28bff17fe2b9a2caada1ae404f44de9e30e6fecd6a00d5f7ed5b90353f6812a7

Sharing

Copy URL

Twitter E-mail

General

Target

28bff17fe2b9a2caada1ae404f44de9e30e6fecd6a00d5f7ed5b90353f6812a7
Size

2.9MB
MD5

23902da607356ebc37f160ff1a518dfe
SHA1

69ca31a6e67342bc73a8a6dd8dbcdb6b59bc8e6a
SHA256

28bff17fe2b9a2caada1ae404f44de9e30e6fecd6a00d5f7ed5b90353f6812a7
SHA512

405a9e5ca1d1c30d3876cfe5f29995ff26ed381a91bf67b2a381aa415c839f492b7a2630e6b13d3fe77243a95a094040a9199c56821605daef83d3240e554ee0
SSDEEP

49152:t9HKPpJqQSr+Vq4YBJUQU/mW4Um74FXViIB4jo81ZmIx8t+yYPkEy7CeTBTDTHah:t9HyH3S2QcB4GoEAyMed

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28bff17fe2b9a2caada1ae404f44de9e30e6fecd6a00d5f7ed5b90353f6812a7

Files

28bff17fe2b9a2caada1ae404f44de9e30e6fecd6a00d5f7ed5b90353f6812a7
.exe windows:5 windows x86 arch:x86

a28a171f06f6f5ceebe72ad5fd51c43b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
OpenProcessToken
GetUserNameW
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
AllocateAndInitializeSid
SetEntriesInAclW
GetSecurityInfo
FreeSid
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

user32

GetSystemMetrics

kernel32

GetCurrentProcess
CloseHandle
GetCurrentProcessId
ProcessIdToSessionId
GetProcAddress
FreeLibrary
GetVolumeInformationA
GetModuleHandleA
GetEnvironmentVariableA
SetLastError
GetVersionExA
GetCurrentThreadId
OpenProcess
Sleep
GetSystemTime
SystemTimeToFileTime
GetProcessTimes
LocalFree
CreateFileW
GetFileInformationByHandle
WideCharToMultiByte
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
VirtualProtect
GetExitCodeThread
ResumeThread
OutputDebugStringA
OpenMutexA
GetModuleFileNameW
LoadLibraryExW
GetCommandLineW
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
ReadFile
WriteFile
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
LocalAlloc
MultiByteToWideChar
GetComputerNameW
DeviceIoControl
CreateFileA
GetSystemInfo
DefineDosDeviceA
QueryDosDeviceA
SetFileAttributesW
CreateDirectoryW
TlsAlloc
TlsSetValue
TlsGetValue
GetSystemTimeAsFileTime
IsBadReadPtr
DuplicateHandle
CreateMutexA
ReleaseMutex
WaitForSingleObject
GetDriveTypeA
GetLogicalDrives
GetSystemDirectoryA
LoadLibraryExA
GetComputerNameExW
FindFirstFileW
TerminateProcess
GetTimeZoneInformation
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
CreateThread
SetThreadPriority
TerminateThread
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
DeleteFileW
RemoveDirectoryW
MoveFileExW
SetFilePointerEx
SetEndOfFile
SwitchToThread
FindNextFileW
SetEvent
CreateEventA
ExitProcess
GetStartupInfoA
GetCommandLineA
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsFree
HeapDestroy
HeapCreate
VirtualFree
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 152KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a28a171f06f6f5ceebe72ad5fd51c43b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 152KB - Virtual size: 207KB

.rsrc Size: 65KB - Virtual size: 68KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 152KB - Virtual size: 207KB

.rsrc
Size: 65KB - Virtual size: 68KB