890c0f1302ed2c43e16f9350a9ea9ebd4962af919974218b3ad6baa70bc2a862

Sharing

Copy URL

Twitter E-mail

General

Target

890c0f1302ed2c43e16f9350a9ea9ebd4962af919974218b3ad6baa70bc2a862
Size

564KB
MD5

d9d926c61584f0fb2b1450587f6d997c
SHA1

0cc6f80a83635bdf88bd9a68942c7baf651d1dd1
SHA256

890c0f1302ed2c43e16f9350a9ea9ebd4962af919974218b3ad6baa70bc2a862
SHA512

01eb40781cee4f5a23cf381f6b549561855a6cc60d331909fdcce7a406495fd3cca824947c7cf344f191fdafc46b505a60a82ec3ea153ab78f1684236a777b04
SSDEEP

12288:KGNeZhH03k/WXK9RklFStC2rL+51nc9b+AK7pl2s:jNeX8kOI9aAK7pl2s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
890c0f1302ed2c43e16f9350a9ea9ebd4962af919974218b3ad6baa70bc2a862

Files

890c0f1302ed2c43e16f9350a9ea9ebd4962af919974218b3ad6baa70bc2a862
.exe windows:6 windows x86 arch:x86

e2b9be4e66f2ebaecce03eae281834b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
GetLocalTime
FindNextFileW
GetSystemTime
CloseHandle
WriteConsoleW
SetFilePointerEx
VirtualAllocEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLastError
FindFirstFileA
GetTempPathW
CreateEventA
GetDateFormatA
WaitForSingleObject
CompareFileTime
GetCurrentProcess
SystemTimeToFileTime
FindFirstFileW
GetTempFileNameW
SetStdHandle
GetSystemDefaultLangID
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryW
OutputDebugStringW
SetConsoleCtrlHandler
GetCommandLineA
EncodePointer
DecodePointer
RaiseException
RtlUnwind
HeapFree
HeapAlloc
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CreateSemaphoreW
IsProcessorFeaturePresent
HeapSize
Sleep
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
FreeLibrary
LoadLibraryExW
CreateFileW

user32

GetMenuItemInfoA
GetCursorPos
GetSystemMetrics
GetCaretBlinkTime
GetShellWindow
GetWindowDC
SendMessageA
EnumWindows
PtInRect
GetForegroundWindow
GetMenuItemRect

advapi32

GetLengthSid
ImpersonateAnonymousToken
GetSidLengthRequired
ImpersonateLoggedOnUser
DuplicateToken
GetAclInformation
GetTokenInformation
GetSidSubAuthorityCount
CryptDeriveKey
ConvertStringSidToSidA
GetSidIdentifierAuthority
GetNamedSecurityInfoA

shell32

SHGetFolderLocation

ole32

CoInitialize

wtsapi32

WTSOpenServerA
WTSEnumerateProcessesA
WTSEnumerateSessionsA

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2b9be4e66f2ebaecce03eae281834b9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wtsapi32

Sections

.text Size: 143KB - Virtual size: 143KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 380KB - Virtual size: 379KB

.text
Size: 143KB - Virtual size: 143KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 380KB - Virtual size: 379KB