11e849a8a401676508e752855a15dc3b

General

Target

11e849a8a401676508e752855a15dc3b
Size

222KB
MD5

11e849a8a401676508e752855a15dc3b
SHA1

0599fb1d58b968525039894cb9f9da888b4d72bd
SHA256

9e142e39e20e5cc873510964447910e39362295ab7e3906a60d24acc4563c6fb
SHA512

83e0c7195cc4a01406bcc73afa75c6ae55241ac37a98396016c71a9fdf6e3ab996d98f52c889a8dd0124b5563bce88972a9abb0aef4c4904c727912337aeb140
SSDEEP

6144:3ua1fbrjepLgBdp9waNf3dzaiI8BZKwn5bn3m:e0eZ8f3AiI8t5L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11e849a8a401676508e752855a15dc3b

Files

11e849a8a401676508e752855a15dc3b
.exe windows:4 windows x86 arch:x86

ae6b0e0d65bed3d721e117c96bba85c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadWritePtr
GetStartupInfoA
GetOEMCP
GetFileType
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStringsW
GetCurrentProcess
TlsSetValue
VirtualAlloc
GetStdHandle
MultiByteToWideChar
HeapReAlloc
SetLastError
EnterCriticalSection
SetHandleCount
HeapCreate
InterlockedExchange
GetModuleFileNameA
InitializeCriticalSection
WriteFile
ExitProcess
LCMapStringW
WideCharToMultiByte
GetTimeFormatA
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetVersion
GetACP
QueryPerformanceCounter
DeleteCriticalSection
TlsGetValue
GetCommandLineA
VirtualQuery
GetCurrentThreadId
GetStringTypeW
HeapAlloc
TlsFree
HeapFree
TransactNamedPipe
TerminateProcess
GetCurrentProcessId
GetEnvironmentStrings
LCMapStringA
VirtualFree
GetModuleHandleW
GetCPInfo
GetStringTypeA
LeaveCriticalSection
GetCurrentThread
HeapDestroy
GetProcAddress
TlsAlloc
FreeEnvironmentStringsW
GetLastError
GetModuleHandleA

advapi32

RegQueryInfoKeyW
LookupPrivilegeNameW
CryptEnumProviderTypesW
CryptDuplicateKey
CryptExportKey
DuplicateToken
InitiateSystemShutdownW
CryptGenKey
CryptDestroyKey
CryptHashSessionKey
RegRestoreKeyA
RegSetKeySecurity
CryptGenRandom
RegDeleteValueW
RegEnumValueW
RevertToSelf
RegCloseKey

shell32

SHFileOperationA
SHGetDataFromIDListW
RealShellExecuteA
ShellHookProc
SHGetPathFromIDListW
SHInvokePrinterCommandW
DragQueryPoint
DragQueryFile
SHLoadInProc
DuplicateIcon
ExtractIconEx

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae6b0e0d65bed3d721e117c96bba85c3

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

Sections

.text Size: 110KB - Virtual size: 110KB

.data Size: 105KB - Virtual size: 105KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 110KB - Virtual size: 110KB

.data
Size: 105KB - Virtual size: 105KB

.rsrc
Size: 5KB - Virtual size: 4KB