a7e07cbc0e17bdb2bce8cde53ca30f40N

Sharing

Copy URL Twitter E-mail

General

Target

a7e07cbc0e17bdb2bce8cde53ca30f40N
Size

3.9MB
MD5

a7e07cbc0e17bdb2bce8cde53ca30f40
SHA1

822396a29ec93cb4e22f5a57e710c65e69b1feb1
SHA256

29fc9e92bc6ac7fa82c6c8de86ccab505ad642ecd7733c93c1e0b96c2194ff35
SHA512

90ee6827628cd1a8818492e104b14abb02c5474010c3b28b6e6e4ce4e42bb3cc38e8a5f9cd1b995dd7904418304a71f4f77c6c30b9c85fa1d5192a9a7a9dcce4
SSDEEP

49152:q6RKwrOAWktQ4gp+xbknxJtWvPnl9isuYeEZ6FARt6E3GZ+nlqphz5pQ1:q6FuWFkOlEECARjG4lkpS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7e07cbc0e17bdb2bce8cde53ca30f40N

Files

a7e07cbc0e17bdb2bce8cde53ca30f40N
.exe windows:5 windows x64 arch:x64

b3ee9ba5157ba94b332abc2152e0de76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFilePointer
GetDriveTypeW
FlushFileBuffers
GetConsoleCP
ReadFile
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
LoadLibraryW
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
GetTickCount
HeapSetInformation
FlsAlloc
SetEndOfFile
GetProcessHeap
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetStdHandle
FlsFree
Sleep
FlsSetValue
FlsGetValue
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
RaiseException
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
WaitForSingleObject
SetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
HeapCreate
HeapDestroy
GetCurrentThreadId
SetEvent
WideCharToMultiByte
CreateEventW
ResetEvent
lstrlenW
MultiByteToWideChar
CreateFileW
GetProcAddress
GetModuleHandleW
GetFileSize
MapViewOfFileEx
CreateFileMappingW
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
SwitchToThread
GetModuleFileNameW
UnmapViewOfFile
lstrlenA
VirtualAlloc
GetLocalTime
ExitProcess
HeapAlloc
GetCurrentProcessId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualFree
FindNextFileW
FindFirstFileW
FindClose
FormatMessageA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
SystemTimeToFileTime
GetSystemTime
GetVersion
WriteFile
GetFileType
GetStdHandle
GetACP
GetEnvironmentVariableW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
DecodePointer
EncodePointer
GetCommandLineA
GetStartupInfoW
RtlPcToFileHeader
ExitThread
CreateThread
HeapReAlloc
RtlLookupFunctionEntry
RtlUnwindEx
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
SetConsoleCtrlHandler
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents
socket
WSACreateEvent
gethostbyaddr
recv
connect
bind
WSACleanup
WSAEventSelect
WSAStartup
getaddrinfo
freeaddrinfo
select
__WSAFDIsSet
getsockname
getpeername
WSASetLastError
getservbyport
inet_addr
gethostbyname
inet_ntoa
WSAResetEvent
getservbyname
WSACloseEvent
WSAStringToAddressW
shutdown
closesocket
send
ioctlsocket
getsockopt
setsockopt
WSAIoctl
htonl
InetNtopW
htons
ntohs
WSAGetLastError

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext

shlwapi

StrChrW

winmm

timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod

bcrypt

BCryptGenRandom

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW

advapi32

CryptGetUserKey
ReportEventW
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
DeregisterEventSource
CryptAcquireContextW
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
CryptEnumProvidersW
RegisterEventSourceW

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3ee9ba5157ba94b332abc2152e0de76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

crypt32

shlwapi

winmm

bcrypt

user32

advapi32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 36KB - Virtual size: 53KB

.pdata Size: 129KB - Virtual size: 129KB

text Size: 1024B - Virtual size: 702B

data Size: 7KB - Virtual size: 6KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 36KB - Virtual size: 53KB

.pdata
Size: 129KB - Virtual size: 129KB

text
Size: 1024B - Virtual size: 702B

data
Size: 7KB - Virtual size: 6KB