ff381e29c9411af48abca3d920bd0c957e2a9db5700532f30359f3197a8bf15f

Sharing

Copy URL Twitter E-mail

General

Target

ff381e29c9411af48abca3d920bd0c957e2a9db5700532f30359f3197a8bf15f
Size

794KB
MD5

8ee9cf53554c825c3eff1197493e1797
SHA1

f71328981772f785e9fc77a6c160eeaffac4cef8
SHA256

ff381e29c9411af48abca3d920bd0c957e2a9db5700532f30359f3197a8bf15f
SHA512

6e1447a0efd41e652c5d4056e5f672d397ea44de12d07dbdc996b90dfba7dc2a57cce9f06372703b0f32f4d40d48d77a25fbede5d28bf07510a20da86c9eeaac
SSDEEP

12288:XWuDTtBznOVqoNq+Otn78KKufxls5P0mn5Od1Dz5Od1Dt1KkIfU:XWuDhNY/Ot72yzytc3s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff381e29c9411af48abca3d920bd0c957e2a9db5700532f30359f3197a8bf15f

Files

ff381e29c9411af48abca3d920bd0c957e2a9db5700532f30359f3197a8bf15f
.exe windows:6 windows x86 arch:x86

0bbcee04b3b4d5f8a95801302fb15858

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
TerminateProcess
RemoveDirectoryW
GetModuleFileNameW
K32GetModuleFileNameExW
GetTempPathW
FindClose
GetCurrentThreadId
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
OutputDebugStringW
DeleteFileW
Process32FirstW
LoadLibraryW
GetProcAddress
LocalFree
GetCurrentProcess
CopyFileW
MoveFileW
InitializeCriticalSection
CreateMutexW
OpenMutexW
GetFileType
GetStdHandle
GetModuleHandleExW
WriteConsoleW
GetConsoleCP
FlushFileBuffers
FindNextFileW
GetCommandLineW
SetLastError
FindFirstFileW
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetFileSize
CloseHandle
Sleep
MultiByteToWideChar
CreateFileW
LeaveCriticalSection
EnterCriticalSection
ReadFile
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
GetLastError
HeapSize
ExitProcess
LoadLibraryExW
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
FreeLibrary
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
InitializeCriticalSectionEx
GetModuleHandleW
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
lstrcatA
GetFileAttributesA
lstrcpyA
WritePrivateProfileStringA
CreateDirectoryA
GetPrivateProfileStringA
SetPriorityClass
DeviceIoControl
GetVolumeInformationA
CreateFileA
GetVersionExA
GetFileSizeEx
GetFileAttributesW
WideCharToMultiByte
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwind

advapi32

UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
GetAclInformation
GetAce
EqualSid
GetSidSubAuthority
GetSidLengthRequired
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
InitializeSid
IsValidSid
AddAce
InitializeAcl
GetLengthSid
TraceEvent

shell32

SHGetSpecialFolderPathA
SHCreateDirectoryExW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitialize

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

shlwapi

PathCombineW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
StrCmpIW
PathFindFileNameW

Sections

.text
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0bbcee04b3b4d5f8a95801302fb15858

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

version

iphlpapi

shlwapi

Sections

.text Size: 226KB - Virtual size: 225KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 397KB - Virtual size: 397KB

.reloc Size: 79KB - Virtual size: 80KB

.text
Size: 226KB - Virtual size: 225KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 397KB - Virtual size: 397KB

.reloc
Size: 79KB - Virtual size: 80KB