f91014cbfa48f0633ca53911edc1bd2531660157cde51dc79297b41dbf7d5975

Sharing

Copy URL Twitter E-mail

General

Target

f91014cbfa48f0633ca53911edc1bd2531660157cde51dc79297b41dbf7d5975
Size

7.3MB
MD5

43b904c3636a71a8c7002a3be237f02f
SHA1

a113aad11271b9930894af46fc2b69a65018252a
SHA256

f91014cbfa48f0633ca53911edc1bd2531660157cde51dc79297b41dbf7d5975
SHA512

2f3549ce71cae1707ba9640b774871b063306cfbea79fe38e2eae355003092cc8f682f0d7bf8d2d718013e8be8ee19ed5ec2ee048217e9da8f248a67042ff58a
SSDEEP

98304:w4K4GjlOcsLnwVkotALSEuSR7vPw1TqtZ5Ij0KF6iV3A4t/tlW3MAz2W:w4T90LKFHwJCZ5yPrxA4Fy3Mj

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f91014cbfa48f0633ca53911edc1bd2531660157cde51dc79297b41dbf7d5975

Files

f91014cbfa48f0633ca53911edc1bd2531660157cde51dc79297b41dbf7d5975
.exe windows:5 windows x86 arch:x86

78e345e16e4a068e85c6c300e1d3999d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
SystemTimeToFileTime
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetCapture

gdi32

CreateCompatibleDC

advapi32

CryptAcquireContextW

shell32

SHGetSpecialFolderPathA

ole32

CoUninitialize

oleaut32

SysFreeString

shlwapi

PathIsDirectoryA

comctl32

_TrackMouseEvent

wininet

HttpQueryInfoA

ws2_32

select

psapi

GetProcessImageFileNameA

crypt32

CertOpenStore

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.beta0
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.beta1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78e345e16e4a068e85c6c300e1d3999d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

ws2_32

psapi

crypt32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 584KB - Virtual size: 584KB

.data Size: 28KB - Virtual size: 40KB

.gfids Size: 512B - Virtual size: 4KB

.beta0 Size: 2.4MB - Virtual size: 2.4MB

.beta1 Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 584KB - Virtual size: 584KB

.data
Size: 28KB - Virtual size: 40KB

.gfids
Size: 512B - Virtual size: 4KB

.beta0
Size: 2.4MB - Virtual size: 2.4MB

.beta1
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 16KB - Virtual size: 16KB