pyi-archive_viewer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pyi-archive_viewer.exe
Size

105KB
MD5

9cfba1d2bfac6e9246d3235b22491905
SHA1

254ae3103193476bd5095f0c95bf97bb826db9e9
SHA256

ed992a415e5a7c94bbe8539cd327c2ea4a5290156a556d68dd56b0334777fb98
SHA512

bee8c9bd3a51e719c7b4ffdde2c064311cdc040e0b12e73b4769dbe48b47a47fe02ac8b9767570e90f22f62d79e1f57f2a8edde59a9222a7603a779d834b0a49
SSDEEP

1536:1966Spw1RSGXwStXQR1mTqZh52bAGXHnDtCdGgYluexaNSxFfHYTo+GRv:j8wDSRUT0kbAYn2GgYlBYN2fHYTo+Kv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pyi-archive_viewer.exe

Files

pyi-archive_viewer.exe
.exe windows:5 windows x64 arch:x64

c51d659b4b1142d4af3795d09f1d63f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
GetCommandLineW
SearchPathW
SetInformationJobObject
CreateProcessW
SetHandleInformation
WaitForSingleObjectEx
AssignProcessToJobObject
FormatMessageW
GetExitCodeProcess
GetModuleFileNameW
QueryInformationJobObject
MultiByteToWideChar
GetStartupInfoW
GetTempPathW
CreateJobObjectA
GetStdHandle
GetLastError
SetStdHandle
GetFileType
SetConsoleCtrlHandler
SetCurrentDirectoryW
CloseHandle
HeapSize
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableW
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
GetCommandLineA
RtlUnwindEx
HeapSetInformation
GetVersion
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetProcAddress
GetModuleHandleW
WriteFile
SetHandleCount
DeleteCriticalSection
Sleep
LCMapStringW
ReadFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
LoadLibraryW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CompareStringW
WriteConsoleW

shlwapi

StrStrIW
PathRemoveFileSpecW
PathCombineW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c51d659b4b1142d4af3795d09f1d63f7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 16KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 16KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 1024B - Virtual size: 852B