aa1478441fd4bc715338f2fd85b4dc85

Sharing

Copy URL

Twitter E-mail

General

Target

aa1478441fd4bc715338f2fd85b4dc85
Size

719KB
MD5

aa1478441fd4bc715338f2fd85b4dc85
SHA1

32a1d11dab5a9e31f3f9c0bdf20d7aff83a671f4
SHA256

e1e5b0c1a6e6bd88494c11fe5e9db4d3c12d27c2ce909070eadb68f609bddf0b
SHA512

79c1fa2558653a9ca390d736538fec761694a5ab3f26e1cc45df2f94ab6452df5ef68da8e2e7efe9f8df307dee17696a28c202bd81db828e5994abab1217aa33
SSDEEP

12288:kgBtLZA7fsuwp1ZFNi2IEiCBq9TsfcXLnx0/TW5PudT+BZk0wrXfzOd2IBdKWT:kqtLZA7fjEiCBqx6gLoTW5nk0abOkQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa1478441fd4bc715338f2fd85b4dc85

Files

aa1478441fd4bc715338f2fd85b4dc85
.exe windows:6 windows x86 arch:x86

c6acf30f84789525c71169093dcf8e25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\PolyCryptBackend\crypts\45.134.225.26\3316962495\output.pdb

Imports

api-ms-win-core-file-l1-1-0

SetFileAttributesW
FlushFileBuffers
GetDriveTypeW
SetFilePointerEx
GetDiskFreeSpaceExW
CreateDirectoryW
FindFirstFileExW
DeleteFileW
GetFileAttributesW
CreateFileW
FindClose
SetFilePointer
RemoveDirectoryW
WriteFile
FindNextFileW
GetFileType
GetFileSizeEx
FindFirstFileW
ReadFile
GetFileTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW
K32EnumProcesses

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringEx
CompareStringW
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoEx
LCMapStringW
GetLocaleInfoW
EnumSystemLocalesW
IsValidLocale
LCMapStringEx
GetOEMCP
GetACP
IsValidCodePage

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
DeleteCriticalSection

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l2-1-0

LocalFree

user32

LoadCursorW
BeginPaint
MessageBeep
FillRect
DefWindowProcW
RegisterClassW
PostQuitMessage
EndPaint

kernel32

K32EnumProcessModules

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetCurrentProcessId
GetStartupInfoW
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
ExitProcess

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedFlushSList

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetCommandLineW
SetEnvironmentVariableW
GetCommandLineA
GetStdHandle

api-ms-win-core-heap-l1-1-0

HeapSize
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleCtrlHandler
ReadConsoleW
WriteConsoleW
GetConsoleOutputCP

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6acf30f84789525c71169093dcf8e25

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-file-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l2-1-0

user32

kernel32

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-console-l1-1-0

Sections

.text Size: 492KB - Virtual size: 491KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 116KB - Virtual size: 121KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 492KB - Virtual size: 491KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 116KB - Virtual size: 121KB

.reloc
Size: 19KB - Virtual size: 19KB