82431b3eafff4989620387d0381f2d9e

Sharing

Copy URL Twitter E-mail

General

Target

82431b3eafff4989620387d0381f2d9e
Size

2.4MB
MD5

82431b3eafff4989620387d0381f2d9e
SHA1

b855090a222aeb93b000422ecac2da891bd0151f
SHA256

028292a8e42e37de3779d873f7b007f245428ba3603f9f1eb7c75abd8ff379b7
SHA512

b9254e5158b7e33add5af09c2237d89c030a3f18d70729aca9abdd57333254fbceb27b5dbdf017bdb3db8b23dc0faa97d08c9619335df822d3255bdd17d03245
SSDEEP

49152:qZhvvAQ7bv6GG2vhEU20Vejp6TNMoIBW8CtQw8j+DdT9jOotbgJSG3mml6s3qNaN:qZRPREU3uo63mml6iqN0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82431b3eafff4989620387d0381f2d9e

Files

82431b3eafff4989620387d0381f2d9e
.exe windows:6 windows x86 arch:x86

6887e7259101d3208a505be9aca7b922

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetProcessId
lstrlenA
lstrcatA
GetCommandLineA
GetTempPathA
QueryFullProcessImageNameA
CreateFileA
GetVersionExA
GetCommandLineW
ExitProcess
VerSetConditionMask
VerifyVersionInfoW
lstrcmpiW
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
FreeLibrary
GetModuleFileNameA
GetComputerNameA
CreateThread
OpenSemaphoreA
LocalAlloc
WaitForSingleObject
CreateMutexA
WideCharToMultiByte
MultiByteToWideChar
CreateEventA
SetEvent
GetCurrentProcessId
LoadLibraryA
CreateDirectoryA
GetProcAddress
FindClose
FindNextFileA
FindFirstFileA
GetLastError
CopyFileA
LoadResource
CloseHandle
Process32Next
DeleteFileA
LockResource
GetFileAttributesA
Sleep
CreateToolhelp32Snapshot
GetModuleHandleA
FindResourceA
TerminateProcess
Process32First
MoveFileA
WTSGetActiveConsoleSessionId
SizeofResource
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
ReleaseSemaphore
InitializeCriticalSection
CreateSemaphoreW
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
ExitThread
FreeLibraryAndExitThread
GetCurrentThread
HeapAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapFree
GetCurrentDirectoryW
GetFullPathNameW
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
ReadFile
ReadConsoleW
SetFilePointerEx
DeleteFileW
HeapReAlloc
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
MoveFileExW
HeapSize
WriteConsoleW
SetEndOfFile
ChangeTimerQueueTimer
CreateTimerQueueTimer
TryEnterCriticalSection
DuplicateHandle
GetExitCodeThread
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation

user32

LoadStringA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

AdjustTokenPrivileges
CreateProcessAsUserA
RegCloseKey
StartServiceCtrlDispatcherA
SetTokenInformation
LookupPrivilegeValueA
GetUserNameA
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenSCManagerA
OpenServiceA
SetSecurityDescriptorDacl
ConvertSidToStringSidA
LookupAccountNameA
InitializeSecurityDescriptor
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegGetValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA

shell32

ShellExecuteExA
CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

Sections

.text
Size: 1008KB - Virtual size: 1008KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6887e7259101d3208a505be9aca7b922

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wtsapi32

userenv

Sections

.text Size: 1008KB - Virtual size: 1008KB

.rdata Size: 207KB - Virtual size: 207KB

.data Size: 19KB - Virtual size: 24KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 45KB - Virtual size: 45KB

.text
Size: 1008KB - Virtual size: 1008KB

.rdata
Size: 207KB - Virtual size: 207KB

.data
Size: 19KB - Virtual size: 24KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 45KB - Virtual size: 45KB