540dbd9bbfc1d3913385470f235c53cd0e2a18d5dfa2f554196db8239b81b19f

General

Target

540dbd9bbfc1d3913385470f235c53cd0e2a18d5dfa2f554196db8239b81b19f
Size

16KB
MD5

59149d0412bb632f759abaafc4d0da1a
SHA1

700237caf58079b3bb969602bf735d1adb30562e
SHA256

540dbd9bbfc1d3913385470f235c53cd0e2a18d5dfa2f554196db8239b81b19f
SHA512

20cc58da331d9ba799ec6840959d98d940e9428b757166d79617c6bf90a8f7f6b4d2558dd9004bc15034bd45ab20a33a60d7f6850c93623f7586bba5e9163730
SSDEEP

384:D7aNX99ijx7Yp70kHBGmx5ZjQCowYMI0sRWOhsn2albzUz4ZGB:6xPijx7fkH0mxRZQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
540dbd9bbfc1d3913385470f235c53cd0e2a18d5dfa2f554196db8239b81b19f

Files

540dbd9bbfc1d3913385470f235c53cd0e2a18d5dfa2f554196db8239b81b19f
.exe windows x64

70f039674d7d033334733344828fbc7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlAdjustPrivilege
RtlGetNtVersionNumbers

kernel32

FindNextFileA
GetFileAttributesA
GetFileSizeEx
ReadFile
WriteFile
CloseHandle
FindClose
CreateProcessA
OpenProcess
IsWow64Process
CopyFileA
MoveFileA
WideCharToMultiByte
CreateFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
FindFirstFileA
TerminateProcess
K32GetModuleFileNameExA

user32

GetWindowThreadProcessId
SetWinEventHook
GetClassNameA
TranslateMessage
DispatchMessageA
GetMessageA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcrt

memcpy
memset
_stricmp
printf
sprintf
free
malloc
exit
strrchr

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70f039674d7d033334733344828fbc7c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

version

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 420B

.reloc Size: 512B - Virtual size: 20B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 420B

.reloc
Size: 512B - Virtual size: 20B