7eb22619f689ccf794a55c00b84346910a19a7857567fd30b88ac0fcf026aabd

Sharing

Copy URL Twitter E-mail

General

Target

7eb22619f689ccf794a55c00b84346910a19a7857567fd30b88ac0fcf026aabd
Size

194KB
MD5

f6fda1ee389923f2735cb2812b19f799
SHA1

f02decce78d685ebeadaa435919dd6aa92b58a74
SHA256

7eb22619f689ccf794a55c00b84346910a19a7857567fd30b88ac0fcf026aabd
SHA512

f6f507488eb78687c45fe6ab9831bb2e0cb7a9c13af370b0c0fe52ae06e3a34bf7fb111ebc8a84055c5867c1da8852d851fda3d75c02fcd0663f5bd4dae5a377
SSDEEP

3072:Lc1whuUm/LS6Z++rdAnbLo4tNpgxS21vD/STiyyIYXIHm1juYrlj2KUUi:41whuUhym44tN/2wTWIY5aKUUi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7eb22619f689ccf794a55c00b84346910a19a7857567fd30b88ac0fcf026aabd

Files

7eb22619f689ccf794a55c00b84346910a19a7857567fd30b88ac0fcf026aabd
.exe windows:6 windows x86 arch:x86

bd825fce4e1bbdab7d92fc277f62b1fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AcquireSRWLockExclusive
CreateIoCompletionPort
WakeAllConditionVariable
GetCommandLineW
SetLastError
GetModuleFileNameW
GetLastError
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
HeapSize
LCMapStringW
AddVectoredExceptionHandler
HeapFree
HeapReAlloc
CloseHandle
CompareStringW
SetHandleInformation
GetQueuedCompletionStatusEx
SetFileCompletionNotificationModes
GetModuleHandleA
CreateFileW
GetStringTypeW
WaitForSingleObject
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
TryAcquireSRWLockExclusive
SetThreadStackGuarantee
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileType
ReadConsoleW
WideCharToMultiByte
GetModuleHandleW
FormatMessageW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExitProcess
HeapAlloc
GetProcessHeap
SleepConditionVariableSRW
WakeConditionVariable
PostQueuedCompletionStatus
GetEnvironmentVariableW
CreateThread
SetConsoleCtrlHandler
DecodePointer
GetCPInfo
GetProcAddress
ReleaseSRWLockExclusive
GetOEMCP
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
WriteFile
GetModuleHandleExW
GetCommandLineA
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP

ws2_32

WSAIoctl
getaddrinfo
WSAStartup
bind
WSACleanup
freeaddrinfo
closesocket
WSAGetLastError
recv
getsockopt
connect
ioctlsocket
socket
WSASend
WSASocketW

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

ntdll

RtlNtStatusToDosError
NtWriteFile
NtDeviceIoControlFile
NtCreateFile
NtReadFile
NtCancelIoFileEx

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd825fce4e1bbdab7d92fc277f62b1fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

bcrypt

advapi32

ntdll

Sections

.text Size: 133KB - Virtual size: 132KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 2KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 133KB - Virtual size: 132KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 2KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB