344a06b56c4ad85b1dc0fe73565d3a60N

Sharing

Copy URL

Twitter E-mail

General

Target

344a06b56c4ad85b1dc0fe73565d3a60N
Size

93KB
MD5

344a06b56c4ad85b1dc0fe73565d3a60
SHA1

441c36046cd2cf7c0cf5f20c8a208c426a9b7beb
SHA256

e5dc6527a193f6301dba9497c4588e796d1a965a7be9388aeaa62f88dbfed177
SHA512

55fdc777e8fa1752af82b447246e69b995b83c1082fbbee9296c2e9a0586e3a4e27c6ee88d64a3aab2c949b1c2cdf40d479641b39d0c334aed6ce5a5034205ec
SSDEEP

1536:g4EV8MJT/1F/ikEUxGeGxyri+SDyBSqJ4CyJ2Ihs+Awez:g4YrJT/r66xGeGEm+SDSSqJvyJw+A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
344a06b56c4ad85b1dc0fe73565d3a60N

Files

344a06b56c4ad85b1dc0fe73565d3a60N
.exe windows:6 windows x64 arch:x64

ec260f30442cf07509f41b6c0ded0588

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

splwow64.pdb

Imports

advapi32

TraceMessage
GetTokenInformation
OpenThreadToken
RegCloseKey
RegQueryValueExW
RegOpenKeyW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
GetSidSubAuthorityCount
ConvertSidToStringSidW
OpenProcessToken
GetSidSubAuthority

kernel32

CreateThread
FreeLibrary
GetProcAddress
LoadLibraryW
ReleaseActCtx
DeactivateActCtx
TlsAlloc
TlsFree
ProcessIdToSessionId
InitializeCriticalSection
GetCurrentProcessId
LocalFree
SystemTimeToFileTime
Sleep
GetFileAttributesW
GetSystemDirectoryW
GetFullPathNameW
GetCurrentThread
SetLastError
ActivateActCtx
CreateActCtxW
SetEvent
CreateEventW
GetModuleHandleW
HeapSetInformation
TlsSetValue
DuplicateHandle
GetCurrentProcess
OpenProcess
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
GetProcessHeap
HeapFree
SetThreadpoolTimer
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetLastError
CloseHandle
GetSystemTime
LeaveCriticalSection
WaitForSingleObject

user32

PostMessageW

msvcrt

__CxxFrameHandler3
?terminate@@YAXXZ
_purecall
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
memcpy
_wtol
__C_specific_handler
_wcsicmp
??3@YAXPEAX@Z
memset
??2@YAPEAX_K@Z
_vsnwprintf
sqrt

winspool.drv

ClosePrinter
OpenPrinterW
GetPrinterDataW
GetPrinterDriverW

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
RpcMgmtStopServerListening
RpcServerUseProtseqEpW
RpcServerRegisterIf2
RpcServerInqBindings
RpcBindingVectorFree
NdrServerCallAll
NdrServerCall2
RpcServerListen
RpcServerRegisterAuthInfoW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtAcceptConnectPort
NtCompleteConnectPort
NtReplyPort
NtClose
NtAlpcOpenSenderThread
RtlInitUnicodeString
NtCreatePort
NtReplyWaitReceivePort
TpAllocAlpcCompletion
TpWaitForWork
TpAllocWait
TpStartAsyncIoOperation
TpWaitForWait
TpReleasePool
TpWaitForAlpcCompletion
TpSetTimer
TpPostWork
TpWaitForTimer
TpReleaseWait
RtlNtStatusToDosError
TpCallbackMayRunLong
TpReleaseWork
TpReleaseAlpcCompletion
TpSimpleTryPost
TpWaitForIoCompletion
TpSetWait
TpReleaseTimer
TpAllocWork
TpAllocIoCompletion
TpReleaseIoCompletion
TpAllocTimer
EtwTraceMessage
EtwEventWrite
EtwEventEnabled

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ec260f30442cf07509f41b6c0ded0588

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

winspool.drv

rpcrt4

ntdll

Sections

.text Size: 58KB - Virtual size: 57KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 29KB

.text
Size: 58KB - Virtual size: 57KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 29KB