9a1a9b477493d971d1a19a3bf19fc3ec8cb2efdabf837ec185374e86111bc8eb

Sharing

Copy URL Twitter E-mail

General

Target

9a1a9b477493d971d1a19a3bf19fc3ec8cb2efdabf837ec185374e86111bc8eb
Size

1.8MB
MD5

d238085c47f40d4802bbbab68751dfb4
SHA1

964383df6bea5a73a52de1bab56bab1398ff86b9
SHA256

9a1a9b477493d971d1a19a3bf19fc3ec8cb2efdabf837ec185374e86111bc8eb
SHA512

3add70aeae5b8817ec0f0c545043651a1009fd5e7e5848335ca62a3e0b97ed740466420a26416b48e48358482cb578442ddf307eed632984945228e5c78f35d7
SSDEEP

24576:C+jRxuOvQnAX9W1IazfpGeYlIk6eLeB0wpjDH+7rbE7MGc:djmOvQADeYll6e80w1H+7rA7MGc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a1a9b477493d971d1a19a3bf19fc3ec8cb2efdabf837ec185374e86111bc8eb

Files

9a1a9b477493d971d1a19a3bf19fc3ec8cb2efdabf837ec185374e86111bc8eb
.exe windows:6 windows x86

857fb9492ff10692cc0d20c3b4c31f25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
FindResourceExW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryW
lstrcpynW
lstrlenW
DeleteFileW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CreateToolhelp32Snapshot
HeapReAlloc
Process32NextW
HeapSize
Module32NextW
SwitchToThread
HeapAlloc
HeapDestroy
SetLastError
FlushFileBuffers
GetFileSizeEx
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
ReadFile
SetEndOfFile
Module32FirstW
HeapFree
GetLastError
RaiseException
Process32FirstW
DecodePointer
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapQueryInformation
SetConsoleCtrlHandler
GetCurrentThread
IsDebuggerPresent
OutputDebugStringW
LocalFree
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseMutex
WaitForSingleObject
FormatMessageW
CreateMutexW
MultiByteToWideChar
WideCharToMultiByte
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
VirtualQuery
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
GetFileType
WriteConsoleW
HeapValidate
GetSystemInfo
CreateFileW
SetFilePointerEx
WriteFile
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
ExitProcess
GetTickCount

user32

BeginPaint
UpdateWindow
TranslateAcceleratorW
EndPaint
EndDialog
LoadCursorW
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
wsprintfW
UnregisterClassA
GetMessageW
LoadStringW
UnregisterClassW
LoadIconW
DialogBoxParamW
LoadAcceleratorsW

gdi32

DeleteDC

advapi32

RegOpenKeyExW
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

PathCombineW
wnsprintfW
PathRemoveFileSpecW
SHSetValueA
PathFileExistsW
StrStrIW
SHGetValueA
StrToIntExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdiplusShutdown

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

Sections

.textbss
Size: - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 958B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

857fb9492ff10692cc0d20c3b4c31f25

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

oleaut32

shlwapi

version

gdiplus

ole32

Sections

.textbss Size: - Virtual size: 620KB

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 292KB - Virtual size: 291KB

.data Size: 9KB - Virtual size: 43KB

.idata Size: 6KB - Virtual size: 6KB

.msvcjmc Size: 1024B - Virtual size: 958B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 112KB - Virtual size: 111KB

.reloc Size: 51KB - Virtual size: 50KB

.textbss
Size: - Virtual size: 620KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 292KB - Virtual size: 291KB

.data
Size: 9KB - Virtual size: 43KB

.idata
Size: 6KB - Virtual size: 6KB

.msvcjmc
Size: 1024B - Virtual size: 958B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 51KB - Virtual size: 50KB