e7eeb8aa0b7f98d17644d650b9b6e05bf816e6779f391edef6e6dabb0e87021b

Sharing

Copy URL Twitter E-mail

General

Target

e7eeb8aa0b7f98d17644d650b9b6e05bf816e6779f391edef6e6dabb0e87021b
Size

2.1MB
MD5

26ad42b337315457974f1c7f0270fafa
SHA1

236e43bb344527f72a300ede2626033bd5bfbf99
SHA256

e7eeb8aa0b7f98d17644d650b9b6e05bf816e6779f391edef6e6dabb0e87021b
SHA512

e738aefabb1628b9a269fc71612339e4c8d881d7ba24bffe6353235c7dd76f34cfcfdc61931830535e00ceda885d2f526ba781fbddc8a5fe63c54ad738d70055
SSDEEP

24576:DG31JhgGnRCLeQjzOZuTv+GBrxWI42+e5VVZ80nUwIqbGUfCQjuMpzo:DGvRE/OZuTl+IhPuQVo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7eeb8aa0b7f98d17644d650b9b6e05bf816e6779f391edef6e6dabb0e87021b

Files

e7eeb8aa0b7f98d17644d650b9b6e05bf816e6779f391edef6e6dabb0e87021b
.exe windows:6 windows x64 arch:x64

cfbded53da38ef8ef783ed7195b0f36a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

platform

?GetPlatform@@YAAEAVIPlatform@@XZ

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetShortPathNameA
OutputDebugStringA
VerifyVersionInfoW
FormatMessageW
LocalFree
ExitProcess
GetLastError
RaiseException
CreateFileW
VerSetConditionMask
GetEnvironmentVariableA
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
Sleep
SetEnvironmentVariableW
SetStdHandle
SetEndOfFile
VirtualQuery
GetACP
GetSystemTimeAsFileTime
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GetCurrentThreadId
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
GetModuleHandleExW
HeapAlloc
HeapSize
HeapValidate
GetSystemInfo
GetStdHandle
GetFileType
WriteConsoleW
WriteFile
GetCommandLineA
GetCommandLineW
GetCurrentThread
OutputDebugStringW
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapFree
HeapReAlloc
HeapQueryInformation

user32

wsprintfW
MessageBoxW

advapi32

RegSaveKeyA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyA
RegCloseKey

shell32

ord680
ShellExecuteA

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitializeSecurity

oleaut32

SetErrorInfo
SysAllocString
VariantInit
GetErrorInfo
SysFreeString
VariantClear
VariantChangeType
CreateErrorInfo

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rbdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfbded53da38ef8ef783ed7195b0f36a

Headers

DLL Characteristics

File Characteristics

Imports

platform

netapi32

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 444KB - Virtual size: 444KB

.data Size: 19KB - Virtual size: 92KB

.pdata Size: 83KB - Virtual size: 82KB

.msvcjmc Size: 512B - Virtual size: 446B

.gehcont Size: 512B - Virtual size: 36B

.rsrc Size: 1024B - Virtual size: 592B

.reloc Size: 6KB - Virtual size: 5KB

.rbdata Size: 80KB - Virtual size: 80KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 444KB - Virtual size: 444KB

.data
Size: 19KB - Virtual size: 92KB

.pdata
Size: 83KB - Virtual size: 82KB

.msvcjmc
Size: 512B - Virtual size: 446B

.gehcont
Size: 512B - Virtual size: 36B

.rsrc
Size: 1024B - Virtual size: 592B

.reloc
Size: 6KB - Virtual size: 5KB

.rbdata
Size: 80KB - Virtual size: 80KB