7c270bddafb59b7943dc6c9eda21965578e2ac7455df5a2cf5335e6f0a7debcaN

Sharing

Copy URL

Twitter E-mail

General

Target

7c270bddafb59b7943dc6c9eda21965578e2ac7455df5a2cf5335e6f0a7debcaN
Size

1.6MB
MD5

b9d8c894931f136c138074ce80afc2a0
SHA1

d6a58aa7940e3b7680b28c2539817bb3b410892b
SHA256

7c270bddafb59b7943dc6c9eda21965578e2ac7455df5a2cf5335e6f0a7debca
SHA512

1b6002b34c58601ac44a1d1394506693032cad44ac366a599de3b9c549f5d62b0c8e7053a276c000764c52482be1a56effd4f69d1c9c59d544fb3825777f21e2
SSDEEP

24576:DLILY8Xu/3y8UsG2BgYLicwnk+CHdebUKyZURQ1TgjTV:EYrC8UsGuTwXCHdeQKyZURQ1EjTV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c270bddafb59b7943dc6c9eda21965578e2ac7455df5a2cf5335e6f0a7debcaN

Files

7c270bddafb59b7943dc6c9eda21965578e2ac7455df5a2cf5335e6f0a7debcaN
.exe windows:5 windows x86 arch:x86

e9a18295b3fe00449f587b8a33bc0e3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\MultiLauncher\Release\MultiLauncher.pdb

Imports

kernel32

ReleaseMutex
FreeResource
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
SizeofResource
LockResource
EndUpdateResourceW
BeginUpdateResourceW
UpdateResourceW
ConnectNamedPipe
CreateNamedPipeW
GetLastError
CreateThread
FindFirstFileW
PeekNamedPipe
GetLogicalDriveStringsW
GetModuleFileNameW
FindClose
FindNextFileW
SetFileAttributesW
ExpandEnvironmentStringsW
GetModuleHandleW
WaitForSingleObject
CreateMutexW
DeleteFileW
GetFileAttributesW
CopyFileW
Sleep
MoveFileExW
GetTickCount
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VerSetConditionMask
SleepEx
VerifyVersionInfoA
FormatMessageA
GetProcAddress
WaitForMultipleObjects
GetFileType
GetStdHandle
LoadLibraryA
ExpandEnvironmentStringsA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
GetStringTypeW
GetCurrentThreadId
EncodePointer
DecodePointer
InterlockedExchange
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetSystemTimeAsFileTime
GetCommandLineW
HeapFree
FileTimeToLocalFileTime
FindFirstFileExW
FileTimeToSystemTime
HeapAlloc
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
GetDriveTypeW
ExitThread
SetFilePointerEx
GetFileInformationByHandle
GetCurrentProcessId
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
CreateTimerQueue
CreateTimerQueueTimer
TlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetProcessHeap
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFullPathNameW
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetOEMCP
GetTimeZoneInformation
ReadConsoleW
SetStdHandle
DeleteTimerQueueTimer
GetProcessAffinityMask
SetThreadAffinityMask
OutputDebugStringW
SwitchToThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
SetEvent
CreateEventW
SetThreadPriority
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
LoadLibraryW
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
GetThreadPriority
UnregisterWait
SignalObjectAndWait
ReadFile
SetFilePointer
CloseHandle
CreateFileW
HeapReAlloc
WriteFile

advapi32

CryptEncrypt
CryptGetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptImportKey
CryptCreateHash
CryptHashData
CryptDestroyHash
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW

shell32

SHCreateDirectoryExW
ShellExecuteW

ws2_32

socket
WSAIoctl
getaddrinfo
freeaddrinfo
setsockopt
sendto
accept
listen
ioctlsocket
gethostname
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
recvfrom

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143

Sections

.text
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 818KB - Virtual size: 818KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9a18295b3fe00449f587b8a33bc0e3e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ws2_32

wldap32

Sections

.text Size: 588KB - Virtual size: 587KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 15KB - Virtual size: 32KB

.rsrc Size: 818KB - Virtual size: 818KB

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 588KB - Virtual size: 587KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 15KB - Virtual size: 32KB

.rsrc
Size: 818KB - Virtual size: 818KB

.reloc
Size: 78KB - Virtual size: 78KB