de8185aff4988fbe401f56b3e8d452ff40e3bdda1ce5fc0a6968027817c8fe3c

Sharing

Copy URL Twitter E-mail

General

Target

de8185aff4988fbe401f56b3e8d452ff40e3bdda1ce5fc0a6968027817c8fe3c
Size

372KB
MD5

9687111e41165fda72eedba57af6f0b2
SHA1

193f1da3380b2d8d36ba11bfbe6fe7110e5a3179
SHA256

de8185aff4988fbe401f56b3e8d452ff40e3bdda1ce5fc0a6968027817c8fe3c
SHA512

9538bbc2903f7f2f0c813025711037a1fdb9609c51b4ee921cbbb9063c37e622b187eccd4fecbc7fc3aaeb13d189a956e50ddd7e19104c6156bc2154a804df20
SSDEEP

6144:bxAj/LccG4YDyCuWy6DiLaNO0tvXbfgnFQL:bxAj/LdgyLLaNPgnFQL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de8185aff4988fbe401f56b3e8d452ff40e3bdda1ce5fc0a6968027817c8fe3c

Files

de8185aff4988fbe401f56b3e8d452ff40e3bdda1ce5fc0a6968027817c8fe3c
.exe windows x86

388306117f10ca390c28a5de3f80fd27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetDllDirectoryA
CreateThread
RtlMoveMemory
lstrcatA
CreateToolhelp32Snapshot
Module32First
OpenProcess
lstrcpynA
CloseHandle
WideCharToMultiByte
GetComputerNameExA
CreateFileA
GetFileSizeEx
ReadFile
GetProcessHeap
HeapAlloc
HeapFree
MultiByteToWideChar
Process32First
Process32Next
InterlockedIncrement
InterlockedDecrement
RtlZeroMemory
HeapDestroy
HeapCreate
lstrlenW
lstrcmpW
lstrcmpiW
VirtualAlloc
VirtualFree
CreateMutexA
WaitForSingleObject
ReleaseMutex
lstrlenA
lstrcmpA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA
ExitProcess
HeapReAlloc
IsBadReadPtr
GetModuleFileNameA
Sleep
GetUserDefaultLCID
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLocalTime
SetFilePointer
CreateDirectoryA
GetTickCount
WriteFile
DeleteFileA
CreateProcessA
GetStartupInfoA
GetFileSize
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
FlushFileBuffers
SetStdHandle
LCMapStringW
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
RaiseException
RtlUnwind
GetVersionExA
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVersion
GetCommandLineA

ws2_32

WSAGetLastError
gethostname
WSACleanup
WSAStartup

ole32

CoInitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleRun

shlwapi

PathRemoveFileSpecA
PathRemoveBackslashA
PathFindExtensionA
PathGetArgsA
PathFileExistsA
StrToIntW
StrToIntExW
PathFindFileNameA

user32

wsprintfA
MessageBoxA
GetWindowThreadProcessId

oleaut32

SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayUnaccessData
SafeArrayGetElemsize
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

Sections

.text
Size: 328KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

388306117f10ca390c28a5de3f80fd27

Headers

File Characteristics

Imports

kernel32

ws2_32

ole32

shlwapi

user32

oleaut32

Sections

.text Size: 328KB - Virtual size: 324KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 28KB - Virtual size: 80KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 328KB - Virtual size: 324KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 28KB - Virtual size: 80KB

.rsrc
Size: 4KB - Virtual size: 1KB