a997fddc76a6fd38fab1d02ae62ab327c5cc2745d4936f0ada7fb37e34aba233

Sharing

Copy URL Twitter E-mail

General

Target

a997fddc76a6fd38fab1d02ae62ab327c5cc2745d4936f0ada7fb37e34aba233
Size

219KB
MD5

f897fa70cac4f1a22a45d8b472e0cc46
SHA1

22b97c01cbd7edcfbbc77b4310c91a6ceff1c0ea
SHA256

a997fddc76a6fd38fab1d02ae62ab327c5cc2745d4936f0ada7fb37e34aba233
SHA512

fb9cab046e4d58440e81e904486e5e90021185ff6f8b48188eef48d531f36675445d78f365310d5155859dbfd6013d846706d548e9c7cffd60f982b4a2dbcfff
SSDEEP

6144:KC+4ob7g3ebImxgCpHhKcWPLN5G/vVkHizc:KC+4GxDxgCOPLH0NkHiA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a997fddc76a6fd38fab1d02ae62ab327c5cc2745d4936f0ada7fb37e34aba233

Files

a997fddc76a6fd38fab1d02ae62ab327c5cc2745d4936f0ada7fb37e34aba233
.exe windows x86

f300f770b7e2cd79c6bae02a3405eeb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ProcessTrace
CloseTrace
StartTraceA
ControlTraceW
EnableTraceEx2
OpenTraceA
ControlTraceA

shlwapi

PathFindFileNameA

user32

KillTimer
GetWindowThreadProcessId
GetGUIThreadInfo
GetMessageW
DefWindowProcW
PostMessageW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassExW
DispatchMessageW
SetTimer
TranslateMessage

kernel32

GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
SizeofResource
SetConsoleCtrlHandler
HeapFree
GetCurrentProcess
InitializeCriticalSectionEx
HeapSize
MultiByteToWideChar
Sleep
GetLastError
LoadLibraryA
LockResource
HeapReAlloc
CloseHandle
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
FreeLibrary
WritePrivateProfileStringW
EnterCriticalSection
WriteFile
LeaveCriticalSection
InitializeCriticalSection
CreateFileW
OpenProcess
GetPrivateProfileStringW
QueryFullProcessImageNameA
GetCurrentProcessId
WideCharToMultiByte
QueryPerformanceCounter
SetThreadPriority
GetCurrentThread
VerSetConditionMask
VerifyVersionInfoW
GetConsoleOutputCP
WaitForSingleObjectEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
FindFirstFileExW
GetConsoleMode
FlushFileBuffers
GetCurrentThreadId
FindClose
SetFilePointerEx
GetFileSizeEx
RtlUnwind
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetFileType
CompareStringW
LCMapStringW
WriteConsoleW

tdh

TdhGetPropertySize
TdhGetEventInformation

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f300f770b7e2cd79c6bae02a3405eeb0

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

user32

kernel32

tdh

Sections

.text Size: 162KB - Virtual size: 161KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB