f20d03c01182319a3659935acf0825d327d0cadef160aea97c54ac9c3f53762c

Sharing

Copy URL

Twitter E-mail

General

Target

f20d03c01182319a3659935acf0825d327d0cadef160aea97c54ac9c3f53762c
Size

75KB
MD5

69dda7c2ac42e0e6d8d6bd1a6a422046
SHA1

811a4caf036f01435da139d5a7f328ee77f161fc
SHA256

f20d03c01182319a3659935acf0825d327d0cadef160aea97c54ac9c3f53762c
SHA512

8697284d5427ea3b52d8d45501e3f409e7141bcd00370113ddb500a7cf61ecdf155bc09b5f94b459ea365bf8a7ef092011d3278b1e41d04cab370403ec30e703
SSDEEP

1536:taxuQcu7yia2d7D+vZ41zT8jWGafeRMZAwJ5BCaepoeU9dhrw+jlSoCLWApmHH:taYQp7SG7oZ41zwJeAwHBSpmhrw+tSsH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tar.exe

Files

f20d03c01182319a3659935acf0825d327d0cadef160aea97c54ac9c3f53762c
.zip
tar.exe
.exe windows x86

391137312364911258babcdf61d96fdd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
GetSecurityDescriptorOwner
GetKernelObjectSecurity
GetFileSecurityA
GetLengthSid
IsValidSid
FreeSid
AllocateAndInitializeSid
LookupAccountSidA
GetSidIdentifierAuthority
EqualSid
LookupAccountNameA
GetSecurityDescriptorGroup
RegQueryValueExA
RegOpenKeyExA
GetSidSubAuthority
GetSidSubAuthorityCount

kernel32

GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
CloseHandle
GetFileInformationByHandle
GetVersion
CreateFileA
GetFullPathNameA
FindClose
GetFileAttributesA
GetLastError
FindFirstFileA
GetSystemTime
Sleep
ReadFile
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
DeleteFileA
SetFileAttributesA
CreateDirectoryA
GetVolumeInformationA
SetLastError
SetFileTime
DeviceIoControl
WriteFile
UnhandledExceptionFilter
SetErrorMode
GetCurrentProcessId
MapViewOfFile
GetEnvironmentStrings
GetCommandLineA
SetFileApisToOEM
GetStdHandle
ExitProcess
FreeLibrary
FormatMessageA
LoadLibraryExA
LocalFree
ResetEvent
WaitForSingleObject
CreateEventA
SetConsoleCtrlHandler
GetProcAddress
LoadLibraryA
SetFilePointer
GetFileType
SetEndOfFile
GetComputerNameA
FileTimeToDosDateTime
GetDriveTypeA
FindNextFileA
MultiByteToWideChar
WideCharToMultiByte
SetStdHandle
GetTimeZoneInformation
DosDateTimeToFileTime
WriteTapemark
PrepareTape
SetTapePosition
EraseTape
GetTapeParameters
SetTapeParameters
VirtualAlloc
SetEvent
UnlockFile
LockFile
DuplicateHandle
GetCurrentProcess
GetConsoleMode
RtlUnwind

mpr

WNetGetConnectionA

user32

PostMessageA
CharToOemA

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

391137312364911258babcdf61d96fdd

Headers

File Characteristics

Imports

advapi32

kernel32

mpr

user32

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 512B - Virtual size: 512B

.data Size: 33KB - Virtual size: 63KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 512B - Virtual size: 512B

.data
Size: 33KB - Virtual size: 63KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 4KB