188cc9aebd62409bcf54c4265ef92a42

Sharing

Copy URL Twitter E-mail

General

Target

188cc9aebd62409bcf54c4265ef92a42
Size

64KB
MD5

188cc9aebd62409bcf54c4265ef92a42
SHA1

70817b4d49aa15186484a4b6b4697db860e536cb
SHA256

9a3fad37792d4b40d9ac6cf11435875ba25705a5be22c8b1d97349abcec4450a
SHA512

a1f71dc3231460e1922ffd686f8834222734b147406b8c6c3a4416035207fe47229d1179416eeb5226beb0e1a9ab98a68a7d2df0b747328227e69ab717d2e44c
SSDEEP

1536:VfB9oZjr91SAuShInwerpMaOBoDA1DFN+8ucpIOh:L9oZjr91SAVh8PrevomFPucxh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
188cc9aebd62409bcf54c4265ef92a42

Files

188cc9aebd62409bcf54c4265ef92a42
.exe windows:5 windows x86 arch:x86

bf03c4f1e77adc0719a84cf4665342a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
LoadLibraryA
VirtualQuery
GetSystemDirectoryA
GetProcAddress
WideCharToMultiByte
CreateFileW
GetCurrentProcessId
GetCPInfo
GetVersion
FindResourceA
IsBadReadPtr
lstrcmpW
LockResource
GetModuleHandleW
GetTickCount
SetLastError
IsBadWritePtr
TlsFree
VirtualFree
TerminateProcess
ExitProcess
FreeEnvironmentStringsW
GetStringTypeW
VirtualAlloc
GetCommandLineW
GetStdHandle
GetCurrentThreadId
RtlUnwind
lstrlenA
GetConsoleMode
GetLastError
LocalAlloc
FindResourceW

ole32

OleRun
CoTaskMemRealloc
CreateILockBytesOnHGlobal
CoGetObjectContext
CoTaskMemFree
CoGetMalloc
CoSetProxyBlanket
StgCreateDocfile
OleRegGetMiscStatus
CoCreateInstance
CoCreateFreeThreadedMarshaler
CreateDataAdviseHolder
WriteClassStm
CoInitializeEx
CoUnmarshalInterface
OleUninitialize
OleRegEnumVerbs
StringFromGUID2
CoGetInterfaceAndReleaseStream
ReadOleStg
CoFreeUnusedLibraries

msvcrt

_vsnwprintf
fprintf
_initterm
wcsncmp
fseek
atol
malloc
memmove
isdigit
_stricmp
??1type_info@@UAE@XZ
_ftol
_ltow
_snprintf
wcscspn
_wcsdup
_CIsqrt
??0exception@@QAE@ABV0@@Z
__set_app_type
_exit
isleadbyte
strncpy
_vsnprintf
fwrite

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileW
VerQueryValueA

ntdll

RtlCreateUserThread
RtlReleaseResource
RtlGUIDFromString
RtlAcquireResourceExclusive
RtlAppendUnicodeToString
DbgPrint
RtlQueryInformationAcl
RtlCreateEnvironment
NtDuplicateToken
NtDuplicateObject
RtlGetNtProductType
RtlInitializeCriticalSection
RtlGetOwnerSecurityDescriptor
NtQueryAttributesFile
NtQueryObject
NtWriteFile
RtlDeleteCriticalSection
RtlInitializeCriticalSectionAndSpinCount
NtQueryInformationProcess
RtlFormatCurrentUserKeyPath
NtUnmapViewOfSection
RtlQueueWorkItem
RtlSubAuthoritySid
NtCreateFile

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 30KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf03c4f1e77adc0719a84cf4665342a3

Headers

File Characteristics

Imports

kernel32

ole32

msvcrt

version

ntdll

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 30KB - Virtual size: 91KB

.reloc Size: 512B - Virtual size: 483B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 30KB - Virtual size: 91KB

.reloc
Size: 512B - Virtual size: 483B