71c47d36b52988d817938c4f13ba4d014fc12e52a94aacbd516edeaa8baed213

Sharing

Copy URL

Twitter E-mail

General

Target

71c47d36b52988d817938c4f13ba4d014fc12e52a94aacbd516edeaa8baed213
Size

96KB
MD5

828935356a8a7c7b8d99e7d2a591b694
SHA1

d53ab4302c2a102e46d5644dd1c2c2ba875e060d
SHA256

71c47d36b52988d817938c4f13ba4d014fc12e52a94aacbd516edeaa8baed213
SHA512

83a1dbda9fbb32e0e9b45c3ed9c87e7c7c8b5647360aed879ce570622192dd6edadb4d82d4af115a52a8421fc4bcbcfcb26dc1cffcf72bb13b248cc4ddebadcc
SSDEEP

1536:LqZci4yzPgWT/ZtXnso5zT70ISnc4nlBlovle:LqOi4PWTXs6TwISnc4nlBlo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71c47d36b52988d817938c4f13ba4d014fc12e52a94aacbd516edeaa8baed213

Files

71c47d36b52988d817938c4f13ba4d014fc12e52a94aacbd516edeaa8baed213
.exe windows x86

902de9863dcd0a83823ca8b5da46f9b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
WaitForMultipleObjects
LoadLibraryExW
HeapDestroy
FlushFileBuffers
GetOEMCP
FileTimeToLocalFileTime
MultiByteToWideChar
LocalAlloc
HeapFree
CreateEventW
FreeLibrary
ExitProcess
CloseHandle
FreeLibraryAndExitThread
GetCommandLineW
WideCharToMultiByte
GetStdHandle
TlsSetValue
SetEvent
DeleteCriticalSection
InterlockedIncrement
InterlockedExchangeAdd
GetSystemInfo
InitializeCriticalSection
FormatMessageW
FileTimeToSystemTime
SetHandleCount
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
RaiseException
lstrlenA
LeaveCriticalSection
LCMapStringW
TlsGetValue
CreateFileA
GetCurrentProcess
Sleep
ResetEvent
GetFileSize
CreateEventA
GetProcessHeap
GetEnvironmentStringsW
GetEnvironmentStrings
CreateThread
GetFileType
TlsAlloc
GetModuleHandleA
GetTickCount
TryEnterCriticalSection
lstrlenW
ReadFile
GetCurrentProcessId
InterlockedDecrement
GetCommandLineA
CreateMutexA
VirtualAlloc
QueryPerformanceCounter
GetACP
HeapReAlloc
HeapAlloc
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
DecodePointer
WriteFile
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
EncodePointer
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
GetCurrentThread
HeapCreate
GetSystemTimeAsFileTime
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCPInfo
IsValidCodePage
RtlUnwind
HeapSize
GetStringTypeW
IsProcessorFeaturePresent

advapi32

GetLengthSid
RegEnumValueA
RevertToSelf
RegOpenKeyExA
CryptCreateHash
RegEnumKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegEnumValueW
RegSetValueExA
RegCreateKeyExA
RegCreateKeyExW

iphlpapi

CreateIpForwardEntry

scarddlg

ord4

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

902de9863dcd0a83823ca8b5da46f9b5

Headers

File Characteristics

Imports

kernel32

advapi32

iphlpapi

scarddlg

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 8KB