429544ba5f364352d62660b5bb11d338b1300617e8f99509e324213b921969a7

Sharing

Copy URL Twitter E-mail

General

Target

429544ba5f364352d62660b5bb11d338b1300617e8f99509e324213b921969a7
Size

1.2MB
MD5

bd20575eb48d948abdfeeadbf2768f08
SHA1

926d6c5198f05568e7066503596f38ba44576033
SHA256

429544ba5f364352d62660b5bb11d338b1300617e8f99509e324213b921969a7
SHA512

df6747b4d8232c2e52c850b5111d77f778156429dade25bb6a6763a2600106cd636ef2ce6e03c2c1b47f3a1c045384e76e26673a4fe425d426fab5dfec5f9caf
SSDEEP

24576:XGtlqzH2ev0FfWbFH95pL9wtFwgAGEpN9Zf1X:XGtlqzt3H95pZwzJA/p7Z1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
429544ba5f364352d62660b5bb11d338b1300617e8f99509e324213b921969a7

Files

429544ba5f364352d62660b5bb11d338b1300617e8f99509e324213b921969a7
.exe windows:6 windows x64 arch:x64

5adb3dd771f3106c28a07d31ecb32413

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\FastCopy\x64\Obj\Release\FastCopy.pdb

Imports

kernel32

CreateDirectoryW
GetFullPathNameW
GetFileAttributesW
GetUserDefaultLCID
DeleteFileW
MoveFileExW
CopyFileW
MoveFileW
ReadFile
GetVolumeInformationW
CancelIo
TlsSetValue
SetLastError
EnterCriticalSection
FindNextFileW
WriteFile
GetDiskFreeSpaceW
SetFileTime
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
FindClose
WaitForSingleObject
CreateFileW
GetCurrentThreadId
SuspendThread
ResumeThread
SetFileAttributesW
Sleep
GetFileInformationByHandle
FormatMessageW
LocalFileTimeToFileTime
GetLastError
FileTimeToSystemTime
GetCurrentThread
TerminateThread
TlsAlloc
CloseHandle
GetLocalTime
GetOverlappedResult
DeleteCriticalSection
SystemTimeToFileTime
TlsGetValue
SystemTimeToTzSpecificLocalTime
TlsFree
CreateEventA
GetTickCount
GetDriveTypeW
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetFileSizeEx
BackupRead
BackupSeek
GetFileTime
BackupWrite
CreateHardLinkW
SetFileValidData
FindFirstFileW
CreateMutexA
ReleaseMutex
GetFileSize
GetSystemTimeAsFileTime
SetDllDirectoryW
SetPriorityClass
GetCommandLineW
SetSystemPowerState
GetCurrentProcess
GetThreadLocale
CreatePipe
DuplicateHandle
GetModuleHandleA
OpenProcess
ProcessIdToSessionId
TzSpecificLocalTimeToSystemTime
GetCurrentProcessId
SetThreadExecutionState
GetSystemTime
GetLongPathNameW
GetFileAttributesExW
CreateProcessW
GetStdHandle
SetConsoleMode
GetConsoleMode
WriteConsoleW
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetProcAddress
FreeLibrary
UnmapViewOfFile
OpenMutexA
CreateFileMappingA
MapViewOfFile
DeviceIoControl
RemoveDirectoryW
FindFirstChangeNotificationW
GetVolumeNameForVolumeMountPointW
FindCloseChangeNotification
FindNextChangeNotification
GetEnvironmentVariableW
HeapSize
GetConsoleOutputCP
SetFilePointerEx
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetCommandLineA
GetOEMCP
VirtualFree
VirtualAlloc
GetModuleFileNameW
SetEvent
GetVersionExA
GetModuleHandleW
GetEnvironmentStringsW
WriteConsoleA
OutputDebugStringA
AttachConsole
OutputDebugStringW
FreeConsole
GetFileType
AllocConsole
SetThreadLocale
FindFirstFileExW
GetSystemDirectoryW
GetExitCodeThread
GlobalAlloc
GlobalFree
LoadLibraryW
GlobalLock
MultiByteToWideChar
WideCharToMultiByte
CreateMutexW
ExitProcess
GetModuleFileNameA
RtlCaptureStackBackTrace
GetModuleHandleExA
RaiseException
K32GetModuleInformation
CreateThread
IsBadReadPtr
SetUnhandledExceptionFilter
SizeofResource
FindResourceA
LockResource
LoadResource
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
LCMapStringEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
HeapAlloc
HeapReAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetACP

oleaut32

SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
VariantInit
SysAllocString
SafeArrayPutElement
SafeArrayCreateVector
VariantClear
SysFreeString

Sections

.text
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5adb3dd771f3106c28a07d31ecb32413

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

Sections

.text Size: 736KB - Virtual size: 735KB

.rdata Size: 243KB - Virtual size: 242KB

.data Size: 21KB - Virtual size: 119KB

.pdata Size: 32KB - Virtual size: 31KB

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 143KB - Virtual size: 142KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 736KB - Virtual size: 735KB

.rdata
Size: 243KB - Virtual size: 242KB

.data
Size: 21KB - Virtual size: 119KB

.pdata
Size: 32KB - Virtual size: 31KB

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 143KB - Virtual size: 142KB

.reloc
Size: 11KB - Virtual size: 10KB