fefbad8f1c11e9642d6d8a4e70adb35cb579e0f4869975f8164f2561e7914ea3

Sharing

Copy URL Twitter E-mail

General

Target

fefbad8f1c11e9642d6d8a4e70adb35cb579e0f4869975f8164f2561e7914ea3
Size

2.3MB
MD5

964670e7ebc05cfef1cbf92fcfa2dff5
SHA1

6b55d288a4eeff5958b765dbd51c55dfafe177a2
SHA256

fefbad8f1c11e9642d6d8a4e70adb35cb579e0f4869975f8164f2561e7914ea3
SHA512

745c4d9ee8f685020d3fa3b2fe5f0c881df2dbc7f95a5ae1e1926fb91e26565447ca4981bff10a8c9bfdc1c07564ce81b4248b0a2028235343fd12311472d080
SSDEEP

49152:Ne30jaNf1TWbdz0e30jaNf1TWbdzme30jaNf1TWbdz:NU023WuU023WoU023W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fefbad8f1c11e9642d6d8a4e70adb35cb579e0f4869975f8164f2561e7914ea3

Files

fefbad8f1c11e9642d6d8a4e70adb35cb579e0f4869975f8164f2561e7914ea3
.exe windows:6 windows x64 arch:x64

e324a30faad4376f03ebc5a20675ab47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

aspnet_wp.pdb

Imports

webengine4

InitializeManagedCode
UnInitializeManagedCode
PerfCounterInitialize
XspLogEvent
EtwTraceAspNetRegister
EtwTraceAspNetUnregister
GetGlobalConfigFullPathW
IsManagedDebuggerConnectedIndirect
ReleaseWmiEventManager
GetXSPHeap
DisposeAppDomainsIndirect
GetConfigurationFromNativeCode
MonitorGlobalConfigFile
IsConfigFileName
DrainThreadPool
InitializeLibrary
TraceEnabled
TraceRaiseEvent
GetProcessMemoryInformation
PerfDecrementGlobalCounter
PerfIncrementGlobalCounter
GetAppDomainIndirect
ClrQueueUserWorkItem
AttachHandleToThreadPool
LoadLibraryUsingFullPath

advapi32

CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetThreadToken

kernel32

VirtualProtect
RaiseException
VirtualQuery
GetSystemInfo
TerminateProcess
FreeLibrary
GetVersionExW
LoadLibraryExA
QueryPerformanceCounter
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetProcessAffinityMask
LoadLibraryW
CreateFileW
ReadFile
WriteFile
DebugBreak
CloseHandle
GetHandleInformation
GetLastError
SetNamedPipeHandleState
GetOverlappedResult
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
lstrlenA
lstrlenW
SetEvent
ResetEvent
WaitForSingleObject
OpenEventW
GetCurrentProcess
ExitProcess
SetProcessAffinityMask
SwitchToThread
GetCurrentThreadId
HeapAlloc
HeapFree
GetSystemDirectoryW

vcruntime140_clr0400

memcpy
memset
__C_specific_handler

ucrtbase_clr0400

_crt_atexit
terminate
_register_onexit_function
_initialize_onexit_table
_itow_s
wcstoul
_wtoi
__acrt_iob_func
__stdio_common_vswprintf
__stdio_common_vfprintf
_beginthread
strcmp
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_set_fmode

Exports

Exports

PMAppendLogParameter
PMCallISAPI
PMCloseConnection
PMDoneWithSession
PMEmptyResponse
PMFlushCore
PMGetAdditionalPostedContent
PMGetAllServerVariables
PMGetBasics
PMGetClientCertificate
PMGetCurrentProcessInfo
PMGetHistoryTable
PMGetImpersonationToken
PMGetMemoryLimitInMB
PMGetPreloadedPostedContent
PMGetQueryString
PMGetQueryStringRawBytes
PMGetServerVariable
PMGetStartTimeStamp
PMGetTraceContextId
PMGetVirtualPathToken
PMIsClientConnected
PMMapUrlToPath
PMTraceRaiseEvent
PMWriteBytes
PMWriteHeaders

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e324a30faad4376f03ebc5a20675ab47

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

webengine4

advapi32

kernel32

vcruntime140_clr0400

ucrtbase_clr0400

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2.3MB - Virtual size: 2.3MB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2.3MB - Virtual size: 2.3MB