415abc3bada54767a85be3cb5e94571d

Sharing

Copy URL Twitter E-mail

General

Target

415abc3bada54767a85be3cb5e94571d
Size

974KB
MD5

415abc3bada54767a85be3cb5e94571d
SHA1

d29005d141d1ab4dbd40771e81e9cf896c8aea12
SHA256

e6d9572a92876f3c70a2ab62ba03949eb3b3a0f70bae36fc6f655fe399f0ffdb
SHA512

f7614a6b6d56301e2d3c3bfd4b1b1f164d0884ed46883d7a6201ad1dd74cb7d0b80d7119e9db4ad8713e5fa85a52ccf564de1f44846ee157e9eb5e2f3932d8d8
SSDEEP

24576:mVbkRL84Ha0bQhc9o/BKfmIsvRL4niiTOXTs73CNb/0yf1d6OVe:myL4w9KBSroi3Oj6S006Ie

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
415abc3bada54767a85be3cb5e94571d

Files

415abc3bada54767a85be3cb5e94571d
.exe windows:5 windows x86 arch:x86

7c58682cb88fb0fe6d11827a1aa291ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyW
PathFindExtensionW
StrFormatByteSizeW

comctl32

InitCommonControlsEx

dbghelp

SymInitialize

kernel32

HeapAlloc
LoadLibraryA
FindFirstFileW
DeleteCriticalSection
GetVolumePathNameW
CreateThread
VirtualQuery
GetEnvironmentVariableW
GetEnvironmentStrings
GetStringTypeW
GetDriveTypeA
ReadProcessMemory
GetDriveTypeW
GetProcAddress
HeapCreate
CloseHandle
GetFileType
GetSystemInfo
GetStartupInfoA
RtlCaptureContext
FreeLibrary
CreateProcessW
ExpandEnvironmentStringsW
GetModuleHandleW
GetConsoleMode
GetACP
UnmapViewOfFile
TlsAlloc
ExitThread
WriteFile
LoadLibraryW
LocalFree
LeaveCriticalSection
GetSystemTimeAsFileTime
GetLogicalDriveStringsW
FindNextFileW
MulDiv
FindClose
ResetEvent
SetStdHandle
LocalAlloc
TlsGetValue
GetModuleFileNameW
InterlockedDecrement
HeapReAlloc
GetFullPathNameW
ReadFile
GetFileAttributesExW
InterlockedIncrement
SetEvent
CreateMutexW
RtlUnwind
SetHandleCount
LCMapStringA
GetEnvironmentStringsW
SetEndOfFile
GetTickCount
HeapSize
FileTimeToSystemTime
SetLastError
GetLocaleInfoA
GetLastError
TlsFree
GetProcessHeap
InitializeCriticalSection
FormatMessageW
MoveFileW
SetFilePointer
lstrlenW
GetModuleFileNameA
GetTimeFormatW
UnhandledExceptionFilter
DeleteFileW
GetFileSize
FreeEnvironmentStringsA
GetStdHandle
GetCurrentProcessId
GetStringTypeA
GetCurrentThread
WriteConsoleW
GetCommandLineW
MoveFileExW
VirtualFree
CreateFileA
GetCPInfo
FlushFileBuffers
GetVersionExA
EnterCriticalSection
AddAtomW
WideCharToMultiByte
WriteConsoleA
WaitForSingleObject
GetConsoleCP
Sleep
FileTimeToLocalFileTime
GetCurrentThreadId
GetCommandLineA
HeapDestroy
TerminateProcess
CreateFileMappingW
DebugBreak
ExitProcess
CreateEventW
GetDateFormatW
GetVersionExW
CreateDirectoryW
GetConsoleOutputCP
GetDiskFreeSpaceExW
RaiseException
TlsSetValue
ReleaseMutex
FreeEnvironmentStringsW
IsDebuggerPresent
GetCurrentProcess
GetFileAttributesW
SetUnhandledExceptionFilter
QueryPerformanceCounter
CreateFileW
GetCurrentDirectoryA
HeapFree
GetSystemTime
VirtualAlloc
MapViewOfFile
MultiByteToWideChar
LCMapStringW
GlobalAddAtomA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetOEMCP

user32

PostThreadMessageW
DispatchMessageW
SetCursor
TranslateMessage
UnregisterClassA
CreateDialogParamW
SendDlgItemMessageW
PostQuitMessage
DestroyWindow
wsprintfW
MoveWindow
MessageBoxW
LoadCursorW
EnableWindow
GetClientRect
GetCursor
ShowWindow
LoadBitmapW
ReleaseDC
PostMessageW
GetDlgItem
LoadStringW
RegisterWindowMessageW
GetDC
GetMessageW

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoInitialize
StringFromIID

gdi32

GetDeviceCaps
CreateFontIndirectW
GetStockObject

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHGetFolderPathW
SHFileOperationW

advapi32

CloseServiceHandle
QueryServiceStatusEx
RegSetValueExW
OpenThreadToken
OpenProcessToken
RegCloseKey
RegQueryInfoKeyW
RegEnumValueW
OpenServiceW
RegOpenKeyExW
IsWellKnownSid
DeregisterEventSource
EqualSid
GetTokenInformation
ReportEventW
RevertToSelf
RegLoadKeyW
ConvertStringSidToSidW
RegisterEventSourceW
RegDeleteValueW
RegUnLoadKeyW
RegCreateKeyExW
OpenSCManagerW
ControlService
AdjustTokenPrivileges
RegEnumKeyW
CopySid
GetLengthSid
ImpersonateSelf
LookupPrivilegeValueW
RegQueryValueExW
QueryServiceStatus

Sections

.text
Size: 624KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 320KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c58682cb88fb0fe6d11827a1aa291ac

Headers

File Characteristics

Imports

shlwapi

comctl32

dbghelp

kernel32

user32

ole32

gdi32

version

shell32

advapi32

Sections

.text Size: 624KB - Virtual size: 623KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 320KB - Virtual size: 3.6MB

.rsrc Size: 23KB - Virtual size: 22KB

.text
Size: 624KB - Virtual size: 623KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 320KB - Virtual size: 3.6MB

.rsrc
Size: 23KB - Virtual size: 22KB