d216a1bc866321c64ac787271f1e01c0

Sharing

Copy URL Twitter E-mail

General

Target

d216a1bc866321c64ac787271f1e01c0
Size

172KB
MD5

d216a1bc866321c64ac787271f1e01c0
SHA1

dd2286f4924e6ae14623c3c42c510c15f4f9791c
SHA256

0cded22461f4b86d5d2f072a6fe092c75797c6fdb092cdbfee3f8d3288a78be9
SHA512

c77cdc386c71e53bc93fc0b8d0adaa344580989ab7bac04717ecd016841b4fe181deda01b313a207ff82375d670a3609313086a7876b581894d0a1f5b85c6723
SSDEEP

3072:Sb9rEw3S2B3p38EtJ4D1Q0xarREj8AaHXd2/89Ys8Nr5kNOOy:SpwwV3tmQCarRmaN29Nr57

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d216a1bc866321c64ac787271f1e01c0

Files

d216a1bc866321c64ac787271f1e01c0
.exe windows:5 windows x86 arch:x86

7aeca607ca588d088ca37f7fd3cd3f68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

EqualSid
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyA
FreeSid
RegCloseKey
AllocateAndInitializeSid
GetTokenInformation
RegCreateKeyA
RegEnumValueA

kernel32

lstrcmpiA
FreeLibrary
GetProcAddress
GetShortPathNameA
LoadLibraryA
GetSystemDirectoryA
lstrcpyA
GetModuleFileNameA
GetVersionExA
MultiByteToWideChar
WritePrivateProfileStringA
IsDBCSLeadByte
GetLastError
CreateDirectoryA
lstrlenA
ExpandEnvironmentStringsA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
CloseHandle
CreateFileA
lstrcpynA
lstrcmpA
lstrcatA
GetPrivateProfileStringA
CopyFileA
CreateDirectoryExA
GetCurrentProcess
GlobalFree
GlobalAlloc
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
FindClose
FindNextFileA
WriteFile
SetFilePointer
ReadFile
FindFirstFileA
GetWindowsDirectoryA
GetModuleHandleA
GetLocalTime
SetEndOfFile
GetFileSize
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
HeapFree
HeapAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc

user32

ExitWindowsEx
MessageBoxA
CharNextA
wsprintfA
CharPrevA
LoadStringA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoGetMalloc
CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7aeca607ca588d088ca37f7fd3cd3f68

Headers

File Characteristics

Imports

advapi32

kernel32

user32

version

shell32

ole32

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 100KB - Virtual size: 100KB