84738edd4578518881b44fde00560de4d8a4e6be25422a4f302c32dcea9e7225

Sharing

Copy URL Twitter E-mail

General

Target

84738edd4578518881b44fde00560de4d8a4e6be25422a4f302c32dcea9e7225
Size

3.8MB
MD5

57f763c71463320c283e47608f9fbac8
SHA1

c53e069ef14801b2407bbc13edf15485ceb7c749
SHA256

84738edd4578518881b44fde00560de4d8a4e6be25422a4f302c32dcea9e7225
SHA512

b9dc7627a22b6609478006eb092ab843870e7cb8a9d0e644c72b33d3c3e50bee231d1e634bcf0c703bc9e8d9ee8e2750584157cf83b2edfaad77435480c983b4
SSDEEP

98304:AjIDhvMBJxp1ZOvg/aUoCD9pUvBvrHQg3MbYi:cIDhvMbx3ZOvV89pGTHr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84738edd4578518881b44fde00560de4d8a4e6be25422a4f302c32dcea9e7225

Files

84738edd4578518881b44fde00560de4d8a4e6be25422a4f302c32dcea9e7225
.exe windows:5 windows x86

04b197eb6b3ff64fb823c09ad3ecdcec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLongPathNameW
GetConsoleAliasA
FlushViewOfFile
GetNumaNodeProcessorMask
DisconnectNamedPipe
SetNamedPipeHandleState
OpenProcess
GetProcessAffinityMask
SetVolumeLabelW
GetPrivateProfileStringA
GetQueuedCompletionStatus
ClearCommError
HeapAlloc
SetConsoleWindowInfo
GetLastError
FindFirstFileExA
OpenFileMappingA
LocalAlloc
GetProcAddress
GetModuleHandleA
lstrcatA
GetThreadSelectorEntry
GetExitCodeThread
GetEnvironmentVariableW
GetAtomNameW
SetConsoleScreenBufferSize
BuildCommDCBAndTimeoutsA
CreateMailslotW
GetPriorityClass
FindFirstVolumeMountPointW
CreateFileW
WriteConsoleW
LoadLibraryW
LoadResource
FindAtomW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapFree
RaiseException
RtlUnwind
GetCommandLineW
HeapSetInformation
GetStartupInfoW
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
SetFilePointer
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
GetLocaleInfoW
HeapReAlloc
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle

user32

GetCaretBlinkTime
ClientToScreen

advapi32

InitializeAcl

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04b197eb6b3ff64fb823c09ad3ecdcec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 3.7MB - Virtual size: 3.7MB

.rsrc Size: 34KB - Virtual size: 3.2MB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 34KB - Virtual size: 3.2MB