19836ed232f94813397379b8901924b0

Sharing

Copy URL

Twitter E-mail

General

Target

19836ed232f94813397379b8901924b0
Size

315KB
MD5

19836ed232f94813397379b8901924b0
SHA1

7603862b1260fb6b14ba318f17928b58373947fc
SHA256

c264ea959412bb826b9820228d4d5fb3a837a898635d5deb87b13ea0f4452324
SHA512

130d40e945f27cc508755146fefaeb17e862df3e6f6a8dbdfa74adad99cfb36c4d9ba772ae8ad055adc303e187a29fba73aa51fb4d14f65c38c6bb0aa0f95ffa
SSDEEP

6144:DKC8oFOxX2lBwgGeYwYcqp7igth/imFQ5YGq/eOMOXT48NP/R:OC/Kg+zpGgh/GgeOMsT48N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19836ed232f94813397379b8901924b0

Files

19836ed232f94813397379b8901924b0
.exe windows:5 windows x86 arch:x86

48b607322a1d2ea97f614406c51bee63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tapi32

lineClose
lineShutdown
lineOpen
lineNegotiateAPIVersion
lineGetDevCapsW
lineInitializeExW
lineGetID

advapi32

RegOpenKeyExA
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegOpenKeyA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfigA
RegEnumKeyA
StartServiceA
RegQueryValueExW
RegOpenKeyW
RegQueryValueExA

kernel32

GetLastError
CloseHandle
HeapFree
GetStringTypeW
GetSystemInfo
FreeLibrary
GetProcAddress
GetTempPathW
HeapAlloc
lstrcpyA
WriteFile
GetShortPathNameW
GetModuleHandleA
CreateDirectoryW
VirtualAlloc
GetProcessHeap
CreateFileA
GetStringTypeA
GetLocaleInfoA
VirtualQuery
ExitProcess
GetCPInfo
LoadLibraryA
DeleteFileW
MultiByteToWideChar
VirtualFree
lstrcmpiW
Sleep
LCMapStringA
GetTempFileNameW
WideCharToMultiByte
VirtualProtect
lstrlenA
GlobalFree
lstrcmpiA
LCMapStringW
lstrcmpA
LoadLibraryW
GetTickCount
GlobalAlloc
GetVersionExA
FormatMessageA

setupapi

SetupDiGetClassDevsW
SetupDiSetClassInstallParamsA
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupPromptForDiskA
SetupDiGetDeviceInstanceIdW
SetupCloseInfFile
SetupGetSourceFileLocationA
SetupDiCallClassInstaller
SetupGetSourceInfoA
SetupOpenMasterInf
SetupDiCreateDeviceInfoList

ntdll

LdrGetDllHandle
NtAllocateVirtualMemory
RtlUshortByteSwap

user32

wsprintfA

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

48b607322a1d2ea97f614406c51bee63

Headers

DLL Characteristics

File Characteristics

Imports

tapi32

advapi32

kernel32

setupapi

ntdll

user32

ole32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 285KB - Virtual size: 284KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 285KB - Virtual size: 284KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB