52fb8c9a77acf319f619f237cda77ef83447a6c96d487970e31959e47d0ee5d8

Sharing

Copy URL

Twitter E-mail

General

Target

52fb8c9a77acf319f619f237cda77ef83447a6c96d487970e31959e47d0ee5d8
Size

2.1MB
MD5

d306ea8dbfa0802ed93eeb5b70048a91
SHA1

ec449a4812f5fc07ff77b2471f6a5e17de52ad2a
SHA256

52fb8c9a77acf319f619f237cda77ef83447a6c96d487970e31959e47d0ee5d8
SHA512

3ed3c56ade008be74fffa795dfd1c5ad36574134ef7d1e1bedd8141c4bed2971cb69e911f5b49d2f765f68db5731b4e37cbd59659245c854be8ddcd67c4f5750
SSDEEP

49152:opelqaMR+ZOI2blF4OSyKhH/iVnCNOI+g5IU6icO:Vq3m2z6h8CN4g++cO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52fb8c9a77acf319f619f237cda77ef83447a6c96d487970e31959e47d0ee5d8

Files

52fb8c9a77acf319f619f237cda77ef83447a6c96d487970e31959e47d0ee5d8
.exe windows:6 windows x64 arch:x64

dba5f4603d66de5d7378751199e5905b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

notifyutils.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

kernel32

GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCommandLineW
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
HeapFree
HeapReAlloc
GetTimeZoneInformationForYear
SwitchToThread
FormatMessageW
CloseHandle
GetCurrentThreadId
GetCurrentProcessId
SetLastError
GetFinalPathNameByHandleW
GetLastError
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
SetHandleInformation
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
GetSystemInfo
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
lstrlenW
CreateMutexA
WideCharToMultiByte
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
FindClose
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateThread
QueryPerformanceCounter
GetSystemTimePreciseAsFileTime
HeapAlloc
GetProcessHeap
DeleteFileW
MoveFileExW
CopyFileExW
PostQueuedCompletionStatus
FreeLibrary
CreateWaitableTimerExW
SetWaitableTimer
RtlUnwindEx
SetFilePointerEx
EncodePointer
RaiseException
GetConsoleOutputCP
FlushFileBuffers
HeapSize
EnterCriticalSection
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
GetCPInfo
GetOEMCP
GetACP
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsValidCodePage
FindNextFileW
TlsAlloc
FindFirstFileExW
TlsGetValue
TlsSetValue
GetCommandLineA
GetModuleHandleExW
ExitProcess
WriteFile
RtlPcToFileHeader
LoadLibraryExW
TlsFree

bcrypt

BCryptGenRandom

advapi32

RegQueryValueExW
SystemFunction036
GetUserNameW
RegOpenKeyExW
RegCloseKey

ws2_32

connect
ioctlsocket
WSASocketW
WSASend
bind
WSAIoctl
WSAStartup
WSACleanup
setsockopt
recv
send
getsockopt
freeaddrinfo
closesocket
getaddrinfo
getsockname
WSAGetLastError
getpeername
shutdown

ntdll

NtWriteFile
RtlGetNtVersionNumbers
NtCreateFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile

oleaut32

SysFreeString
GetErrorInfo
SysStringLen

sqlite3

sqlite3_bind_null
sqlite3_bind_double
sqlite3_initialize
sqlite3_step
sqlite3_column_count
sqlite3_reset
sqlite3_column_name
sqlite3_column_double
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_text
sqlite3_config
sqlite3_column_int64
sqlite3_column_type
sqlite3_finalize
sqlite3_prepare_v2
sqlite3_close
sqlite3_busy_timeout
sqlite3_errmsg
sqlite3_bind_parameter_count
sqlite3_extended_result_codes
sqlite3_open_v2
sqlite3_mutex_free
sqlite3_bind_zeroblob
sqlite3_mutex_alloc
sqlite3_bind_blob
sqlite3_libversion_number
sqlite3_bind_text
sqlite3_bind_int64
sqlite3_threadsafe

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 831KB - Virtual size: 830KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dba5f4603d66de5d7378751199e5905b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

bcrypt

advapi32

ws2_32

ntdll

oleaut32

sqlite3

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 831KB - Virtual size: 830KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 44KB - Virtual size: 44KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 831KB - Virtual size: 830KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 44KB - Virtual size: 44KB

.reloc
Size: 11KB - Virtual size: 10KB