15a0f63bf2f9a36cf6bc3dea3d300197

General

Target

15a0f63bf2f9a36cf6bc3dea3d300197
Size

64KB
MD5

15a0f63bf2f9a36cf6bc3dea3d300197
SHA1

826f15d829664616aecb6a2b9e6c625fde894676
SHA256

e3f13f28d1192e267e56bcac05c996174ca4a2d96c35108228facf7ad983c4ea
SHA512

fccfd311e17f0a81350e446495716a5a0875980cdd07a59e1a257c0fc2e3a745cca1b2c2a3c23d48f1a4160bddffca8aa57fda051a40bfd9d49069d686e6b51a
SSDEEP

768:8DaPGjkyRuV44bfsuev8XbTuum7kkCRCHuX3F4X7wxf7f12I3:SaPGjbSzsUXPnm7WTFIetT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15a0f63bf2f9a36cf6bc3dea3d300197

Files

15a0f63bf2f9a36cf6bc3dea3d300197
.exe windows:4 windows x86 arch:x86

f676b32bb7d88e9ca01cb6dccfd4e23b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceA
ExitProcess
WaitForSingleObject
CreateThread
Sleep
GetLastError
WinExec
_lclose
LockResource
_lcreat
GetModuleFileNameA
CopyFileA
DeleteFileA
SetEvent
OpenEventA
GetStringTypeA
LCMapStringW
GlobalFree
SizeofResource
GetSystemDirectoryA
OutputDebugStringA
VirtualAlloc
GetModuleHandleA
VirtualFree
GetProcAddress
CreateProcessA
GetThreadContext
CloseHandle
ReadProcessMemory
SetThreadContext
ResumeThread
_lwrite
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
LCMapStringA
GetStringTypeW

user32

wsprintfA

advapi32

StartServiceA
StartServiceCtrlDispatcherA
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
QueryServiceStatus
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f676b32bb7d88e9ca01cb6dccfd4e23b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 36KB - Virtual size: 32KB