f0aa650f94fff954037ba5598373ef90

Sharing

Copy URL Twitter E-mail

General

Target

f0aa650f94fff954037ba5598373ef90
Size

172KB
MD5

f0aa650f94fff954037ba5598373ef90
SHA1

f6dc262c0d63cb4e8c83ef9b347dc302737634c4
SHA256

7663b85ba7fd42bfe4d92d2b667393784bd919f66acebe6239fa4528f1faddf1
SHA512

d2aa95b3e22b1e7e4a998ed6dda4e1a7c8834825976f1690e7dfedee753c900405cb3d4882a2f8c6b77eb2cd7a7c42b187b2847f346478d8c1a7a69ae2492e8a
SSDEEP

3072:1z6Q5zOyNWk2w1fHR4lYcC62HLV100Klyk/BKBxGRpj:p6Q56yN72w1f2dwLVe84BhZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0aa650f94fff954037ba5598373ef90

Files

f0aa650f94fff954037ba5598373ef90
.exe windows:4 windows x86 arch:x86

4c1ad6098efc3673fbf261a5bf7b7e06

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharLowerBuffA
LoadStringA
CharUpperBuffA

advapi32

RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegOpenKeyA
RegQueryInfoKeyA

cfgmgr32

CM_Locate_DevNode_ExA
CM_Get_Child_Ex
CM_Get_Sibling_Ex
CM_Get_DevNode_Registry_Property_ExA

kernel32

HeapFree
lstrcmpiA
lstrcmpA
GetStringTypeW
GetVersionExA
GetLastError
CreateMutexA
SetLastError
lstrlenA
lstrcpyA
CreateDirectoryA
SetCurrentDirectoryA
GetWindowsDirectoryA
RtlZeroMemory
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
WideCharToMultiByte
GetFileAttributesA
GetFullPathNameA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
lstrcatA
HeapAlloc
GetProcessHeap
VirtualFree
SetFileAttributesA
CloseHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetStringTypeA
GetFileType
ReadFile
WriteFile
SetFilePointer
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
VirtualAlloc
SetEndOfFile
SetHandleCount
GetStdHandle
SetStdHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
GetACP
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
RtlUnwind
LCMapStringA
LCMapStringW

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c1ad6098efc3673fbf261a5bf7b7e06

Headers

File Characteristics

Imports

user32

advapi32

cfgmgr32

kernel32

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 12KB - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 100KB - Virtual size: 100KB