53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457_unpacked_x64

Resubmissions

27-10-2024 23:16

241027-29bqyavhpn 10

27-10-2022 04:16

221027-ev9m4aaefr 10

Sharing

Copy URL

Twitter E-mail

General

Target

53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457_unpacked_x64
Size

425KB
MD5

66ee921fdc602765a15fcd3589e1947d
SHA1

2cfe29609017b8b0b52e75f06219bac0221dbe5d
SHA256

f54b56916010c5563634bfcad6b9e3f9855e5fcd48d96c1872510ecd6dadf3a7
SHA512

d25d610f850f0e5ee77826dc2f876c21aeaf3ad0d4c5d406b6e130c7c442a07384223a3646ddf77dc52f8a8a7b3ef6f50902302c36bd98b3d3c9c8f82673a9ad
SSDEEP

6144:9I34yb5apnrPnPQgY1INa6shJYP62aHYoa4AhdNorGvHdbi09GJwhO:9IIyNIr0ml2JY/aHYo7AHhly

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457_unpacked_x64

Files

53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457_unpacked_x64
.dll windows:4 windows x64 arch:x64

a70ceb19dcecfe96ba384e8ae70efcb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\isfb3\x64\Release\client.pdb

Imports

ntdll

ZwOpenProcess
ZwQueryInformationToken
ZwClose
NtUnmapViewOfSection
NtMapViewOfSection
NtCreateSection
RtlRandomEx
NtQuerySystemInformation
RtlNtStatusToDosError
ZwQueryInformationProcess
memcmp
_strupr
_wcsupr
memmove
bsearch
_vsnwprintf
_strlwr
atoi
strstr
wcscpy
RtlFreeUnicodeString
ZwQueryKey
RtlUpcaseUnicodeString
sprintf
_snprintf
memset
RtlAdjustPrivilege
mbstowcs
strcpy
memcpy
RtlImageDirectoryEntryToData
RtlImageNtHeader
ZwOpenProcessToken
__C_specific_handler
__chkstk

kernel32

VirtualQueryEx
CreateRemoteThread
GetModuleFileNameW
FileTimeToSystemTime
GetLocalTime
OpenProcess
GetVersion
ExitThread
GetTempFileNameA
VirtualProtect
VirtualFree
GetSystemInfo
DeleteCriticalSection
CloseHandle
CreateFileMappingA
WriteProcessMemory
CreateFileA
lstrcmpA
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
lstrcmpiA
GetModuleHandleA
Sleep
LoadLibraryA
GetCurrentProcess
GlobalUnlock
HeapAlloc
lstrcpyA
GlobalLock
lstrlenA
WriteFile
CreateDirectoryA
GetLastError
HeapFree
RemoveDirectoryA
DeleteFileA
lstrcatA
GetTickCount
HeapDestroy
HeapCreate
SetEvent
HeapReAlloc
FindFirstFileW
LocalFree
WaitForMultipleObjects
SuspendThread
TerminateProcess
ResumeThread
lstrcpyW
FindClose
CreateThread
ResetEvent
SwitchToThread
lstrcatW
FindNextFileW
CreateProcessW
CopyFileW
SetWaitableTimer
LocalAlloc
GetCurrentThreadId
GetCurrentThread
lstrlenW
CreateEventA
GetSystemTimeAsFileTime
GetWindowsDirectoryA
DeleteFileW
CreateDirectoryW
GetTempPathA
CreateFileW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetFileAttributesW
GetFileSize
GetComputerNameA
EnterCriticalSection
CreateMutexA
OpenWaitableTimerA
OpenMutexA
GetVolumeInformationA
WaitForSingleObject
ReleaseMutex
GetComputerNameW
LeaveCriticalSection
SetLastError
InitializeCriticalSection
LoadLibraryExW
GetProcAddress
GetFileAttributesA
OpenFileMappingA
GetExitCodeProcess
VirtualAlloc
GetDriveTypeW
GetLogicalDriveStringsW
lstrcpynA
LocalReAlloc
TlsAlloc
TlsGetValue
TlsSetValue
FreeLibrary
LoadLibraryW
GetVersionExW
ReadFile
SetFilePointer
Thread32First
QueueUserAPC
CreateToolhelp32Snapshot
OpenThread
GetCurrentProcessId
Thread32Next
FindFirstFileA
FindNextFileA
ConnectNamedPipe
GetOverlappedResult
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
GetSystemTime
WaitNamedPipeA
SetEndOfFile
GetFileTime
ExitProcess
AddVectoredExceptionHandler
CompareFileTime
GetTempPathW
OpenEventA
RemoveVectoredExceptionHandler
RemoveDirectoryW
SleepEx
lstrcmpiW
RaiseException
Process32FirstW
Process32NextW
ExpandEnvironmentStringsA
QueueUserWorkItem
FileTimeToLocalFileTime
CreateWaitableTimerA
CreateProcessA
VirtualProtectEx

avifil32

AVIFileExit
AVIMakeCompressedStream
AVIStreamRelease
AVIFileRelease
AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileInit

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a70ceb19dcecfe96ba384e8ae70efcb7

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

avifil32

Sections

.text Size: 225KB - Virtual size: 224KB

.rdata Size: 167KB - Virtual size: 166KB

.data Size: 17KB - Virtual size: 19KB

.pdata Size: 6KB - Virtual size: 6KB

.bss Size: 6KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 225KB - Virtual size: 224KB

.rdata
Size: 167KB - Virtual size: 166KB

.data
Size: 17KB - Virtual size: 19KB

.pdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 2KB