bb7f29b12b3ff9d3dfbd4e4ce27135cc16fd770fd3e5a692a5275835fd29110c

Sharing

Copy URL

Twitter E-mail

General

Target

bb7f29b12b3ff9d3dfbd4e4ce27135cc16fd770fd3e5a692a5275835fd29110c
Size

5.7MB
MD5

f1d27d4f6aab751ebb6a539940fbef81
SHA1

b0d2dff6ebf2f717496191ad28038f91ce2e9116
SHA256

bb7f29b12b3ff9d3dfbd4e4ce27135cc16fd770fd3e5a692a5275835fd29110c
SHA512

3c136fcebc809fa6475cd5f01ce79bea80522ef95e7847e6f40725d983be75743a7f736419ad96af58fe119e36e1a29068921f592185a73cddd47622df71b19f
SSDEEP

49152:62jxRhnRGzeuD1PMgY5L7uvqOOVGpmC6UgKxCAUgyO3fr3+kT/R1nF3KdL/6bl0d:6MiDWbV8ZKdEoWg0lwGrHh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb7f29b12b3ff9d3dfbd4e4ce27135cc16fd770fd3e5a692a5275835fd29110c

Files

bb7f29b12b3ff9d3dfbd4e4ce27135cc16fd770fd3e5a692a5275835fd29110c
.exe windows:6 windows x64 arch:x64

01f17ba400a7a1f17ff7fc0abfaec37c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tonvalir_desktop.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
RtlCaptureContext
NtReadFile
RtlVirtualUnwind
RtlLookupFunctionEntry

ws2_32

WSASocketW
bind
ioctlsocket
listen
accept
getsockname
getpeername
shutdown
send
WSASend
setsockopt
closesocket
WSAStartup
WSACleanup
recv
WSAIoctl
freeaddrinfo
WSAGetLastError
getaddrinfo

kernel32

DuplicateHandle
GetCurrentProcess
GetTimeZoneInformationForYear
lstrlenW
OpenProcess
CloseHandle
UnhandledExceptionFilter
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetFileCompletionNotificationModes
SetConsoleCtrlHandler
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObject
QueryPerformanceCounter
GetSystemInfo
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
Sleep
SetFileInformationByHandle
SetFilePointerEx
SetHandleInformation
GetStdHandle
GetCurrentProcessId
WriteFileEx
SleepEx
TerminateProcess
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapFree
CreateMutexA
HeapReAlloc
ReleaseMutex
GetProcessHeap
HeapAlloc
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
CopyFileExW
GetConsoleMode
LoadLibraryA
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
CreateThread
GetCurrentThread
GetFullPathNameW
GetTempPathW
WaitForSingleObjectEx

user32

PostMessageW
IsWindow
CallNextHookEx
EnumWindows
GetSystemMetrics
LoadCursorW
RegisterClassExW
CreateWindowExW
ShowWindow
UpdateWindow
SetParent
SetWindowPos
GetWindowLongPtrW
SetWindowLongPtrW
SetLayeredWindowAttributes
SetWindowsHookExW
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetClassNameW
GetWindowThreadProcessId
SendMessageW
DefWindowProcW
PostQuitMessage
GetParent

gdi32

CreateSolidBrush

psapi

GetModuleFileNameExW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

vcruntime140

__current_exception_context
memset
__C_specific_handler
__current_exception
memcmp
memmove
__CxxFrameHandler3
memcpy
_CxxThrowException

api-ms-win-crt-math-l1-1-0

log
pow
__setusermatherr

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_crt_atexit
__p___argc
_seh_filter_exe
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
__p___argv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01f17ba400a7a1f17ff7fc0abfaec37c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ntdll

ws2_32

kernel32

user32

gdi32

psapi

shell32

ole32

bcrypt

advapi32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 10KB - Virtual size: 12KB

.pdata Size: 176KB - Virtual size: 175KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 10KB - Virtual size: 12KB

.pdata
Size: 176KB - Virtual size: 175KB

.reloc
Size: 41KB - Virtual size: 41KB