489541a61e66ed36c56d7c7b35ed57129a9febb201efb9156420cbe9d325c9a6[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

489541a61e66ed36c56d7c7b35ed57129a9febb201efb9156420cbe9d325c9a6.exe
Size

1.8MB
MD5

06ba9f3ecacbca2920c8272a7719ca76
SHA1

a22039c0bcfdf41a2c2f6f37aa38e2d77f36f39a
SHA256

489541a61e66ed36c56d7c7b35ed57129a9febb201efb9156420cbe9d325c9a6
SHA512

38ba64295f030a630b0cd2f3db915743cf801d454b50a6cb36653a75384da15658682846c3ea78fe1637b5fb3ecef58a4a39e1fd4bb21cc16e4f226f78d9d27b
SSDEEP

49152:9srSb808eyLlSRqVNPseFyTJ1CLXuzYYjc8F4HcDsYfPFGMSugRP:KL1PYTI9Hco

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
489541a61e66ed36c56d7c7b35ed57129a9febb201efb9156420cbe9d325c9a6.exe

Files

489541a61e66ed36c56d7c7b35ed57129a9febb201efb9156420cbe9d325c9a6.exe
.dll windows:5 windows x64 arch:x64

4c742add1ee95846d67a2caf1e29e01d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Imports

ntdll

ZwCreateKey
ZwQueryKey
RtlOpenCurrentUser
ZwQueryValueKey
RtlReAllocateHeap
RtlInitAnsiString
LdrGetDllHandle
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
ZwQueryVirtualMemory
RtlGetCurrentDirectory_U
ZwQuerySystemInformation
RtlFreeHeap
RtlAllocateHeap
RtlGetNativeSystemInformation
RtlInitUnicodeString
ZwReadVirtualMemory
LdrLoadDll
LdrUnloadDll
LdrGetProcedureAddress
RtlUpcaseUnicodeChar
ZwResumeThread
ZwDelayExecution
ZwTerminateProcess
RtlCreateUserThread
ZwQueryInformationProcess
CsrClientCallServer
RtlExitUserThread
ZwTerminateThread
ZwResetEvent
ZwSetEvent
ZwCreateEvent
ZwWaitForSingleObject
ZwOpenKey
ZwOpenProcess
ZwOpenProcessToken
RtlCopySid
ZwQueryInformationToken
RtlGetFullPathName_U
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlxOemStringToUnicodeSize
RtlOemStringToUnicodeString
NlsMbOemCodePageTag
RtlxAnsiStringToUnicodeSize
RtlUpcaseUnicodeString
NlsMbCodePageTag
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
RtlNtStatusToDosError
ZwCreateFile
ZwDeviceIoControlFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ZwClose

kernel32

GetEnvironmentVariableW
GlobalMemoryStatusEx
UnlockFileEx
GetFileSizeEx
VirtualFree
VirtualAlloc
GetProcessAffinityMask
CreateFileW
GetSystemDirectoryW
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcess
GetCurrentProcessId
GetVersionExW
GetSystemInfo
InitializeCriticalSectionEx
FreeLibrary
ReadFile
GetWindowsDirectoryW
LockFileEx
CompareStringW
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetSystemTimeAsFileTime
TerminateProcess
InitOnceBeginInitialize
InitOnceComplete
GetCurrentThreadId
MultiByteToWideChar
RaiseException
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleW
CloseHandle
GetLastError
CreateEventW
SetEvent
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
SetLastError
GetLongPathNameW

rpcrt4

RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall3
RpcBindingFree

advapi32

AddAce
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW

Exports

Exports

Editor
on_avast_dll_unload

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c742add1ee95846d67a2caf1e29e01d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

rpcrt4

advapi32

shell32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 400KB - Virtual size: 399KB

.data Size: 16KB - Virtual size: 28KB

.pdata Size: 59KB - Virtual size: 58KB

.rsrc Size: 82KB - Virtual size: 81KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 400KB - Virtual size: 399KB

.data
Size: 16KB - Virtual size: 28KB

.pdata
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 82KB - Virtual size: 81KB

.reloc
Size: 8KB - Virtual size: 7KB