6886c47d1151d9034e4c1133705dc8317091037ef77d85886530008967c2b44d

Sharing

Copy URL Twitter E-mail

General

Target

6886c47d1151d9034e4c1133705dc8317091037ef77d85886530008967c2b44d
Size

8.4MB
MD5

88980d336027928ff6418aa13af6cc28
SHA1

f6657d7b4a189366c9c4a113c6f9a5823f02b39f
SHA256

6886c47d1151d9034e4c1133705dc8317091037ef77d85886530008967c2b44d
SHA512

de86fc217b5d4515d7b7aebcefa9f1a32a956fd045c5337d8e572e1325ac117214b353048a733c89b712a1369fecf3c1f9d294a50e38c27a6c50c8d8c3829da5
SSDEEP

49152:YUlI9dJQU955vCUmh0lhAjiCiuCnA1haQfaVm/oXbMk+RuXzLRuCITmpmeklaCAR:YShmV9AqzmTuvZNShmV9AqzmTuvZf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6886c47d1151d9034e4c1133705dc8317091037ef77d85886530008967c2b44d

Files

6886c47d1151d9034e4c1133705dc8317091037ef77d85886530008967c2b44d
.exe windows:6 windows x64 arch:x64

72a952d36e8db2a8730e59431046d7dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\progects\mining-service\xmr\build\x64\Debug\main2.pdb

Imports

ws2_32

connect
closesocket
recv
send
socket
WSAGetLastError
shutdown
WSAStartup
freeaddrinfo
getaddrinfo
setsockopt
WSAPoll
htons
WSASetLastError
listen
WSASocketW
getsockname
htonl
ioctlsocket
WSACleanup
__WSAFDIsSet
accept
bind
select

wsock32

ntohl
ntohs
gethostbyname
getservbyname
WSACancelBlockingCall
getsockopt

kernel32

SetCurrentDirectoryW
HeapQueryInformation
HeapReAlloc
MoveFileExW
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
FindClose
FindFirstFileA
FindNextFileA
GetDriveTypeA
DecodePointer
CloseHandle
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateThread
GetModuleFileNameA
WaitForMultipleObjects
CreateSemaphoreA
CopyFileA
GetVolumePathNameA
MultiByteToWideChar
DeleteFileA
CreateProcessA
FreeLibrary
LoadLibraryExA
LoadResource
LockResource
SizeofResource
FindResourceA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
CreateDirectoryA
Sleep
GetCurrentProcess
VirtualAlloc
VirtualFree
GetLargePageMinimum
FormatMessageA
GetCurrentDirectoryW
GetTempPathA
GetTempFileNameA
GetCurrentDirectoryA
CreateFileA
GetFileAttributesA
LocalFileTimeToFileTime
GetEnvironmentStringsW
SetFilePointer
SetFileTime
WriteFile
SystemTimeToFileTime
GetFileInformationByHandle
GetFileSize
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
FileTimeToSystemTime
CreateMutexA
OpenMutexA
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetHandleInformation
GetTickCount64
GetStdHandle
GetFileType
GetCurrentThreadId
GetVersion
FindFirstFileW
FindNextFileW
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetVersionExW
GetProcAddress
LoadLibraryW
GlobalMemoryStatus
FlushConsoleInputBuffer
LoadLibraryA
GetDateFormatW
WriteConsoleW
OutputDebugStringA
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetFullPathNameW
GetFullPathNameA
GetTimeZoneInformation
ReadConsoleW
FindFirstFileExA
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
SetThreadAffinityMask
GetCommandLineW
GetConsoleMode
GetACP
SetConsoleCtrlHandler
ResumeThread
ExitThread
SetStdHandle
ExitProcess
SystemTimeToTzSpecificLocalTime
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
SetProcessAffinityMask
VirtualProtect
LoadLibraryExW
GetModuleHandleA
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEndOfFile
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
RtlUnwindEx
ReadFile
RtlCaptureStackBackTrace
PeekNamedPipe
GetDriveTypeW
CreateFileW
GetSystemInfo
HeapValidate
HeapSize
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
TryEnterCriticalSection
FormatMessageW
RtlPcToFileHeader
EncodePointer
QueryPerformanceFrequency
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
LocalFree
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleExW

user32

GetProcessWindowStation
MessageBoxW
GetDesktopWindow
UnregisterClassA
GetUserObjectInformationW
wsprintfA

gdi32

SelectObject
GetDeviceCaps
GetBitmapBits
DeleteObject
DeleteDC
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW

shell32

SHGetSpecialFolderPathA

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

advapi32

RegisterEventSourceW
DeregisterEventSource
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegOpenKeyExA
RegCloseKey
ReportEventW

shlwapi

PathFileExistsA

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

Exports

Exports

go
start

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 817KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72a952d36e8db2a8730e59431046d7dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wsock32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

wininet

urlmon

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 817KB - Virtual size: 816KB

.data Size: 140KB - Virtual size: 172KB

.pdata Size: 164KB - Virtual size: 163KB

.gfids Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 185KB - Virtual size: 185KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 817KB - Virtual size: 816KB

.data
Size: 140KB - Virtual size: 172KB

.pdata
Size: 164KB - Virtual size: 163KB

.gfids
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 185KB - Virtual size: 185KB

.reloc
Size: 28KB - Virtual size: 27KB