21bdf23dd4d7f4aad9555025f7ec2a30fd4a699d1a82380905d644346b57eed3

General

Target

21bdf23dd4d7f4aad9555025f7ec2a30fd4a699d1a82380905d644346b57eed3
Size

2.3MB
MD5

403c997b66b1bb07e17f93f227a94d31
SHA1

eb96cf952e38f9b362813a75f59919c5bdfd3597
SHA256

21bdf23dd4d7f4aad9555025f7ec2a30fd4a699d1a82380905d644346b57eed3
SHA512

a6a81fb42f008465d378a3580787abb3ea1085c8104962f3e0134c4e33057e05e4e7838bc4eb1d33bb529533b15e8210fa96385c5c8e88eece963a33f9011cbb
SSDEEP

49152:2iEYt6T2/dyvF6YDwteyMbXd6oZkjv1Fca:2aW2/+d4ot6njv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21bdf23dd4d7f4aad9555025f7ec2a30fd4a699d1a82380905d644346b57eed3

Files

21bdf23dd4d7f4aad9555025f7ec2a30fd4a699d1a82380905d644346b57eed3
.exe windows x86

ea25121530e16e4bcbf0382ba2fd05da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
OpenProcess
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceA
VirtualProtectEx
FreeLibrary
VirtualProtect
FindFirstFileA
GetSystemInfo
IsBadReadPtr
GetVersion
GetVersionExA
WaitForSingleObject
CreateProcessA
WriteFile
GetTempPathA
lstrlenA
FindClose
CreateFileA
GetFileSize
SetFilePointer
ReadFile
CloseHandle
VirtualAlloc
GetModuleFileNameA
lstrcpynA
GetModuleHandleA
LoadLibraryA
GetProcAddress
VirtualFree
GetLocalTime
GetCurrentProcessId
lstrcpyA
GetCurrentProcess
QueryPerformanceCounter
GlobalMemoryStatus
GetStdHandle
GetFileType
GetCurrentThreadId
GetSystemDirectoryA
LoadLibraryExA
GetLastError
GlobalAlloc
LocalLock
GlobalUnlock
LocalFree
lstrcatA
DeviceIoControl
CreateSemaphoreA
ReleaseSemaphore

user32

GetProcessWindowStation
GetUserObjectInformationW
LoadCursorA
SetCursor
MessageBoxA
wsprintfA
GetDesktopWindow

msvcrt

realloc
memchr
fwrite
fflush
_setmode
ftell
fseek
fgets
abort
wcsstr
_vsnprintf
vfprintf
_iob
qsort
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_isctype
__mb_cur_max
_pctype
calloc
fputc
exit
_strnicmp
_ltoa
fprintf
fopen
fread
fclose
malloc
free
strlen
memmove
strcmp
srand
rand
memcmp
strrchr
??3@YAXPAX@Z
memcpy
??2@YAPAXI@Z
memset
mktime
time
localtime
fgetc
_fileno

advapi32

RegCloseKey
RegEnumKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExA

Sections

.text
Size: 660KB - Virtual size: 658KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea25121530e16e4bcbf0382ba2fd05da

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

advapi32

Sections

.text Size: 660KB - Virtual size: 658KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.text
Size: 660KB - Virtual size: 658KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB