a8c08c436620f383c1ab9439ff7c8af92f6f303e71d5ab6609999fe57771a113

Sharing

Copy URL Twitter E-mail

General

Target

a8c08c436620f383c1ab9439ff7c8af92f6f303e71d5ab6609999fe57771a113
Size

1.0MB
MD5

430a61351d16dbdec1ce51053cd9189b
SHA1

3e52809d4f6a0d5cb07e5e11bc2cad7a01db495d
SHA256

a8c08c436620f383c1ab9439ff7c8af92f6f303e71d5ab6609999fe57771a113
SHA512

a3a4d795f478028e6714adf35b9373e574ac764e421a3dcdc250a829192f14ee43df9bc2910beffc2bdd5353691147c2e09fe00e1565faf4fd9b4387029191e3
SSDEEP

24576:4syvhKOgxV1xXDosbEtl5gJWCoW4ox1J+mpwD+yZ:EgLnoW4oxLANZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8c08c436620f383c1ab9439ff7c8af92f6f303e71d5ab6609999fe57771a113

Files

a8c08c436620f383c1ab9439ff7c8af92f6f303e71d5ab6609999fe57771a113
.exe windows x86

f5a7949686b92c0f2d9468bc492cd1aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
GetDriveTypeW
DeleteCriticalSection
GetFullPathNameA
TerminateProcess
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
HeapAlloc
HeapFree
HeapCreate
SetEndOfFile
SetFilePointerEx
SetHandleInformation
FlushFileBuffers
CreateFileA
SetEvent
GetTickCount
WriteFile
ReadFile
SetCurrentDirectoryA
CreateNamedPipeA
CreateEventW
GetModuleFileNameA
OutputDebugStringA
LocalFree
CreateThread
MoveFileExA
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSection
GetProcessTimes
OpenProcess
ReleaseSemaphore
CreateSemaphoreW
QueryPerformanceFrequency
GetCurrentThreadId
CreateFileW
MultiByteToWideChar
RemoveVectoredExceptionHandler
MapViewOfFile
UnmapViewOfFile
VirtualQuery
MapViewOfFileEx
VirtualFree
VirtualUnlock
CreateDirectoryA
FindFirstFileA
VirtualAlloc
FindClose
ResetEvent
CreateFileMappingW
AddVectoredExceptionHandler
GetSystemInfo
FindNextFileA
VirtualProtect
GetCurrentDirectoryA
DuplicateHandle
GetCurrentProcessId
ResumeThread
GetEnvironmentVariableW
CopyFileA
SetConsoleTextAttribute
ScrollConsoleScreenBufferW
SetConsoleCursorPosition
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorInfo
SetConsoleTitleW
GetConsoleTitleW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SleepEx
VerSetConditionMask
VerifyVersionInfoW
FreeLibrary
SetUnhandledExceptionFilter
GetTimeZoneInformation
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
WideCharToMultiByte
IsDebuggerPresent
IsProcessorFeaturePresent
SetConsoleCtrlHandler
GetCommandLineA
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileType
PeekNamedPipe
FileTimeToSystemTime
GetACP
ExitThread
LoadLibraryExW
CreatePipe
GetConsoleMode
ReadConsoleW
SetStdHandle
GetConsoleCP
GetModuleFileNameW
HeapReAlloc
RtlUnwind
SetLastError
GetStartupInfoW
IsValidCodePage
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcessHeap
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
RaiseException
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetFileAttributesExW
OutputDebugStringW
SetEnvironmentVariableA
LoadLibraryA
DeleteFileA
GetConsoleScreenBufferInfo
VirtualAllocEx
GetStdHandle
VirtualFreeEx
GetCurrentProcess
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
FormatMessageA
CloseHandle
GetModuleHandleA
CreateIoCompletionPort
PostQueuedCompletionStatus
GetProcAddress
GetLastError
WriteConsoleInputW
GetQueuedCompletionStatus
GetCurrentDirectoryW

dbghelp

SymSetOptions
SymInitialize

shlwapi

PathIsDirectoryA
PathIsRelativeA
PathRemoveFileSpecA
PathCombineA

psapi

GetPerformanceInfo

user32

wsprintfW

advapi32

RegisterEventSourceA
ControlService
SetServiceStatus
QueryServiceStatus
ChangeServiceConfig2W
RegisterServiceCtrlHandlerExA
StartServiceA
CreateServiceA
GetTokenInformation
SetNamedSecurityInfoA
SetEntriesInAclA
OpenSCManagerW
DeleteService
StartServiceCtrlDispatcherA
OpenProcessToken
CloseServiceHandle
OpenServiceA
RegSetValueExA
RegQueryValueExA
GetNamedSecurityInfoA
DeregisterEventSource
RegDeleteKeyA
RegCreateKeyA
ReportEventA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteExA
SHGetFolderPathA

Sections

.text
Size: 802KB - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5a7949686b92c0f2d9468bc492cd1aa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dbghelp

shlwapi

psapi

user32

advapi32

shell32

Sections

.text Size: 802KB - Virtual size: 802KB

.rdata Size: 220KB - Virtual size: 220KB

.data Size: 22KB - Virtual size: 80KB

.rsrc Size: 512B - Virtual size: 200B

.text
Size: 802KB - Virtual size: 802KB

.rdata
Size: 220KB - Virtual size: 220KB

.data
Size: 22KB - Virtual size: 80KB

.rsrc
Size: 512B - Virtual size: 200B