d9ee6772ce7079435ea2c72bceff2d38d899d71437d041d677b788904c0ccded

Sharing

Copy URL Twitter E-mail

General

Target

d9ee6772ce7079435ea2c72bceff2d38d899d71437d041d677b788904c0ccded
Size

2.1MB
MD5

188914bfdf9c58aaa275cc33c1b07ee6
SHA1

6e18acf4df59e05e4892ccc55ae87efbb0dff2ad
SHA256

d9ee6772ce7079435ea2c72bceff2d38d899d71437d041d677b788904c0ccded
SHA512

a733b4feaa18def8ff4b47c7a2c3b50b992481f6ea237a43ba02acde0afc545594c0c24c938caf919c9a17b978918f9e4460e4177d943f8328b02645acc7c104
SSDEEP

49152:08+A6GQniZrDpmATXgqd3fsAdDJ5LFIU4A4nzPlE4T9r5sCan:0bGQAYK95LLeRAuzPO45r+P

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
static1/unpack001/setup_2.6.7.exe	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup_2.6.7.exe

Files

d9ee6772ce7079435ea2c72bceff2d38d899d71437d041d677b788904c0ccded
.zip
setup_2.6.7.exe
.exe windows:6 windows x64 arch:x64

013a29945125ab1215cb2181db4d76d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcessId
GetHandleInformation
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitOnceExecuteOnce
GetTickCount64
GetModuleHandleW
SetFileCompletionNotificationModes
TryEnterCriticalSection
GetCurrentThreadId
WaitForSingleObject
IsDebuggerPresent
SetHandleInformation
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
Sleep
SetEvent
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
VirtualProtectEx
GetCurrentProcess
CreateEventA
GetProcessHeap
HeapFree
WriteConsoleW
HeapSize
SetEndOfFile
OutputDebugStringW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
GetTimeZoneInformation
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
RemoveDirectoryW
DeleteFileW
GetFileAttributesExW
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
CloseHandle
EnumSystemFirmwareTables
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeCriticalSectionEx
SetFileInformationByHandle
GetTempPathW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetLocaleInfoEx
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
ReleaseSemaphore
GetSystemInfo
OpenEventA
ResetEvent
WaitForSingleObjectEx
WaitForMultipleObjectsEx
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
GetModuleHandleA
CreateWaitableTimerA
GetStdHandle
GetFileType
WriteFile
RtlVirtualUnwind
GetEnvironmentVariableW
GetModuleHandleExW
VirtualAlloc
VirtualProtect
VirtualFree
VirtualLock
GetACP
GetExitCodeThread
CreateSemaphoreA
SwitchToFiber
DeleteFiber
CreateFiberEx
GetSystemDirectoryA
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
ConvertFiberToThread
ConvertThreadToFiberEx
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
CreateDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
SetConsoleCtrlHandler
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
GetCurrentThread
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
RtlUnwind

advapi32

CryptDecrypt
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptEnumProvidersW
CryptExportKey
CryptGetUserKey

wininet

HttpQueryInfoW
InternetReadFile
InternetOpenUrlA
InternetOpenW
InternetCloseHandle

crypt32

CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertFreeCertificateContext

ws2_32

inet_addr
freeaddrinfo
getaddrinfo
ntohl
WSAIoctl
ntohs
getpeername
getnameinfo
WSASocketA
WSACleanup
WSAStartup
setsockopt
recvfrom
recv
listen
htons
htonl
sendto
select
gethostbyname
gethostbyaddr
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
WSAGetLastError
WSAPoll
inet_ntoa
getservbyport
getservbyname
WSASetLastError
shutdown
socket
send

iphlpapi

if_indextoname
GetAdaptersAddresses

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 972KB - Virtual size: 971KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

013a29945125ab1215cb2181db4d76d4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

wininet

crypt32

ws2_32

iphlpapi

user32

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 972KB - Virtual size: 971KB

.data Size: 35KB - Virtual size: 52KB

.pdata Size: 206KB - Virtual size: 206KB

.reloc Size: 45KB - Virtual size: 45KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 972KB - Virtual size: 971KB

.data
Size: 35KB - Virtual size: 52KB

.pdata
Size: 206KB - Virtual size: 206KB

.reloc
Size: 45KB - Virtual size: 45KB

.rsrc
Size: 6KB - Virtual size: 5KB