01f496fe1bba44638255a2736e06843adfaf5aa3e5783bd7118d91b0f5bf926e

Sharing

Copy URL Twitter E-mail

General

Target

01f496fe1bba44638255a2736e06843adfaf5aa3e5783bd7118d91b0f5bf926e
Size

7.8MB
MD5

c41a3beb745832d8c2d4a1de767cd2d6
SHA1

22ce5ae8070f0d58ed4943102f0a916c2ec5cb57
SHA256

01f496fe1bba44638255a2736e06843adfaf5aa3e5783bd7118d91b0f5bf926e
SHA512

b7e2f4f4369c2e15afa0c0ea73cf4a707e1f37d140d33c132df662a4c8f970c702b9b13b802a4d05e5215e61bed3e6ce19b3f5094071fdbe8f0a5c975b50af19
SSDEEP

196608:6+mg1oTQUBXJ4sErcySdr7mKqAa+dfeIpjR:62GMU9qRr5gv/+Ipj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01f496fe1bba44638255a2736e06843adfaf5aa3e5783bd7118d91b0f5bf926e

Files

01f496fe1bba44638255a2736e06843adfaf5aa3e5783bd7118d91b0f5bf926e
.exe windows:5 windows x86 arch:x86

6e551c0a9f0f6a58f69d26c09ab0f270

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCatW
PathFindFileNameW
PathRemoveExtensionW
StrCpyW
PathAppendW

advapi32

OpenSCManagerW
RegCloseKey
RegOpenKeyExW
ChangeServiceConfigW
StartServiceW
RegSetValueExA
CreateServiceW
CloseServiceHandle
OpenServiceW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW

user32

wsprintfW

ole32

CoInitialize
CoCreateInstance

kernel32

FlushFileBuffers
TlsFree
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
GetConsoleMode
GetConsoleCP
GetCommandLineW
FindFirstFileW
GetNativeSystemInfo
FindResourceW
LoadResource
CreateDirectoryW
GetModuleHandleW
GetTickCount
WriteFile
GetSystemDirectoryW
WideCharToMultiByte
SizeofResource
GetModuleFileNameW
CreateFileW
GetTempPathW
GetProcAddress
FindClose
RemoveDirectoryW
FindNextFileW
CloseHandle
DeleteFileW
SetFileAttributesW
GetStartupInfoW
SetUnhandledExceptionFilter
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
RaiseException
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e551c0a9f0f6a58f69d26c09ab0f270

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

advapi32

shell32

user32

ole32

kernel32

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 7.7MB - Virtual size: 7.7MB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

.reloc
Size: 25KB - Virtual size: 24KB