02f3f7ced451c24d8685caeb9fc9aac5

Sharing

Copy URL Twitter E-mail

General

Target

02f3f7ced451c24d8685caeb9fc9aac5
Size

64KB
MD5

02f3f7ced451c24d8685caeb9fc9aac5
SHA1

491b768b5b3eec48e08e0667dee016ee7303c664
SHA256

79f4efd62a4c4ba9fafcee62358f6b81f80f3789e6cafaa5aa6587c0528a51d7
SHA512

7ea603076114cb40c62ff393667cef605fdb3c10d67980f64730fec4c9e60aa47dd0342baf98817405a3996881fe2467f3a6afb9e26b7b6868f6669134ffb637
SSDEEP

1536:Vfn9oZjr91SAuShInwerpMaOBoDA1DFN+8ucpIOh:t9oZjr91SAVh8PrevomFPucxh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02f3f7ced451c24d8685caeb9fc9aac5

Files

02f3f7ced451c24d8685caeb9fc9aac5
.exe windows:5 windows x86 arch:x86

bf03c4f1e77adc0719a84cf4665342a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
LoadLibraryA
VirtualQuery
GetSystemDirectoryA
GetProcAddress
WideCharToMultiByte
CreateFileW
GetCurrentProcessId
GetCPInfo
GetVersion
FindResourceA
IsBadReadPtr
lstrcmpW
LockResource
GetModuleHandleW
GetTickCount
SetLastError
IsBadWritePtr
TlsFree
VirtualFree
TerminateProcess
ExitProcess
FreeEnvironmentStringsW
GetStringTypeW
VirtualAlloc
GetCommandLineW
GetStdHandle
GetCurrentThreadId
RtlUnwind
lstrlenA
GetConsoleMode
GetLastError
LocalAlloc
FindResourceW

ole32

OleRun
CoTaskMemRealloc
CreateILockBytesOnHGlobal
CoGetObjectContext
CoTaskMemFree
CoGetMalloc
CoSetProxyBlanket
StgCreateDocfile
OleRegGetMiscStatus
CoCreateInstance
CoCreateFreeThreadedMarshaler
CreateDataAdviseHolder
WriteClassStm
CoInitializeEx
CoUnmarshalInterface
OleUninitialize
OleRegEnumVerbs
StringFromGUID2
CoGetInterfaceAndReleaseStream
ReadOleStg
CoFreeUnusedLibraries

msvcrt

_vsnwprintf
fprintf
_initterm
wcsncmp
fseek
atol
malloc
memmove
isdigit
_stricmp
??1type_info@@UAE@XZ
_ftol
_ltow
_snprintf
wcscspn
_wcsdup
_CIsqrt
??0exception@@QAE@ABV0@@Z
__set_app_type
_exit
isleadbyte
strncpy
_vsnprintf
fwrite

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileW
VerQueryValueA

ntdll

RtlCreateUserThread
RtlReleaseResource
RtlGUIDFromString
RtlAcquireResourceExclusive
RtlAppendUnicodeToString
DbgPrint
RtlQueryInformationAcl
RtlCreateEnvironment
NtDuplicateToken
NtDuplicateObject
RtlGetNtProductType
RtlInitializeCriticalSection
RtlGetOwnerSecurityDescriptor
NtQueryAttributesFile
NtQueryObject
NtWriteFile
RtlDeleteCriticalSection
RtlInitializeCriticalSectionAndSpinCount
NtQueryInformationProcess
RtlFormatCurrentUserKeyPath
NtUnmapViewOfSection
RtlQueueWorkItem
RtlSubAuthoritySid
NtCreateFile

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 30KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf03c4f1e77adc0719a84cf4665342a3

Headers

File Characteristics

Imports

kernel32

ole32

msvcrt

version

ntdll

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 30KB - Virtual size: 91KB

.reloc Size: 512B - Virtual size: 483B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 30KB - Virtual size: 91KB

.reloc
Size: 512B - Virtual size: 483B