da0441e5e68ab6514501990802bc8ea618469af3e158672bc0786e8613724c72

Sharing

Copy URL

Twitter E-mail

General

Target

da0441e5e68ab6514501990802bc8ea618469af3e158672bc0786e8613724c72
Size

729KB
MD5

d48435518e4c82805946f25cc3bde2cd
SHA1

8e8b6dbe6f6208a01dcbdadae45d1748090126df
SHA256

da0441e5e68ab6514501990802bc8ea618469af3e158672bc0786e8613724c72
SHA512

8e87f4bb00047e1617c48aa6e976155d1f7b496feeec392b9ede35ddf7dbb9847a70ac5c748ba3c10ded6bd45e6f35e6889a88ee13c391b1084a7709aca5dcb1
SSDEEP

12288:K5BpenLavUdRXJMWIYd5mSi8DYTW7KPppeViTBM93p9VEYjros8:K5BpenLDJMqmGDYTb8gTB89VEYjros8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da0441e5e68ab6514501990802bc8ea618469af3e158672bc0786e8613724c72

Files

da0441e5e68ab6514501990802bc8ea618469af3e158672bc0786e8613724c72
.exe windows x86

f57d39997144e41a01e3577caef20359

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetModuleFileNameW
GetProcAddress
LocalFree
CreateProcessW
lstrcmpiW
CloseHandle
GetCurrentProcessId
FindFirstFileW
FindClose
GetModuleHandleW
GetFileAttributesW
ExpandEnvironmentStringsW
CreateMutexW
WaitForSingleObject
Sleep
GetLastError
ReleaseMutex
CreateFileW
GetLongPathNameW
GetFileAttributesExW
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
GetVersionExW
GetCurrentThreadId
GetCurrentProcess
QueryDosDeviceW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrlenW
FreeLibrary
GetFileSizeEx
DeleteFileW
GetFullPathNameW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
GetTempPathW
MoveFileW
RemoveDirectoryW
GetWindowsDirectoryW
SetFileAttributesW
FindNextFileW
FindResourceW
LoadResource
LockResource
GetLogicalDriveStringsW
GetExitCodeProcess
WaitForMultipleObjects
GetTickCount
FormatMessageW
GetACP
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
SetEvent
ResetEvent
CreateEventW
InterlockedExchangeAdd
InterlockedExchange
WideCharToMultiByte
MultiByteToWideChar
SetLastError
LoadLibraryExW
FlushFileBuffers
OutputDebugStringW
GetCommandLineW
SetStdHandle
WriteConsoleW
GlobalMemoryStatusEx
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
EncodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

Sections

.text
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f57d39997144e41a01e3577caef20359

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 568KB - Virtual size: 568KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 568KB - Virtual size: 568KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 26KB - Virtual size: 25KB