a36ffc2305e4f9d1a9b9cc61765d60b6dfed5b19bdc744418d7d81fd2cefa90d

Sharing

Copy URL Twitter E-mail

General

Target

a36ffc2305e4f9d1a9b9cc61765d60b6dfed5b19bdc744418d7d81fd2cefa90d
Size

366KB
MD5

388421551fd76dcdca0f8a936eba4ae3
SHA1

fe14fcb62c1014bf93f5b271cf43d60d6f9ccf67
SHA256

a36ffc2305e4f9d1a9b9cc61765d60b6dfed5b19bdc744418d7d81fd2cefa90d
SHA512

6b95aaef58318424974eb3742f821c803f771a19ef49b796dadb767b0080f8f5b259b4bf23cb3671a9646f9526f80275c1017f3eec465c8673aa87fd654e6966
SSDEEP

3072:FSnc7BH4+hQdt8BLqO17eZv33No+UacyeXpdBEbF:FSc7Bw8ne1F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a36ffc2305e4f9d1a9b9cc61765d60b6dfed5b19bdc744418d7d81fd2cefa90d

Files

a36ffc2305e4f9d1a9b9cc61765d60b6dfed5b19bdc744418d7d81fd2cefa90d
.exe windows:5 windows x64

ebd8fb61197ad7d3631f4728bdabb76a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW

advapi32_vista

RegDeleteTreeW

user32

LoadStringW

msvcrt

__set_app_type
_cexit
_fpreset
_initterm
__winitenv
_wcmdln
signal
__lconv_init
__setusermatherr
memset
sprintf
bsearch
strcspn
strchr
strcmp
strcpy
memcpy
memcmp
_wcsnicmp
wcsrchr
wcspbrk
wcsncmp
wcschr
strpbrk
memmove
strlen
iswctype
_wfopen
fread
fclose
exit
realloc
towupper
swprintf
_wcsupr
_wcsicmp
towlower
wcstoul
malloc
free
_errno
_amsg_exit
__wgetmainargs

kernel32

EnterCriticalSection
TlsGetValue
DeleteCriticalSection
LoadLibraryW
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
Sleep
SetUnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
SetLastError
LocalReAlloc
LocalAlloc
GetEnvironmentVariableA
WideCharToMultiByte
WriteConsoleW
GetConsoleOutputCP
MultiByteToWideChar
lstrcmpW
WriteFile
LocalFree
GetLastError
FormatMessageW
CreateFileW
CloseHandle
ReadConsoleW
GetStdHandle
GetModuleHandleW
lstrlenW
lstrcpyW
lstrcmpiW
LeaveCriticalSection
InitializeCriticalSection

ntdll

vDbgPrintExWithPrefix

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebd8fb61197ad7d3631f4728bdabb76a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

advapi32_vista

user32

msvcrt

kernel32

ntdll

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 315KB - Virtual size: 315KB

.reloc Size: 1024B - Virtual size: 536B

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 315KB - Virtual size: 315KB

.reloc
Size: 1024B - Virtual size: 536B