4677f5cd59421294ab9c86f26b0016552d091e57f8053c8240d8326c4e184fae

Sharing

Copy URL Twitter E-mail

General

Target

4677f5cd59421294ab9c86f26b0016552d091e57f8053c8240d8326c4e184fae
Size

92KB
MD5

5bedcad73cc3dc1ce19721f283527f92
SHA1

69a9c722b76980700f69ee4b87bf180f03d35f97
SHA256

4677f5cd59421294ab9c86f26b0016552d091e57f8053c8240d8326c4e184fae
SHA512

6f3352be3153aaaaf5f6be62afab5ad29856f285251cb472656f70498f6586e0e1bc935d33b2fecd2acc703bb6ea1bd9d780bb37eedf46e7a519d97a3f034ce0
SSDEEP

1536:ZGkqd96eqHIASPk+KIJV9B+kb5jJKWcco+ksWjcdd5hiYNou8+R:Ed9AH2k+RV97jJKooId5gYNou8u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4677f5cd59421294ab9c86f26b0016552d091e57f8053c8240d8326c4e184fae

Files

4677f5cd59421294ab9c86f26b0016552d091e57f8053c8240d8326c4e184fae
.exe windows:6 windows x86

bead54066865b115c355d1ce524206be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
InitializeCriticalSectionEx
lstrlenW
RaiseException
VerifyVersionInfoW
GetLastError
GetProcAddress
HeapSize
EnterCriticalSection
DecodePointer
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
LocalFree
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
GetModuleFileNameW
GetExitCodeProcess
LeaveCriticalSection
WriteConsoleW
WriteFile
GetProcessHeap
GetModuleHandleW
HeapFree
GetCurrentProcess
VerSetConditionMask
HeapReAlloc
HeapAlloc
SetStdHandle
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RtlUnwind
GetCommandLineW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
EncodePointer
OutputDebugStringW
IsDebuggerPresent
FlushFileBuffers

user32

GetDesktopWindow

advapi32

QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle

shell32

ShellExecuteExW
ShellExecuteW
CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize
CoInitialize

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bead54066865b115c355d1ce524206be

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB