935f4a8cad1cc24b6d4e54a016450df3e6575ca6fb9208962307feb965c993a1

Sharing

Copy URL Twitter E-mail

General

Target

935f4a8cad1cc24b6d4e54a016450df3e6575ca6fb9208962307feb965c993a1
Size

33KB
MD5

055b1564eb453eaa175840380c800ad4
SHA1

fd985b559b2553f466b6ae56c82e5793cfa091f7
SHA256

935f4a8cad1cc24b6d4e54a016450df3e6575ca6fb9208962307feb965c993a1
SHA512

ef0d84af891b2b06657285ca2b8f387e497fcb665e37f79e2d7307f447570db4285f5be917993e4e5be8b73b16dab93fca2fcd74eae30f039040f91312edc904
SSDEEP

768:d4EaYVe2GZjOaJaP2QcGuO0oJ8lnnn76zHpmhANxXwILzX:d4Ez020UP2pOx8hWzshaJTnX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
935f4a8cad1cc24b6d4e54a016450df3e6575ca6fb9208962307feb965c993a1

Files

935f4a8cad1cc24b6d4e54a016450df3e6575ca6fb9208962307feb965c993a1
.exe windows x86

732b737a6448e5b4b50f8527d2b10b83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_abnormal_termination
_mbsnbicmp
_mbsnbcmp
wcsncmp
_mbsncmp
_mbslwr
isspace
_mbsnicmp
setlocale
_vsnprintf
_iob
fprintf
_snprintf
_pctype
_ismbcspace
wcscmp
_mbsnextc
memmove
_mbsdec
_mbsicmp
wcsrchr
wcscpy
wcslen
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_mbctoupper
_mbctolower
_mbscpy
_mbslen
_mbscmp
strchr
wcschr
_ismbblead
_mbsinc
_mbsrchr
_wcsnicmp
_mbschr

advapi32

RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA

kernel32

SetFilePointer
SetErrorMode
FindFirstFileA
CreateMutexA
InterlockedIncrement
InterlockedExchange
RaiseException
lstrcpyA
lstrlenA
CloseHandle
ReadFile
CreateFileA
GetFileAttributesA
SetFileAttributesA
GetPrivateProfileStringA
GetWindowsDirectoryA
SetCurrentDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetLastError
WriteFile
WritePrivateProfileStringA
MoveFileA
CopyFileA
DeleteFileA
GetDriveTypeA
GetLogicalDrives
GetSystemDirectoryA
GetProcAddress
GetLastError
LoadLibraryExA
GetCommandLineA
SetCurrentDirectoryA
HeapFree
FreeLibrary
GetModuleFileNameA
GetProcessHeap
DeviceIoControl
Thread32Next
ResumeThread
SuspendThread
Thread32First
CreateToolhelp32Snapshot
GetCurrentThreadId
Sleep
SetThreadPriority
GetCurrentThread
LoadLibraryA
LocalFree
LocalAlloc
GetModuleHandleA
GetStartupInfoA
FindClose
lstrcpynA
IsDBCSLeadByte
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
FindNextFileA
RemoveDirectoryA
GetCurrentDirectoryA
OutputDebugStringA
FormatMessageA
CreateEventA
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
HeapReAlloc
HeapAlloc
ExitProcess
GlobalAlloc
WideCharToMultiByte
GetThreadLocale
SetThreadLocale
CreateProcessA
WaitForMultipleObjects
SetEvent
TerminateProcess
WaitForSingleObject
OpenEventA
OpenFileMappingA

user32

GetKeyboardType
EnumWindows
GetWindowTextA
GetWindowThreadProcessId
wsprintfA
MessageBoxA
CharLowerA
CharLowerW

setupapi

SetupOpenLog
SetupLogErrorA
SetupCloseLog
SetupCloseInfFile
SetupOpenInfFileA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

732b737a6448e5b4b50f8527d2b10b83

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

setupapi

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 1024B - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 4KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 4KB