8880c64b93f8a425f9209291d413d89d1e019a600ffb507da4e701b4f708f6c5

Sharing

Copy URL Twitter E-mail

General

Target

8880c64b93f8a425f9209291d413d89d1e019a600ffb507da4e701b4f708f6c5
Size

1.9MB
MD5

28a6068ed3568c2b7ea4f5e1e65da012
SHA1

c4bc321a1ec983d498687e96893ea4522eac3791
SHA256

8880c64b93f8a425f9209291d413d89d1e019a600ffb507da4e701b4f708f6c5
SHA512

47f8695ca8d85aad74f07c45d9f7c51c874e4aa7f1cb52f2b2d91807c23443e6c521c9f47a8237a8b43eb47f91a419a4c5e5b1ca8022b02d5651308c0ed5b817
SSDEEP

49152:iVo01Q1v6Z42Q4v66g4Qnn5FrDNWGf+uuugtCvHE2nqtgP:icSZRverMGft/gtCcKtP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/76 (12).exe

Files

8880c64b93f8a425f9209291d413d89d1e019a600ffb507da4e701b4f708f6c5
.zip
76 (12).exe
.exe windows:5 windows x64 arch:x64

0aae3d3acbf66ce7fab88eb2b29059d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFilePointer
GetDriveTypeW
FlushFileBuffers
GetConsoleCP
ReadFile
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
LoadLibraryW
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
GetCurrentProcess
TerminateProcess
RtlCaptureContext
SetEndOfFile
GetProcessHeap
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetStdHandle
RtlVirtualUnwind
Sleep
IsDebuggerPresent
UnhandledExceptionFilter
GetTickCount
HeapSetInformation
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
WaitForSingleObject
SetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
HeapCreate
HeapDestroy
GetCurrentThreadId
SetEvent
WideCharToMultiByte
CreateEventW
ResetEvent
lstrlenW
MultiByteToWideChar
CreateFileW
GetProcAddress
GetModuleHandleW
GetFileSize
MapViewOfFileEx
CreateFileMappingW
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
SwitchToThread
GetModuleFileNameW
UnmapViewOfFile
lstrlenA
VirtualAlloc
GetLocalTime
ExitProcess
HeapAlloc
GetCurrentProcessId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualFree
FindNextFileW
FindFirstFileW
FindClose
FormatMessageA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
SystemTimeToFileTime
GetSystemTime
GetVersion
WriteFile
GetFileType
GetStdHandle
GetACP
GetEnvironmentVariableW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
DecodePointer
EncodePointer
GetCommandLineA
GetStartupInfoW
RtlPcToFileHeader
ExitThread
CreateThread
HeapReAlloc
RtlLookupFunctionEntry
RtlUnwindEx
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetModuleFileNameA

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents
socket
WSACreateEvent
gethostbyaddr
recv
connect
bind
WSACleanup
WSAEventSelect
WSAStartup
getaddrinfo
freeaddrinfo
select
__WSAFDIsSet
getsockname
getpeername
WSASetLastError
getservbyport
inet_addr
gethostbyname
inet_ntoa
WSAResetEvent
getservbyname
WSACloseEvent
WSAStringToAddressW
shutdown
closesocket
send
ioctlsocket
getsockopt
setsockopt
WSAIoctl
htonl
InetNtopW
htons
ntohs
WSAGetLastError

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext

shlwapi

StrChrW

winmm

timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod

bcrypt

BCryptGenRandom

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW

advapi32

CryptGetUserKey
ReportEventW
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
DeregisterEventSource
CryptAcquireContextW
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
CryptEnumProvidersW
RegisterEventSourceW

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0aae3d3acbf66ce7fab88eb2b29059d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

crypt32

shlwapi

winmm

bcrypt

user32

advapi32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 36KB - Virtual size: 53KB

.pdata Size: 129KB - Virtual size: 129KB

text Size: 1024B - Virtual size: 702B

data Size: 7KB - Virtual size: 6KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 36KB - Virtual size: 53KB

.pdata
Size: 129KB - Virtual size: 129KB

text
Size: 1024B - Virtual size: 702B

data
Size: 7KB - Virtual size: 6KB

.reloc
Size: 56KB - Virtual size: 55KB