pyi-archive_viewer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pyi-archive_viewer.exe
Size

105KB
MD5

8bcadd4183a17763ecab17f89eab5303
SHA1

af30511e335d97d6b517b2eed878b174a507bcf8
SHA256

b60235cee2f40cd4a524fb1997e388d371849f31f2f2d02b62ded2486133ac36
SHA512

c595382cd03cd645f482f439d1ae09d4991a5a172ded8837801e0c4cdaf587971420c72c3e01d857d4dfa24a1bbd85b6327db1675185885b2436ee4a8fc606fe
SSDEEP

1536:1966Spw1RSGXwStXQR1mTqZh52bAGXHnDtCdGgYluexaNSxFfHYTo+G47A:j8wDSRUT0kbAYn2GgYlBYN2fHYTo+p7A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pyi-archive_viewer.exe

Files

pyi-archive_viewer.exe
.exe windows x64

c51d659b4b1142d4af3795d09f1d63f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
GetCommandLineW
SearchPathW
SetInformationJobObject
CreateProcessW
SetHandleInformation
WaitForSingleObjectEx
AssignProcessToJobObject
FormatMessageW
GetExitCodeProcess
GetModuleFileNameW
QueryInformationJobObject
MultiByteToWideChar
GetStartupInfoW
GetTempPathW
CreateJobObjectA
GetStdHandle
GetLastError
SetStdHandle
GetFileType
SetConsoleCtrlHandler
SetCurrentDirectoryW
CloseHandle
HeapSize
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableW
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
GetCommandLineA
RtlUnwindEx
HeapSetInformation
GetVersion
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetProcAddress
GetModuleHandleW
WriteFile
SetHandleCount
DeleteCriticalSection
Sleep
LCMapStringW
ReadFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
LoadLibraryW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CompareStringW
WriteConsoleW

shlwapi

StrStrIW
PathRemoveFileSpecW
PathCombineW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c51d659b4b1142d4af3795d09f1d63f7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 16KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 16KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 1024B - Virtual size: 852B