c68c0e20bee5ecb6b8b482be6f2365e4e69fa88dc39c07110b3ffb4afa2c4842N

Sharing

Copy URL Twitter E-mail

General

Target

c68c0e20bee5ecb6b8b482be6f2365e4e69fa88dc39c07110b3ffb4afa2c4842N
Size

7.4MB
MD5

95683aeaa8d37ba6a0818d5202891c10
SHA1

13a8d6328deb6e3f4a8f084c1052c122fc239cf2
SHA256

c68c0e20bee5ecb6b8b482be6f2365e4e69fa88dc39c07110b3ffb4afa2c4842
SHA512

3c271f5f9fa3fb0c25091b267ae61452899835a3c47460d5b18f4e2390bb9a241664327ff20f1fa14acd95a64b359b05ff03ab32b72be089d470ab89d731445e
SSDEEP

196608:mbCtGbQMOxYjxi4BSoL2SzlOGJsrmm4jgR7saTbG:mbfMYjxiYjLbzlOGJsrmm4jqAa3G

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c68c0e20bee5ecb6b8b482be6f2365e4e69fa88dc39c07110b3ffb4afa2c4842N

Files

c68c0e20bee5ecb6b8b482be6f2365e4e69fa88dc39c07110b3ffb4afa2c4842N
.exe windows:6 windows x64 arch:x64

696ad5b07c5baab645c04dffbdb9b2dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitOnceExecuteOnce
GetTickCount64
GetModuleHandleW
SetFileCompletionNotificationModes
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
CopyFileExW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetLastError
GetHandleInformation
GetCurrentProcessId
TryEnterCriticalSection
WaitForSingleObject
IsDebuggerPresent
SetHandleInformation
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
Sleep
GetConsoleWindow
WideCharToMultiByte
CreateSemaphoreA
CreateDirectoryExW
GetWindowsDirectoryW
DeviceIoControl
SetFileTime
SetFileAttributesW
GetFileTime
GetFileAttributesW
GetDiskFreeSpaceExW
FormatMessageW
FormatMessageA
LocalFree
VirtualProtectEx
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcess
CreateEventA
WaitForSingleObjectEx
ReleaseSemaphore
SetEvent
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetProcessHeap
HeapFree
HeapAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
WriteConsoleW
OutputDebugStringW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
HeapQueryInformation
HeapSize
HeapReAlloc
RemoveDirectoryW
DeleteFileW
GetFileAttributesExW
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
DuplicateHandle
CloseHandle
EnumSystemFirmwareTables
AreFileApisANSI
MultiByteToWideChar
WakeAllConditionVariable
SleepConditionVariableSRW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
OpenEventA
ResetEvent
WaitForMultipleObjectsEx
SetWaitableTimer
ResumeThread
GetLogicalProcessorInformation
GetModuleHandleA
CreateWaitableTimerA
GetStdHandle
GetFileType
WriteFile
RtlVirtualUnwind
GetEnvironmentVariableW
GetModuleHandleExW
VirtualAlloc
VirtualProtect
VirtualFree
VirtualLock
GetACP
GetExitCodeThread
SwitchToFiber
DeleteFiber
CreateFiberEx
GetSystemDirectoryA
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
ConvertFiberToThread
ConvertThreadToFiberEx
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionEx
CreateEventW
GetCurrentThread
GetSystemDirectoryW
SleepEx
MoveFileExW
GetEnvironmentVariableA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
GetNativeSystemInfo
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
GetStringTypeW
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
CreateDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
SetConsoleCtrlHandler
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
GetConsoleOutputCP
GetTimeZoneInformation
GetTempPathW
GetDateFormatW
GetTimeFormatW
CompareStringW
RtlUnwind

user32

ShowWindow
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

CryptEncrypt
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
OpenThreadToken
CryptGetHashParam
CryptHashData
CryptImportKey

crypt32

CryptStringToBinaryW
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CertOpenStore
PFXImportCertStore
CryptDecodeObjectEx
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle

bcrypt

BCryptGenRandom

ws2_32

WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
shutdown
socket
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
gethostbyname
select
sendto
recvfrom
inet_ntoa
inet_addr
freeaddrinfo
WSAWaitForMultipleEvents
inet_pton
inet_ntop
getaddrinfo
ntohl
WSAIoctl
ntohs
getpeername
getnameinfo
WSASocketA
WSACleanup
WSAStartup
setsockopt
send
recv
listen
htons
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
WSAGetLastError
WSAPoll
__WSAFDIsSet
gethostname
WSASetEvent

iphlpapi

if_indextoname
GetAdaptersAddresses

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

696ad5b07c5baab645c04dffbdb9b2dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

crypt32

api-ms-win-core-synch-l1-2-0

bcrypt

ws2_32

iphlpapi

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 55KB - Virtual size: 74KB

.pdata Size: 278KB - Virtual size: 277KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 49KB - Virtual size: 49KB

.rsrc Size: 543KB - Virtual size: 543KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 55KB - Virtual size: 74KB

.pdata
Size: 278KB - Virtual size: 277KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 49KB - Virtual size: 49KB

.rsrc
Size: 543KB - Virtual size: 543KB