8f2570ad5a6bf2bab9836fd9fc1ae5ad

Sharing

Copy URL Twitter E-mail

General

Target

8f2570ad5a6bf2bab9836fd9fc1ae5ad
Size

175KB
MD5

8f2570ad5a6bf2bab9836fd9fc1ae5ad
SHA1

bbb16a3a7c4e577b4d14597691f5ea20b7533aa6
SHA256

aac7ca00a69979d0965e72905a77dccdba81c579517895255485cef317114f58
SHA512

1f702bf8aa502fa0db7a279b8c3319b0827926a5d26521837e31317410d6d0b398a8ba2a0df39997fd9ee02fde8839c8c3b4436f93ae7e1e5da96baa6e8e6a4f
SSDEEP

3072:B2HGHrUtbPF3zKhjbHdujtdB0WcQfCjxlMg/QWc2gMtyOcaBdP:Bsccb+jbHdujoQfO1/HcjEuar

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f2570ad5a6bf2bab9836fd9fc1ae5ad

Files

8f2570ad5a6bf2bab9836fd9fc1ae5ad
.exe windows:5 windows x86 arch:x86

1814c22cd367a049ac2372dc84e5ae7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegDeleteValueA
MapGenericMask
OpenThreadToken
IsValidSecurityDescriptor
ObjectOpenAuditAlarmW
FreeSid
GetSidSubAuthority
EqualPrefixSid
GetSidSubAuthorityCount
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
EqualSid
SetThreadToken
LogonUserW
RevertToSelf
LookupAccountSidW
SetSecurityDescriptorSacl
AddAuditAccessAce
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
ImpersonateSelf
StartServiceCtrlDispatcherW
CloseServiceHandle
StartServiceW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegCreateKeyExW
CreateServiceW
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegQueryValueExW
EnumDependentServicesW
QueryServiceStatus
ControlService
GetUserNameA
IsValidAcl
GetSecurityDescriptorDacl
RegDeleteKeyA
RegDeleteKeyW
RegOpenKeyExW
OpenProcessToken
IsValidSid
CopySid
GetSidIdentifierAuthority
RegSetKeySecurity
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
GetAclInformation
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
RegDeleteValueW
AccessCheck

kernel32

ResetEvent
SetProcessWorkingSetSize
GetCurrentProcess
lstrcmpiA
WaitForSingleObject
PulseEvent
OpenEventA
SetEvent
CreateEventA
LocalSize
VirtualFree
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
ReadFile
VirtualAlloc
GetFileSize
CreateFileA
lstrcatA
GetSystemDirectoryA
SetLastError
LeaveCriticalSection
GetTickCount
DuplicateHandle
ExitProcess
GetFileType
GetStdHandle
GetCommandLineW
SetCurrentDirectoryA
GetModuleFileNameA
WriteFile
SetFilePointer
GetSystemTime
FindResourceW
GetModuleFileNameW
lstrcpyW
Sleep
CreateThread
InitializeCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
GetExitCodeProcess
InterlockedIncrement
lstrcpyA
RtlUnwind
MultiByteToWideChar
LCMapStringA
OpenProcess
lstrlenA
WideCharToMultiByte
LocalReAlloc
MapViewOfFile
GetLastError
CreateFileMappingA
UnmapViewOfFile
GetSystemInfo
VirtualUnlock
LocalFree
lstrlenW
LocalAlloc
ReadProcessMemory
GetCurrentThread
CloseHandle
LoadLibraryW
SetErrorMode
LoadLibraryA
GetModuleHandleA
GetProcAddress
GetModuleHandleW
GetVersionExA
FreeLibrary
GetCurrentProcessId
EnterCriticalSection
GetFileTime
LCMapStringW
GetProcessHeap
HeapAlloc
HeapFree
SearchPathW
SearchPathA
CreateFileW
LoadLibraryExW

user32

wsprintfW
LoadStringW
SetWindowTextA
SetWindowTextW
GetDlgItemTextA
GetDlgItemTextW
LoadStringA
wsprintfA
DialogBoxParamA
GetWindowLongA
LoadCursorA
SetCursor
PeekMessageA
MessageBoxW
GetDlgItem
EndDialog
SetWindowLongA

rpcrt4

RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcServerListen
RpcServerRegisterIf
RpcStringFreeA
RpcServerUseProtseqEpA
UuidToStringA
RpcImpersonateClient
UuidFromStringA
NdrConformantStringUnmarshall
NdrSimpleStructBufferSize
NdrSimpleStructMarshall
NdrConformantArrayUnmarshall
NdrServerInitializeNew
NdrConvert
NdrSimpleStructUnmarshall
RpcRaiseException
NdrPointerBufferSize
I_RpcGetBuffer
NdrPointerMarshall
NdrPointerFree

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1814c22cd367a049ac2372dc84e5ae7e

Headers

File Characteristics

Imports

advapi32

kernel32

user32

rpcrt4

Sections

.text Size: 76KB - Virtual size: 76KB

.data Size: 512B - Virtual size: 992B

.rsrc Size: 97KB - Virtual size: 97KB

.text
Size: 76KB - Virtual size: 76KB

.data
Size: 512B - Virtual size: 992B

.rsrc
Size: 97KB - Virtual size: 97KB