03f1fadae981abd6ee0ed0ccfc35e8a0

Sharing

Copy URL Twitter E-mail

General

Target

03f1fadae981abd6ee0ed0ccfc35e8a0
Size

82KB
MD5

03f1fadae981abd6ee0ed0ccfc35e8a0
SHA1

72ceba4a0c74ad522efc0a1830fccbf0f0a8ffeb
SHA256

cfea464d9d79a3e23b24d83a5f5558677489c367eba1992c5d02d5b905ab0c36
SHA512

9dfae8dd56c38432214d77b23bae3a726eed63c8ffb1035f42aed67209e4cb4b5b043c0b814c87f12488e19de64a644f953e41085a1f7667da5f14cc0a18ad4b
SSDEEP

1536:Fp6kRm5zOyXdWsq82ETm1fCXL4l3YTE8E6C:Fp6/5zOyNWk2QCfCXL4lYT9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03f1fadae981abd6ee0ed0ccfc35e8a0

Files

03f1fadae981abd6ee0ed0ccfc35e8a0
.exe windows:4 windows x86 arch:x86

4c1ad6098efc3673fbf261a5bf7b7e06

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharLowerBuffA
LoadStringA
CharUpperBuffA

advapi32

RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegOpenKeyA
RegQueryInfoKeyA

cfgmgr32

CM_Locate_DevNode_ExA
CM_Get_Child_Ex
CM_Get_Sibling_Ex
CM_Get_DevNode_Registry_Property_ExA

kernel32

HeapFree
lstrcmpiA
lstrcmpA
GetStringTypeW
GetVersionExA
GetLastError
CreateMutexA
SetLastError
lstrlenA
lstrcpyA
CreateDirectoryA
SetCurrentDirectoryA
GetWindowsDirectoryA
RtlZeroMemory
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
WideCharToMultiByte
GetFileAttributesA
GetFullPathNameA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
lstrcatA
HeapAlloc
GetProcessHeap
VirtualFree
SetFileAttributesA
CloseHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetStringTypeA
GetFileType
ReadFile
WriteFile
SetFilePointer
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
VirtualAlloc
SetEndOfFile
SetHandleCount
GetStdHandle
SetStdHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
GetACP
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
RtlUnwind
LCMapStringA
LCMapStringW

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c1ad6098efc3673fbf261a5bf7b7e06

Headers

File Characteristics

Imports

user32

advapi32

cfgmgr32

kernel32

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 12KB - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 8KB