59c31b75f0dc5e69a175fe72409af3b987d9c16efc9b5732d8578dee6135a53d

Sharing

Copy URL Twitter E-mail

General

Target

59c31b75f0dc5e69a175fe72409af3b987d9c16efc9b5732d8578dee6135a53d
Size

356KB
MD5

a5308b1f69b7d0919cad99439c16c455
SHA1

856ba5ea1b477892cc516fdc53f68da3ee6cbbef
SHA256

59c31b75f0dc5e69a175fe72409af3b987d9c16efc9b5732d8578dee6135a53d
SHA512

2162f4391ef0f54cea44ec95561964e1b5b443863572ba73afd0dafac3c85ad920e31959229084e8e04f52f65b6ebfb4fb279f434da9fe8d341406b6c40deba0
SSDEEP

1536:AmCknr4RTV1SKLKccbY814hM1Ijq6E7es4v33No+UacyeXpdBEbF+Q:rehLwbsM17eZv33No+UacyeXpdBEbFj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59c31b75f0dc5e69a175fe72409af3b987d9c16efc9b5732d8578dee6135a53d

Files

59c31b75f0dc5e69a175fe72409af3b987d9c16efc9b5732d8578dee6135a53d
.exe windows:5 windows x86

ebd8fb61197ad7d3631f4728bdabb76a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW

advapi32_vista

RegDeleteTreeW

user32

LoadStringW

msvcrt

__set_app_type
_cexit
_fpreset
_initterm
__winitenv
_wcmdln
signal
__lconv_init
__setusermatherr
memset
sprintf
bsearch
strcspn
strchr
strcmp
strcpy
memcpy
memcmp
_wcsnicmp
wcsrchr
wcspbrk
wcsncmp
wcschr
strpbrk
memmove
strlen
iswctype
_wfopen
fread
fclose
exit
realloc
towupper
swprintf
_wcsupr
_wcsicmp
towlower
wcstoul
malloc
free
_errno
_amsg_exit
__wgetmainargs

kernel32

EnterCriticalSection
TlsGetValue
DeleteCriticalSection
LoadLibraryW
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
Sleep
SetUnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
SetLastError
LocalReAlloc
LocalAlloc
GetEnvironmentVariableA
WideCharToMultiByte
WriteConsoleW
GetConsoleOutputCP
MultiByteToWideChar
lstrcmpW
WriteFile
LocalFree
GetLastError
FormatMessageW
CreateFileW
CloseHandle
ReadConsoleW
GetStdHandle
GetModuleHandleW
lstrlenW
lstrcpyW
lstrcmpiW
LeaveCriticalSection
InitializeCriticalSection

ntdll

vDbgPrintExWithPrefix

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebd8fb61197ad7d3631f4728bdabb76a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

advapi32_vista

user32

msvcrt

kernel32

ntdll

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 315KB - Virtual size: 315KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 315KB - Virtual size: 315KB

.reloc
Size: 2KB - Virtual size: 1KB