082972810e8be648221c5f789c247a19

Sharing

Copy URL

Twitter E-mail

General

Target

082972810e8be648221c5f789c247a19
Size

76KB
MD5

082972810e8be648221c5f789c247a19
SHA1

8cd83592d57163911ad5e5c58b5f56776f56655f
SHA256

e36d518c11d8376dbdadcf24034f489a3979427249f46ec14137bf6dba66b4ea
SHA512

f17ff71fca641655b1f91777b526f9596db77ce1ce64cdce86cde92706e0c1991fa6ae203e0322c001101ae947c0997140a5182ed1126085cfa36c7854fe2cb0
SSDEEP

768:B4RGOd/DF8fiyG3bXHtlIrP7KhBlTOZI5ND9qF/dXBIm3L+eGv8kBCfKhAc4g:GRGg33bdlSUnTOmHUV9pM8kcfng

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
082972810e8be648221c5f789c247a19

Files

082972810e8be648221c5f789c247a19
.exe windows:6 windows x86 arch:x86

2c7ea1f046a80a4d02174a4ba61467ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
EventActivityIdControl
ConvertStringSidToSidW
RegCloseKey

kernel32

GetProcessHeap
HeapFree
GetTickCount
GetStdHandle
SetThreadPreferredUILanguages
HeapSetInformation
GetLastError
SetThreadUILanguage
GetComputerNameW
GetProcAddress
LoadLibraryW
GetModuleHandleW
HeapAlloc
FormatMessageW
LocalFree
WriteConsoleW
WideCharToMultiByte
WriteFile
GetFileType
GetConsoleMode
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
FileTimeToSystemTime
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
MultiByteToWideChar
InterlockedExchange
GetCurrentThreadId

msvcrt

malloc
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
_exit
_cexit
__wgetmainargs
memset
memcpy
fprintf
_iob
_wcsicmp
exit
printf
free
wcstol
getchar
_getch
wcschr
wcsstr
_wtoi

rpcrt4

RpcErrorLoadErrorInfo
RpcErrorEndEnumeration
RpcErrorClearInformation
RpcErrorSaveErrorInfo
RpcErrorResetEnumeration
RpcErrorGetNextRecord
RpcErrorGetNumberOfRecords
RpcErrorStartEnumeration
RpcMgmtStatsVectorFree
RpcMgmtInqStats
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidToStringW
UuidCreate
RpcCertGeneratePrincipalNameW
UuidFromStringW
RpcStringFreeW
I_RpcCertProcessAndProvision

ntdll

WinSqmIsOptedIn
WinSqmIncrementDWORD

winhttp

WinHttpSetCredentials
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryOption

crypt32

CertFreeCertificateContext

credui

SspiPromptForCredentialsW
CredUIPromptForCredentialsW

rpcdiag

RpcDiagnoseError

sspicli

SspiEncodeStringsAsAuthIdentity
SspiEncodeAuthIdentityAsStrings

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2c7ea1f046a80a4d02174a4ba61467ec

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

winhttp

crypt32

credui

rpcdiag

sspicli

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 30KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 30KB