0403aa406a9cea6bea024386cb8082c2

General

Target

0403aa406a9cea6bea024386cb8082c2
Size

225KB
MD5

0403aa406a9cea6bea024386cb8082c2
SHA1

5b5627fc51fa31e6e9d5dd0e648eef824903f6f4
SHA256

3a34f88bc6e0080a6ba9cfbfca5785f38a05104f750af359a44da0c9491832d9
SHA512

8635eedc62083fc0a38fb9a918ded3302b74297aa11c01b9bf25d6edecfebe95bf9d7b44b09ce785b19b8e4c2e298c8f0cc353192c1b04b73dad301c05fb9dbc
SSDEEP

6144:N6SAu7en7hxUcTK6kzMcHwWm9xNRREqAvaO6vHR:9ALn7hxfK6kzMum9fEJwR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0403aa406a9cea6bea024386cb8082c2

Files

0403aa406a9cea6bea024386cb8082c2
.exe windows:5 windows x86 arch:x86

9062054599dd0e22c702710aa9cbbb13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateFile
RtlInitializeSid
RtlLengthSecurityDescriptor
DbgBreakPoint
NtCreateEvent
NtQueryInformationFile

msvcrt

wcslen
strchr
memmove
_pctype
__p__commode
exit
__set_app_type
__winitenv
realloc
_wcsicmp
__wgetmainargs

ulib

?IsValueSet@ARGUMENT@@QAEEXZ
??1STREAM_MESSAGE@@UAE@XZ
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
??0ARRAY@@QAE@XZ
??0LONG_ARGUMENT@@QAE@XZ
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ

kernel32

InterlockedIncrement
GetStdHandle
GetProcessHeap
GetACP
GetCommandLineW
GetThreadLocale
InterlockedExchange
InterlockedDecrement
GetLocalTime
GetComputerNameW
GlobalUnlock
GetTimeFormatW
VirtualFree
GetModuleFileNameA
VirtualAlloc
lstrlenA

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9062054599dd0e22c702710aa9cbbb13

Headers

File Characteristics

Imports

ntdll

msvcrt

ulib

kernel32

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 1KB - Virtual size: 232KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 1KB - Virtual size: 232KB

.reloc
Size: 4KB - Virtual size: 4KB