError
WSAPoll
WSASetLastError
gethostbyaddr
getservbyport
gethostbyname
ntohs

iphlpapi

if_indextoname
GetAdaptersAddresses

crypt32

CertOpenSystemStoreW
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

219e97a42d145725cbe8b4b0a8646ab3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

mswsock

ws2_32

iphlpapi

crypt32

Sections

.text Size: 6.8MB - Virtual size: 6.8MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 87KB - Virtual size: 111KB

.pdata Size: 342KB - Virtual size: 341KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 60KB - Virtual size: 59KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 6.8MB - Virtual size: 6.8MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 87KB - Virtual size: 111KB

.pdata
Size: 342KB - Virtual size: 341KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 1KB - Virtual size: 1KB