1c0e20426db5e106ec925660cc6af322cec0358566ef318835fe6b279b1f1ebb

Sharing

Copy URL Twitter E-mail

General

Target

1c0e20426db5e106ec925660cc6af322cec0358566ef318835fe6b279b1f1ebb
Size

6.8MB
MD5

dbc2bf9cda1f11971bc4d6afeb6cfa65
SHA1

e9fdd65bd03e6b1c465af9d9ebc6593185f24ca7
SHA256

1c0e20426db5e106ec925660cc6af322cec0358566ef318835fe6b279b1f1ebb
SHA512

cb8f277e706e5fd98cffa077c2ff9668e31a74579e809f700411dba835c0cb0541e1e1a84d1561b63afa9ad87a19af53028ba7eda1d9af496aa2825fe5520231
SSDEEP

49152:E8+EDUtKhmNOzl8fv9TxhCRPXBZCMKOWAbfee5RN9Dhz9/DGVbyv4TIAUJJkCATK:3IOsxhjxa20yi35KC3TOYmQJ9A4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c0e20426db5e106ec925660cc6af322cec0358566ef318835fe6b279b1f1ebb

Files

1c0e20426db5e106ec925660cc6af322cec0358566ef318835fe6b279b1f1ebb
.exe windows:5 windows x64 arch:x64

ddb2db07464ae670f1ebcbda0700891a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

AcceptSecurityContext
InitializeSecurityContextW
AcquireCredentialsHandleA
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
QueryContextAttributesW
DecryptMessage
FreeContextBuffer
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

HeapAlloc
GetProcessHeap
MoveFileExW
SetCurrentDirectoryW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
ReadProcessMemory
VirtualQueryEx
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetLogicalDriveStringsW
GetComputerNameExW
FreeLibrary
OpenProcess
IsWow64Process
AreFileApisANSI
RaiseException
HeapSize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateWaitableTimerW
GetCurrentThreadId
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
CreateThread
LoadLibraryW
CompareStringW
GetStringTypeW
WideCharToMultiByte
LCMapStringW
CreateNamedPipeW
ReadFile
CancelIo
CreateEventW
GetOverlappedResult
WaitForMultipleObjects
SetFilePointerEx
GetConsoleOutputCP
FlushFileBuffers
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
SetStdHandle
SetEnvironmentVariableW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCommandLineA
GetModuleHandleExW
WriteFile
RtlPcToFileHeader
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
EncodePointer
RtlUnwindEx
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
ReadFileEx
DuplicateHandle
GetFileAttributesW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
FreeEnvironmentStringsW
WriteFileEx
SetHandleInformation
FindClose
FindFirstFileW
CreateDirectoryW
FindNextFileW
GetFullPathNameW
GetFileInformationByHandle
CreateFileW
GetCommandLineW
GetModuleFileNameW
GetEnvironmentStringsW
GetEnvironmentVariableW
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
ReleaseMutex
CreateMutexA
GetCurrentProcessId
lstrlenW
GetCurrentProcess
LoadLibraryA
WaitForSingleObjectEx
GetCurrentDirectoryW
FormatMessageW
GetModuleHandleW
QueryPerformanceFrequency
SetWaitableTimer
WriteConsoleW
MultiByteToWideChar
GetConsoleMode
GetStdHandle
SetLastError
LocalFree
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
WaitForSingleObject
GetSystemInfo
GetNativeSystemInfo
GetProcAddress
GetModuleHandleA
CopyFileExW
DeleteFileW
GetLastError
ProcessIdToSessionId
CloseHandle
SwitchToThread
HeapReAlloc
HeapFree

iphlpapi

GetExtendedUdpTable
GetExtendedTcpTable

advapi32

SystemFunction036
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
OpenProcessToken
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
LookupAccountSidW

crypt32

CertDuplicateStore
CertGetCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertOpenStore
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChain

netapi32

NetUserEnum
NetUserGetInfo
NetApiBufferFree

ws2_32

freeaddrinfo
getaddrinfo
WSADuplicateSocketW
send
WSASocketW
WSACleanup
connect
WSAGetLastError
bind
ioctlsocket
getsockopt
setsockopt
closesocket
WSAStartup
recv
WSARecv
WSASend
select
getpeername
getsockname

user32

GetSystemMetrics

pdh

PdhOpenQueryA
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhAddCounterW

oleaut32

GetErrorInfo
SysFreeString
SysStringLen

shell32

SHGetFolderPathW

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 797KB - Virtual size: 803KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddb2db07464ae670f1ebcbda0700891a

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

iphlpapi

advapi32

crypt32

netapi32

ws2_32

user32

pdh

oleaut32

shell32

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 465KB - Virtual size: 465KB

.data Size: 797KB - Virtual size: 803KB

.pdata Size: 46KB - Virtual size: 45KB

.reloc Size: 207KB - Virtual size: 207KB

.rsrc Size: 151KB - Virtual size: 150KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 465KB - Virtual size: 465KB

.data
Size: 797KB - Virtual size: 803KB

.pdata
Size: 46KB - Virtual size: 45KB

.reloc
Size: 207KB - Virtual size: 207KB

.rsrc
Size: 151KB - Virtual size: 150KB