009cab1e8a599de277764695809a8527

Sharing

Copy URL Twitter E-mail

General

Target

009cab1e8a599de277764695809a8527
Size

549KB
MD5

009cab1e8a599de277764695809a8527
SHA1

8e5a1289e8297f5b981b6634dbcd95e17574533b
SHA256

dc4c872cea6f3361389a3c51cc6c1ae012fcee2d4cfedb8dbbc690d06e936637
SHA512

05faae5c974fbf361a42b14c703aad71c7865e0d58fdea00306826072a0d9f6dea69398a3ab99159a054ff11bcc3238ad1dc6eda0df33a5e5ecb292126421c41
SSDEEP

12288:TSSYWZOeU/XkIBQ7XdyPQ+FY42syjM0VFjPwHjmt8116dKFLufiV:TSSYWZOFwdH+FY/s0hP0jq216kuk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
009cab1e8a599de277764695809a8527

Files

009cab1e8a599de277764695809a8527
.exe windows:5 windows x86 arch:x86

b73b2a5742d430c0e9facd8ee6591646

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

DestroyEnvironmentBlock
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetAppliedGPOListW
CreateEnvironmentBlock
UnregisterGPNotification
RegisterGPNotification
LeaveCriticalPolicySection
GetProfilesDirectoryW

kernel32

_lclose
VirtualFree
VirtualAlloc
VerifyVersionInfoA
VerLanguageNameA
SetUnhandledExceptionFilter
SetLastError
SetFileAttributesW
CancelIo
CreateMutexA
EraseTape
ExitProcess
FileTimeToDosDateTime
FindFirstChangeNotificationW
GetACP
GetAtomNameA
GetCalendarInfoW
GetCommandLineA
GetComputerNameA
GetCurrentThreadId
GetMailslotInfo
GetPrivateProfileStringA
HeapAlloc
IsBadStringPtrA
IsDBCSLeadByte
OpenFileMappingW
OpenMutexA
Process32FirstW
ReadProcessMemory

crtdll

wcsxfrm
vfwprintf
strcmp
sqrt
isleadbyte
clock
atan
abs
_ultoa
_strnset
_ecvt
_execve
_exit
_filelength
_finite
_ftime
_mbctohira
_mbscmp
_mbscpy
_mbsnccnt
_rotr
_stat
wctomb

rpcrt4

MesIncrementalHandleReset
RpcBindingFromStringBindingA
RpcBindingServerFromClient
tree_peek_ndr

version

VerFindFileW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerInstallFileA

ntdll

ZwQueryDefaultUILanguage
ZwOpenThreadToken
RtlTryEnterCriticalSection
RtlOemToUnicodeN
RtlNtStatusToDosError
NtWriteFile
NtQueryInformationFile
NtNotifyChangeKey
NtGetPlugPlayEvent

Exports

Exports

BRnrnzlfhUPtU
DlgeRgva
EmaWeo
fcedGvrxhujszqexEd
hnppntvrirpCat
jbgNukyqj
jgtAQhoXatrwxqduvbA
kbtGVFtcycZgBo
krgjmvic
mxPjrcwfohcvthGu
sjgffj
tspgjkAbYldwEj
usRbfdgkGlcYwYSh
woebXvSCpUjdp
xklrt
ynvjpgbMyHi

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 486KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b73b2a5742d430c0e9facd8ee6591646

Headers

File Characteristics

Imports

userenv

kernel32

crtdll

rpcrt4

version

ntdll

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 486KB - Virtual size: 1.1MB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 486KB - Virtual size: 1.1MB

.rsrc
Size: 26KB - Virtual size: 26KB