1093d5349bfd6dd23ced759a8e78f3d353c61f3a4b20d2db4efaf060ae14c062

Sharing

Copy URL Twitter E-mail

General

Target

1093d5349bfd6dd23ced759a8e78f3d353c61f3a4b20d2db4efaf060ae14c062
Size

260KB
MD5

6571410a719b0e91e224ee8d4bff2d58
SHA1

daf35750467630173d2c14cb5e0ae87ec6800a82
SHA256

1093d5349bfd6dd23ced759a8e78f3d353c61f3a4b20d2db4efaf060ae14c062
SHA512

f539673c8ccaab04599778652d015e328a41e59ee5893fa82fca9f50f820b4615b02e7f2dedfefb22ade0e7f9020a41aff75df81753806218b99fa46078bf11e
SSDEEP

3072:xI/eGwdE3l7v9a1red+FCfGar0ecPYlJBv/lYv++3DvfyMYQdctWmHmacFKKvozE:xIEolx0redMarZTHF+3RPakHoZy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1093d5349bfd6dd23ced759a8e78f3d353c61f3a4b20d2db4efaf060ae14c062

Files

1093d5349bfd6dd23ced759a8e78f3d353c61f3a4b20d2db4efaf060ae14c062
.exe windows:4 windows x86 arch:x86

cbb5f05b89e1ac8e58b9dd3b0de3ef8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
htons
htonl
ntohs

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules

version

GetFileVersionInfoW
VerQueryValueW

drreport

CreateDrReport

kernel32

FlushFileBuffers
SetStdHandle
GetLocaleInfoA
CreateFileA
ExitProcess
DeleteFileW
SetCurrentDirectoryW
Sleep
CopyFileW
CreateThread
InterlockedDecrement
CloseHandle
GetExitCodeThread
TerminateThread
CreateMutexW
GetSystemDefaultLangID
GetModuleFileNameW
TerminateProcess
GetLastError
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTickCount
WaitForSingleObject
CreateEventW
SetEvent
OpenProcess
SetEndOfFile
CreateProcessW
FindFirstFileW
GetTempFileNameW
GetCurrentDirectoryW
SetFilePointer
GetTempPathW
SetFileTime
CreateFileW
GetExitCodeProcess
WriteConsoleA
SearchPathW
FindNextFileW
ResetEvent
WideCharToMultiByte
GetFileAttributesW
ReadFile
MultiByteToWideChar
SystemTimeToFileTime
CreateDirectoryW
LocalFileTimeToFileTime
WriteFile
GetLocalTime
EnterCriticalSection
DeleteCriticalSection
ReleaseMutex
GetCurrentProcess
LeaveCriticalSection
GetVersion
QueryPerformanceCounter
InitializeCriticalSection
IsValidCodePage
GetOEMCP
GetACP
HeapReAlloc
VirtualAlloc
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetConsoleOutputCP
WriteConsoleW
GetCurrentThreadId
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LoadLibraryA
GetModuleFileNameA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
InterlockedExchange
InterlockedIncrement
HeapFree
GetProcessHeap
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapAlloc
GetStartupInfoA
RaiseException
RtlUnwind
GetStringTypeA
GetStdHandle

user32

MessageBoxW
PostMessageW
ExitWindowsEx
wsprintfW
TranslateMessage
PostQuitMessage
ShowWindow
RegisterClassW
DefWindowProcW
DispatchMessageW
GetSysColorBrush
CreateWindowExW
TranslateAcceleratorW
GetMessageW
LoadCursorW

advapi32

RegSetValueExW
LookupPrivilegeValueW
OpenServiceW
OpenProcessToken
CloseServiceHandle
AdjustTokenPrivileges
OpenSCManagerW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoInitializeSecurity
CoCreateInstance

oleaut32

VariantInit
SysAllocString
SysStringLen
SysFreeString
VariantChangeType
VariantClear
SysAllocStringByteLen

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cbb5f05b89e1ac8e58b9dd3b0de3ef8a

Headers

File Characteristics

Imports

ws2_32

psapi

version

drreport

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 164KB - Virtual size: 161KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 164KB - Virtual size: 161KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 16KB - Virtual size: 16KB