dcd041c3ff34e45a1f902934d10b5644359405a91d9a232d11c09a370a9f162aN

Sharing

Copy URL

Twitter E-mail

General

Target

dcd041c3ff34e45a1f902934d10b5644359405a91d9a232d11c09a370a9f162aN
Size

4.5MB
MD5

f01e8c5774f61abb558ae4b76d712b10
SHA1

0f22575c99cbaf554c4cd65d1b98d7334416bbaa
SHA256

dcd041c3ff34e45a1f902934d10b5644359405a91d9a232d11c09a370a9f162a
SHA512

de856c5bb8802284692f2033c1fe8696f5d9af181d14076b955a8ddd0005f235d64ac97255560235af56bd38710c72ea8348bb9cdda4cb970396885488097ce5
SSDEEP

49152:d/JkKAkpqS+EcCA4VMe72tu4KgtpYsacYn/1CGMadIq51Yuja0FIRBS39oktkfAC:XxWWysCH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcd041c3ff34e45a1f902934d10b5644359405a91d9a232d11c09a370a9f162aN

Files

dcd041c3ff34e45a1f902934d10b5644359405a91d9a232d11c09a370a9f162aN
.exe windows:4 windows x64 arch:x64

31419132d7c994569ec9a2ef2ea53e76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

ntdll

NtWaitForSingleObject

ws2_32

WSAGetOverlappedResult

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateThread
CreateWaitableTimerA
DuplicateHandle
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetEnvironmentStringsW
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatus
GetStdHandle
GetSystemInfo
GetThreadContext
LoadLibraryW
LoadLibraryA
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SuspendThread
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteConsoleW
WriteFile

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 255B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 589KB - Virtual size: 588KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/71
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/87
Size: 512B - Virtual size: 48B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31419132d7c994569ec9a2ef2ea53e76

Headers

File Characteristics

Imports

advapi32

ntdll

ws2_32

kernel32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.data Size: 79KB - Virtual size: 209KB

/4 Size: 512B - Virtual size: 255B

/18 Size: 150KB - Virtual size: 150KB

/30 Size: 149KB - Virtual size: 148KB

/43 Size: 589KB - Virtual size: 588KB

/55 Size: 156KB - Virtual size: 155KB

/71 Size: 54KB - Virtual size: 54KB

/87 Size: 512B - Virtual size: 48B

.idata Size: 1KB - Virtual size: 1KB

.symtab Size: 230KB - Virtual size: 229KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 79KB - Virtual size: 209KB

/4
Size: 512B - Virtual size: 255B

/18
Size: 150KB - Virtual size: 150KB

/30
Size: 149KB - Virtual size: 148KB

/43
Size: 589KB - Virtual size: 588KB

/55
Size: 156KB - Virtual size: 155KB

/71
Size: 54KB - Virtual size: 54KB

/87
Size: 512B - Virtual size: 48B

.idata
Size: 1KB - Virtual size: 1KB

.symtab
Size: 230KB - Virtual size: 229KB