20bcd451eb44c1e9a05227135bbf6c03

Sharing

Copy URL Twitter E-mail

General

Target

20bcd451eb44c1e9a05227135bbf6c03
Size

247KB
MD5

20bcd451eb44c1e9a05227135bbf6c03
SHA1

1fde8e030f658c1148b8eceda67d0c2eaec0b21b
SHA256

cff2f20b5d49bc45bce61ebc278e59ba5602a758f0273f054fdb5cd31292718d
SHA512

46b672dedf1d25d334293e9ff1e98b608a633785b6f47547f529790f4ac38455a834983727bcebb42b56e33f70986ab178f7806cf6bffbef2a8eba4a70a6e423
SSDEEP

6144:82kiPxm0ZS9DCFI7WrvwNSFtUqKqebcIiXr9mj:8o7FFImvwNYryfioj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20bcd451eb44c1e9a05227135bbf6c03

Files

20bcd451eb44c1e9a05227135bbf6c03
.exe windows:2 windows x86 arch:x86

7b08335b8444ef5bb5918855148cc196

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleFileNameW
MultiByteToWideChar
GetLogicalDriveStringsW
VerSetConditionMask
GetPrivateProfileStringW
GlobalAlloc
GetCurrentThreadId
VirtualAlloc
ReleaseMutex
GetLocaleInfoW
GetNumberFormatW
HeapSize
VirtualFree
FindResourceW
LocalFree
GetTimeFormatW
SetFileAttributesW
HeapAlloc
FileTimeToSystemTime
CloseHandle
CloseHandle
LockResource
PrepareTape
FindClose
GetTickCount
EraseTape
ExitThread
RemoveDirectoryW
SetTapePosition
QueryPerformanceCounter
GetCurrentDirectoryW
GetVersionExW
GetVolumeNameForVolumeMountPointW
GetProcessHeap

pdh

PdhBrowseCountersHW
PdhVbUpdateLog
PdhLookupPerfIndexByNameA
PdhExpandCounterPathW
PdhBrowseCountersA
PdhComputeCounterStatistics
PdhBindInputDataSourceW
PdhRemoveCounter
PdhBrowseCountersW
PdhEnumObjectItemsHA
PdhUpdateLogW
PdhParseCounterPathA
PdhEnumObjectItemsA
PdhMakeCounterPathW
PdhGetDefaultPerfObjectA
PdhOpenLogW
PdhValidatePathA
PdhVbGetOneCounterPath
PdhSelectDataSourceA
PdhCreateSQLTablesW
PdhSetLogSetRunID
PdhEnumObjectsA
PdhVbGetLogFileSize

crtdll

_getch
_ismbbkalnum
__isascii
_ultoa
wcsrchr
_strrev
_wcsset
_fpclass
_wcslwr
_baseversion_dll
_mbsnbcat
strspn
_stricoll
wcslen
bsearch
mblen
_putw
_local_unwind2
_beep
_isatty
div
ceil
_futime
_ismbcspace
_mbctoupper
_fcloseall
_findnext
ispunct
_rmtmp
_chdir
sqrt
_fullpath
_get_osfhandle
_HUGE_dll
_ismbcalpha
_CIpow
_osver_dll
towupper
_amsg_exit
_dup
wcscoll
_cprintf
_yn
sprintf
mbtowc
_execvp
ftell
_fpieee_flt
fputs
_open
_CIsinh
_creat
_itow
fputwc
_strdec
_strnset
_mbsncat
_wcsicoll
fflush
_strupr
_stat
swscanf
_seterrormode
_spawnv
_mbsncpy
_mbccpy
__iscsym
pow
_ismbcprint
_ftime
_getche
_chsize
_findfirst
_lfind
strtoul
_ismbblead
cos
_ismbclegal
_sys_errlist
ungetc
atan
rand
_ismbcsymbol
_control87
_winmajor_dll
_matherr
_winver_dll
__threadhandle
_mbsnbcmp
wscanf
_splitpath
_pipe
_wcsnset
_mbsdup
atoi
vfwprintf
_mbctype
_ismbchira
qsort
_fputchar
_open_osfhandle
_tzname
_chmod
_cabs
_mkdir
isspace
__argc_dll
mbstowcs
_CIcosh
_searchenv
calloc
setvbuf
_mbsnbcpy
_mbsrchr
_pgmptr_dll
_c_exit
strcpy
_mbsnbset
tmpnam
_fdopen
fgetwc
_chgsign
_controlfp
_sys_nerr_dll
atol
iswlower
_mbctokata
_environ_dll
_spawnlpe
strtol
_vsnwprintf
wcschr
feof
_filbuf

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b08335b8444ef5bb5918855148cc196

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

pdh

crtdll

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 27KB - Virtual size: 26KB

.rsrc Size: 146KB - Virtual size: 716KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 146KB - Virtual size: 716KB