ab2703bb67f20deb98a211037daf645c6f85365ece2cde594dcae67d6fc1f28f

Sharing

Copy URL Twitter E-mail

General

Target

ab2703bb67f20deb98a211037daf645c6f85365ece2cde594dcae67d6fc1f28f
Size

204KB
MD5

3ce6247154b385f6c0e47d4cd895b56a
SHA1

7cbcade230a51076b9cc0a1b9230738cc67d3940
SHA256

ab2703bb67f20deb98a211037daf645c6f85365ece2cde594dcae67d6fc1f28f
SHA512

b38ed3c5514108c228648249e2ce8becf0fb256fee6af71b64d35c4e964e8caf9a0f47ef15c117ca306959c6f841cab172ef131159ab015adc2e5d750be23a03
SSDEEP

3072:GTNCr4mFNHew2SNLelUpL+LPgFAvu+gERN5Vq5cwj4pvfMRTT7fCp:wNetF72SN2UpLkPvu+gEhF+4O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab2703bb67f20deb98a211037daf645c6f85365ece2cde594dcae67d6fc1f28f

Files

ab2703bb67f20deb98a211037daf645c6f85365ece2cde594dcae67d6fc1f28f
.exe windows x86

54e1efae77873c4591d17122f8ca0bf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
ReadFile
CloseHandle
WriteFile
GetModuleHandleW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
DeleteCriticalSection
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
CreateFileW
GetModuleFileNameW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetCurrentProcessId
DeleteFileW
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
MultiByteToWideChar
SetLastError
GetCurrentThreadId
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
HeapAlloc
HeapFree
WaitForSingleObject
GetProcessHeap
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
GetStartupInfoW
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapCreate
Sleep
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
RaiseException
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
ExitProcess

shlwapi

PathAppendW
PathFileExistsW
StrStrIW

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54e1efae77873c4591d17122f8ca0bf5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

advapi32

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 17KB - Virtual size: 17KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 7KB - Virtual size: 7KB