fa1b0971294a3b3f12a2f57982d9cf15cb295dafdda00bc1080027e55ed1db8f

Sharing

Copy URL Twitter E-mail

General

Target

fa1b0971294a3b3f12a2f57982d9cf15cb295dafdda00bc1080027e55ed1db8f
Size

370KB
MD5

c2a2af1f283561a0102733b6809ae765
SHA1

1db28450ee4df648526e29a59b788cb95d19b0ce
SHA256

fa1b0971294a3b3f12a2f57982d9cf15cb295dafdda00bc1080027e55ed1db8f
SHA512

c44a48d475640127012711d2b0346462b80effb231fd8286a4086d89da9c010e27723303922a224926e9129b5e595b3f824e75659a92b630f27d4768117df688
SSDEEP

6144:rYeZTjDUPBuA6ql6ZNflhbYVpJ6Vb+B/tIBuA6qDtHC1i+/kMUP:rYEKuA6qq1lh0HJ6USuA6qDtZ+pUP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa1b0971294a3b3f12a2f57982d9cf15cb295dafdda00bc1080027e55ed1db8f

Files

fa1b0971294a3b3f12a2f57982d9cf15cb295dafdda00bc1080027e55ed1db8f
.exe windows:6 windows x86 arch:x86

9b94f57fc4531f837f694208f8b2042f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
GetModuleFileNameW
OpenProcess
MultiByteToWideChar
GetTickCount64
LockResource
QueryPerformanceFrequency
GetConsoleOutputCP
LoadResource
GetProcAddress
FreeLibrary
WideCharToMultiByte
SleepEx
QueryPerformanceCounter
ExitProcess
GetFileInformationByHandleEx
SizeofResource
GetCurrentProcessId
DeleteCriticalSection
GetLocalTime
WaitForSingleObjectEx
ResumeThread
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
SetPriorityClass
GetModuleHandleW
GetProcessHeap
HeapAlloc
CloseHandle
GetThreadUILanguage
GetLastError
CreateFileW
SetThreadUILanguage
WriteFile
GetStdHandle
GetCommandLineW
SetLastError
HeapFree
FindResourceExW
ReadFile
Sleep
GetModuleHandleExW
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

AdjustTokenPrivileges
GetAce
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
IsWellKnownSid
AddAce
CreateRestrictedToken
FreeSid
StartServiceW
InitializeAcl
OpenServiceW
GetLengthSid
AddAccessAllowedAce
QueryServiceStatusEx
LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation

ole32

CoInitializeEx

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken

msvcrt

_wcsicmp
strncmp
free
malloc
_wcsnicmp
_callnewh
_initterm
_initterm_e
_set_fmode
__p___argc
__p___argv
__p__commode
_controlfp_s
strcpy_s
_errno
__pctype_func
tolower
___mb_cur_max_func
wcsnlen
wcstol
?terminate@@YAXXZ
__getmainargs
_environ
_msize
_XcptFilter
__set_app_type
?_set_new_mode@@YAHH@Z
___lc_codepage_func
_CIlog10
ceil
realloc
_clearfp
_except_handler4_common
_amsg_exit
memset
wcsstr
_CxxThrowException
wcsrchr
_mbtowc_l
memmove
memcpy
strrchr
__CxxFrameHandler3

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b94f57fc4531f837f694208f8b2042f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

userenv

wtsapi32

msvcrt

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 3KB - Virtual size: 2KB