266fe753ec2e88fa7065639677a1716763ec7954290c74900c51db3d2e016ba0N

Sharing

Copy URL Twitter E-mail

General

Target

266fe753ec2e88fa7065639677a1716763ec7954290c74900c51db3d2e016ba0N
Size

364KB
MD5

8df81c47b4e5d42a4a30b6e623f2cc20
SHA1

dc750777ca828eba7cd6bb5900fc1058e02a7137
SHA256

266fe753ec2e88fa7065639677a1716763ec7954290c74900c51db3d2e016ba0
SHA512

34611944cbe5174315b3bddc5923aea1c3667d7536d5bf39ab4b4f9b2e35091150f671e8f3c701bdc573853d1bb6f54836474f341562306c13fc051ec46c3da0
SSDEEP

3072:pHn0bqdfB4iZMXM5062+i2UWAehv5CcKS:l3lm6i2UWbC7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
266fe753ec2e88fa7065639677a1716763ec7954290c74900c51db3d2e016ba0N

Files

266fe753ec2e88fa7065639677a1716763ec7954290c74900c51db3d2e016ba0N
.exe windows:6 windows x64 arch:x64

c1e65c7ff153f2c2e6a7e93706ae226a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

InitializeSecurityDescriptor
AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegDisablePredefinedCache
ReportEventW
GetLengthSid
CopySid
InitializeAcl
AddAce
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyExW
RegisterEventSourceW
DeregisterEventSource
SetThreadToken
RevertToSelf
ImpersonateLoggedOnUser
OpenThreadToken
GetAclInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
AccessCheck
MapGenericMask
RegQueryValueExW
GetTokenInformation

kernel32

CompareStringW
HeapSetInformation
GetCurrentProcessId
TerminateProcess
SetEvent
CreateThread
WaitForMultipleObjects
Sleep
GetCurrentThreadId
lstrlenW
GetModuleFileNameW
OpenFileMappingW
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
TlsAlloc
TlsFree
GetCommandLineW
SwitchToThread
CreateEventW
GetTickCount
GetCurrentThread
GetStringTypeExW
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetProcessHeap
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
ChangeTimerQueueTimer
CloseHandle
DuplicateHandle
GetProcAddress
FreeLibrary
GetModuleHandleExW
GetLastError
LocalFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateFileMappingW

user32

UnregisterClassW
DefWindowProcW
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
ShowWindow
UpdateWindow
GetSystemMenu
DeleteMenu
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
MsgWaitForMultipleObjectsEx
PostMessageW

msvcrt

_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
__setusermatherr
__C_specific_handler
__getmainargs
_purecall
_vsnwprintf
_itow
wcstok
_commode
_fmode
__set_app_type
??1type_info@@UEAA@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
memcmp
_CxxThrowException
__CxxFrameHandler3
memset
memcpy
_XcptFilter

ntdll

NtQuerySystemInformation
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwTraceMessage

wbemcomn

?BreakOnDbgAndRenterLoop@@YAKXZ
?GetMemLogObject@@YAPEAVCMemoryLog@@XZ
?Write@CMemoryLog@@QEAAXJ@Z
?_ThrowMemoryException_@@YAXXZ
?SetPreferredLanguages@CMUILocale@@SAJKPEBGPEAK@Z
?_Free@CMUILocale@@SAHPEAX@Z
?GetPreferredLanguages@CMUILocale@@SAJKPEAPEAGPEAK@Z

fastprox

?New@CWbemCallSecurity@@SAPEAV1@XZ

ncobjapi

WmiCreateObjectWithFormat
WmiDestroyObject
WmiEventSourceDisconnect
WmiSetAndCommitObject
WmiEventSourceConnect

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SysAllocStringLen
VariantChangeType

ole32

CoGetClassObject
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoRegisterClassObject
CoFreeUnusedLibrariesEx
StringFromGUID2
CoGetCallContext
CoSwitchCallContext
CoImpersonateClient
CoRevertToSelf
CLSIDFromString
CoRevokeClassObject

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1e65c7ff153f2c2e6a7e93706ae226a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

wbemcomn

fastprox

ncobjapi

oleaut32

ole32

Sections

.text Size: 250KB - Virtual size: 249KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 9KB - Virtual size: 9KB

.pdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 250KB - Virtual size: 249KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 9KB - Virtual size: 9KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB