0d29a1abb54f6334f5981559aabddd78a1c32ad31267db0d5dcf8e795fac5c98[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0d29a1abb54f6334f5981559aabddd78a1c32ad31267db0d5dcf8e795fac5c98.exe
Size

245KB
MD5

8cb13597a62dc2d718ade1f0ce18ef05
SHA1

f06c4c9a1432b6f777e06c1642cb6c81d07d8b7b
SHA256

0d29a1abb54f6334f5981559aabddd78a1c32ad31267db0d5dcf8e795fac5c98
SHA512

906b6d8c95a7a2640dce1d75a2e07cb28cc3e8adf4b0463ea00fe2da81e77b85d668f3232653834c4835aa4cfea14bd8d294446a9e7a41bcebfa629cbd2817d7
SSDEEP

3072:/UukvKgWTh2S+h5EtoJ18QI+bpWPFGTEgo+EX9MKWEGTEgo+Em9MKW+:8u/TASKCtoJ6QIQ2FHgoHTWEHgo2TW+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d29a1abb54f6334f5981559aabddd78a1c32ad31267db0d5dcf8e795fac5c98.exe

Files

0d29a1abb54f6334f5981559aabddd78a1c32ad31267db0d5dcf8e795fac5c98.exe
.dll windows:6 windows x64 arch:x64

54b907ef88e1152a442e4781bba49bdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindFileNameW
PathFileExistsA
PathFindFileNameA

user32

wsprintfA

shell32

SHGetFolderPathA

ntdll

NtQueryInformationProcess

wininet

InternetOpenW
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringEx
SetStdHandle
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
WriteConsoleW
Thread32First
GetCurrentProcess
Process32First
WaitForSingleObject
CreateRemoteThread
OpenProcess
VirtualFreeEx
GetProcAddress
VirtualAllocEx
Process32Next
GetModuleHandleA
CreateToolhelp32Snapshot
CloseHandle
WriteProcessMemory
VirtualProtectEx
VirtualProtect
GetTempFileNameW
CreateFileA
lstrlenA
CreateProcessW
HeapAlloc
CompareFileTime
GetProcessHeap
WriteFile
GetProcessTimes
WideCharToMultiByte
Sleep
TerminateProcess
CreateFileW
lstrcatA
GetTempPathW
GetLastError
lstrcmpiA
Process32FirstW
IsWow64Process
Process32NextW
CreateMutexA
DeleteFileW
CreateThread
lstrcpyA
GetThreadContext
GetFileSize
SetThreadContext
GetNativeSystemInfo
CreateProcessA
ReadFile
MultiByteToWideChar
ResumeThread
HeapReAlloc
HeapFree
GetModuleHandleW
HeapCreate
Thread32Next
FlushInstructionCache
OpenThread
GetCurrentThreadId
GetCurrentProcessId
SuspendThread
VirtualQuery
VirtualFree
VirtualAlloc
GetSystemInfo
EncodePointer
DecodePointer
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EnterCriticalSection
LeaveCriticalSection

Exports

Exports

?ReflectiveLoader@@YA_KXZ

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54b907ef88e1152a442e4781bba49bdc

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

shell32

ntdll

wininet

advapi32

kernel32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 154KB - Virtual size: 163KB

.pdata Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 154KB - Virtual size: 163KB

.pdata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB