b20f2d9feed3ddaf777c4a52acea98a0a5a53b4a9cdde5613634b631f0df7fd1

Sharing

Copy URL

Twitter E-mail

General

Target

b20f2d9feed3ddaf777c4a52acea98a0a5a53b4a9cdde5613634b631f0df7fd1
Size

1.6MB
MD5

8a5b5086b5545bd4b71b33a939cebf3f
SHA1

e33ecc2661ca7022b0a4359c0c1c28b7f73d5307
SHA256

b20f2d9feed3ddaf777c4a52acea98a0a5a53b4a9cdde5613634b631f0df7fd1
SHA512

a16f12db36db7bf72cf45faa74e126da6b9e86276eab7da45bbc96efdd93683e27a8922f0a3a5e860729e369ba83363181cd027bcf8e820ce8f24feb79ff2a9a
SSDEEP

12288:31p3H63UlKVRcf7lUaXcTusb3sjMLMZy1bqknX305VVKXFWzfvc58hWgZczME07n:31U2Am5s3sjMYcZXCkJf+c4v7Sey+3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b20f2d9feed3ddaf777c4a52acea98a0a5a53b4a9cdde5613634b631f0df7fd1

Files

b20f2d9feed3ddaf777c4a52acea98a0a5a53b4a9cdde5613634b631f0df7fd1
.exe windows:5 windows x86

65737bf1326bdce1a3f7b46c6065a414

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW

msi

ord8
ord178
ord148
ord77
ord112
ord179
ord150
ord78
ord113

kernel32

SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileW
HeapSize
CreateFileA
GetVersionExA
lstrcmpA
lstrlenA
GetLastError
CloseHandle
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileSectionA
GetFileAttributesA
GetFullPathNameA
GetSystemDirectoryA
GetExitCodeProcess
CreateProcessA
lstrcmpiA
CreateMutexA
GetSystemInfo
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetModuleFileNameA
GetCommandLineA
FindClose
FindNextFileA
FindFirstFileA
GetSystemDefaultLangID
GetUserDefaultLangID
lstrcmpW
lstrlenW
LoadLibraryW
GetPrivateProfileSectionW
GetFileAttributesW
GetFullPathNameW
GetSystemDirectoryW
CreateProcessW
lstrcmpiW
CreateMutexW
CreateFileMappingW
GetModuleFileNameW
GetCommandLineW
FindNextFileW
FindFirstFileW
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
HeapFree
DeleteFileA
DeleteFileW
GetStartupInfoA
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
WideCharToMultiByte
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
ExitProcess
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetHandleCount
GetFileType
ReadFile
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetConsoleCtrlHandler
GetLocaleInfoW
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
InitializeCriticalSectionAndSpinCount
InterlockedExchange

user32

TranslateMessage
LoadStringW
MessageBoxW
CharNextW
PeekMessageW
DispatchMessageW
LoadStringA
MessageBoxA
CharNextA
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

65737bf1326bdce1a3f7b46c6065a414

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msi

kernel32

user32

Sections

.text Size: 181KB - Virtual size: 181KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 241KB - Virtual size: 241KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 181KB - Virtual size: 181KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 241KB - Virtual size: 241KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB