7fb0c52a7b5e96e7ea04dd110ed6a4a66e596df0c510124495b9371eaff2664e

Sharing

Copy URL

Twitter E-mail

General

Target

7fb0c52a7b5e96e7ea04dd110ed6a4a66e596df0c510124495b9371eaff2664e
Size

7.7MB
MD5

dff8ecfa64a8a66beef7172630154886
SHA1

a6e5292cd687ef1e24e6b33dfb94100ee653581f
SHA256

7fb0c52a7b5e96e7ea04dd110ed6a4a66e596df0c510124495b9371eaff2664e
SHA512

16aebda3b069057f2d09a6b97dafcfdc3592c51e156b9b97fa1f6ce1c473012d4d30ddad56f288cc8d90874533a5f96a237570e22e0e976f8fd14028ceedc338
SSDEEP

196608:yf0QEZE0l9zhyvHsMTULD4pWblpJDttO6K1jPl29Ax7MvE4nlL:rt/l91G+D4pQttDmM9AVMc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
7fb0c52a7b5e96e7ea04dd110ed6a4a66e596df0c510124495b9371eaff2664e

Files

7fb0c52a7b5e96e7ea04dd110ed6a4a66e596df0c510124495b9371eaff2664e
.exe windows:6 windows x64 arch:x64

618a13cc3cafa45c03e7ce13be98525f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_aligned_free
_aligned_malloc
_amsg_exit
_assert
_beginthreadex
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_stricmp
_sys_nerr
_unlock
_vscprintf
_vsnprintf
_wcsicmp
_wcsnicmp
abort
calloc
exit
fflush
fprintf
fputc
fputwc
free
fwprintf
fwrite
getenv
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
realloc
signal
strcmp
strerror
strlen
strncmp
tolower
vfprintf
wcscat
wcscpy
wcslen
wcsncmp

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
GetUserNameA

kernel32

AcquireSRWLockExclusive
CloseHandle
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
FlsAlloc
FlsGetValue
FlsSetValue
GetComputerNameA
GetLastError
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
InitOnceExecuteOnce
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
Process32FirstW
Process32NextW
RaiseException
ReleaseSRWLockExclusive
RtlCaptureContext
RtlLookupFunctionEntry
RtlRestoreContext
RtlUnwindEx
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

618a13cc3cafa45c03e7ce13be98525f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

Sections

.text Size: 193KB - Virtual size: 193KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 7.5MB - Virtual size: 7.5MB

.pdata Size: 5KB - Virtual size: 5KB

.00cfg Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 193KB - Virtual size: 193KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 7.5MB - Virtual size: 7.5MB

.pdata
Size: 5KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB