143b27f27b76d4f907c8cd9629e5ab279c572df656f2aa4beb0a7e414e6490fa[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

143b27f27b76d4f907c8cd9629e5ab279c572df656f2aa4beb0a7e414e6490fa.exe
Size

2.2MB
MD5

77d6cb322c7fe64b341ad0f4783b22ce
SHA1

ff071de7c1c27c757872d43112da5a7b121a2532
SHA256

143b27f27b76d4f907c8cd9629e5ab279c572df656f2aa4beb0a7e414e6490fa
SHA512

2e950b003f0d0a3b97cb4030c5a89d67e05745ebc7154e01db2585f1c5d9d0b9d7a41575b38d03ef66a48214a7b194ee369e034789ad5bcb9aa2ce39159ebbc1
SSDEEP

49152:SZzQqIEjvDQPOnRnmSBn/VSlsBtXHWZ+yge:SYsxy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
143b27f27b76d4f907c8cd9629e5ab279c572df656f2aa4beb0a7e414e6490fa.exe

Files

143b27f27b76d4f907c8cd9629e5ab279c572df656f2aa4beb0a7e414e6490fa.exe
.dll windows:5 windows x64 arch:x64

bd7b5a7518274129e18160da61273650

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

LocalFree
GetProcessHeap
HeapAlloc
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
FreeLibrary
LoadLibraryA
GetProcAddress
RaiseException
LoadLibraryExW
lstrcmpiW
CreateWaitableTimerW
CancelWaitableTimer
GetTickCount64
GetTickCount
SignalObjectAndWait
SetWaitableTimer
WaitForMultipleObjects
GetThreadLocale
SetThreadLocale
WaitForMultipleObjectsEx
CreateMutexW
OpenEventW
InitializeCriticalSection
HeapFree
HeapDestroy
HeapReAlloc
HeapSize
CreateFileW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileA
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
GetConsoleMode
GetConsoleCP
GetStringTypeW
ReadFile
GetStartupInfoW
GetFileType
SetHandleCount
SetFilePointer
ExitProcess
HeapCreate
GetVersion
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
DuplicateHandle
GetCurrentProcess
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
lstrlenA
Sleep
ResetEvent
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
VirtualAlloc
lstrlenW
OutputDebugStringW
CreateEventW
CreateThread
GetLastError
CloseHandle
WaitForSingleObject
SetEvent
FlsAlloc
SetLastError
FlsFree
FlsGetValue
GetStdHandle
WriteFile
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
FlsSetValue
GetCurrentThreadId
ExitThread
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
EncodePointer
DecodePointer
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter

user32

DestroyWindow
PostMessageW
UnregisterClassW
GetClassInfoW
RegisterClassW
CreateWindowExW
RegisterClipboardFormatW
CharNextW
DefWindowProcW
EndDialog

advapi32

RegQueryValueExW
RegCloseKey
RegDeleteKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
RegSetKeySecurity
InitializeSecurityDescriptor
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW

ole32

CoCreateInstance
PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
OleRun
CoUninitialize
CoInitialize
StringFromCLSID

oleaut32

VarUI4FromStr
SysAllocString
GetErrorInfo
VariantClear
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString

shlwapi

SHDeleteKeyW

Exports

Exports

KVQES754JSVF
Charet
OvbJWSFI8%
KGWEGD64

Sections

.text
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd7b5a7518274129e18160da61273650

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 435KB - Virtual size: 435KB

RT_CODE Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 407KB - Virtual size: 407KB

.data Size: 35KB - Virtual size: 48KB

.pdata Size: 42KB - Virtual size: 42KB

.data1 Size: 96KB - Virtual size: 96KB

RT_CONST Size: 1KB - Virtual size: 1KB

RT_DATA Size: 9KB - Virtual size: 9KB

.trace Size: 25KB - Virtual size: 25KB

.rsrc Size: 94KB - Virtual size: 94KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 435KB - Virtual size: 435KB

RT_CODE
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 407KB - Virtual size: 407KB

.data
Size: 35KB - Virtual size: 48KB

.pdata
Size: 42KB - Virtual size: 42KB

.data1
Size: 96KB - Virtual size: 96KB

RT_CONST
Size: 1KB - Virtual size: 1KB

RT_DATA
Size: 9KB - Virtual size: 9KB

.trace
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 94KB - Virtual size: 94KB

.reloc
Size: 29KB - Virtual size: 29KB