141fd3359c41aa8c3ebad0784dabd84b

Sharing

Copy URL

Twitter E-mail

General

Target

141fd3359c41aa8c3ebad0784dabd84b
Size

6.6MB
MD5

141fd3359c41aa8c3ebad0784dabd84b
SHA1

03c934aeb34857c4a788139836ef4c2e996b25cc
SHA256

38c29d3d7e67db0892c92b13466391ccff4fcbe66c7e5d0f01e9cbb0e4057836
SHA512

69f535d48ac18c7402e9371c434953bdd60ef840f0d7f949a342c16c0af9d644399de0596dae800a0557c9ddb232831bdad9f462546949709121eeb95323d035
SSDEEP

98304:xbKaqUc2T+QTdyEUyDnttH2b/U724VYbyNedYy/gLJBqHefDkWx89qIdnOZ:xlTcyTdfUufYb7dYy/g/q+LkW2Xh+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
141fd3359c41aa8c3ebad0784dabd84b

Files

141fd3359c41aa8c3ebad0784dabd84b
.exe windows:5 windows x86 arch:x86

2338879a3389d6e5434a1477a1f27884

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

InterlockedIncrement
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
DeleteFileW
CloseHandle
WriteFile
CreateFileW
LockResource
LoadResource
SizeofResource
GetLastError
FindResourceW
lstrlenW
MoveFileExW
RemoveDirectoryW
WaitForSingleObject
GetTempFileNameW
CreateDirectoryW
GetTempPathW
GetModuleFileNameW
Sleep
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
SetFilePointer
CreateMutexW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
LocalFree
LocalAlloc
FormatMessageW
FreeLibrary
TlsGetValue
TlsSetValue
TlsAlloc
GetProcAddress
GetModuleHandleW
IsBadReadPtr
GetCurrentProcess
RaiseException
LoadLibraryW
GetVersionExW
SetUnhandledExceptionFilter
LoadLibraryExW
SystemTimeToFileTime
GetSystemTime
SetEvent
OpenEventW
GetCurrentThreadId
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
ReleaseMutex
TlsFree
GetSystemWindowsDirectoryW
GetCurrentThread
FindClose
FlushFileBuffers
FindFirstFileW
GetSystemDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetTickCount
QueryPerformanceCounter
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LCMapStringA
HeapSize
GetConsoleMode
GetConsoleCP
LCMapStringW
GetModuleHandleA
IsValidCodePage
GetOEMCP
InterlockedExchange
LoadLibraryA
ExitProcess
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
RtlUnwind
GetStdHandle
GetModuleFileNameA
SetLastError
InterlockedDecrement
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetCPInfo
GetACP

ole32

CoGetCurrentProcess

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

shlwapi

PathRemoveExtensionW
PathStripPathW

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2338879a3389d6e5434a1477a1f27884

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

ole32

psapi

shlwapi

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 6.5MB - Virtual size: 6.5MB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 6.5MB - Virtual size: 6.5MB