04a963e3c0a8a8e3fccae9a18cac9854

Sharing

Copy URL

Twitter E-mail

General

Target

04a963e3c0a8a8e3fccae9a18cac9854
Size

69KB
MD5

04a963e3c0a8a8e3fccae9a18cac9854
SHA1

8749c99222c720e216f9cb21b5b39a141cd30577
SHA256

e35c9fe515ac4c589c2f36881a4f6f0f0ff87be5a22d41e881937d69795dc579
SHA512

0818b0bbb74bc6341bd0ed7491edc13d2bc9a18ff72caceb855469478874897e5bcc260abf2550b73b4a9a33ca22fb3ec369f04f997c64b211d7de50d9fbc9f4
SSDEEP

1536:8azWi7ZAmqpJS7PtHv+ov9f6F7/Az7ECYvi:PKyZAmqpch+Ef6F7/A6i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04a963e3c0a8a8e3fccae9a18cac9854

Files

04a963e3c0a8a8e3fccae9a18cac9854
.exe windows:1 windows x86 arch:x86

e4fdba20a760d8d273ac2258ad888343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

CharNextA
CharUpperA
IsCharUpperA
LoadStringA

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcessId
GetEnvironmentVariableA
GetModuleFileNameA
GetPrivateProfileStringA
GetProcAddress
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
InterlockedExchange
IsBadReadPtr
IsDBCSLeadByte
LeaveCriticalSection
LoadLibraryA
ReadFile
SetFilePointer
Sleep
WriteFile
lstrcpyA
lstrlenA
CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeleteFileA
DosDateTimeToFileTime
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
GetCPInfo
GetCommandLineA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileAttributesA
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetTimeZoneInformation
GetVersion
LoadLibraryA
LocalFileTimeToFileTime
LocalFree
ReadConsoleInputA
ReadFile
ReleaseMutex
SetConsoleCtrlHandler
SetConsoleMode
SetCurrentDirectoryA
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetStdHandle
SetUnhandledExceptionFilter
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WriteConsoleA
WriteFile

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

dbtl50t

_DBChangeWriteFile@4
_DBCreateWriteFile@4
_DBStatusWriteFile@4
_DBToolsFini@4
_DBToolsInit@4

Exports

Exports

_callback_confirm@4
_callback_error@4
_callback_msg@4
_callback_status@4
_callback_usage@4

Sections

BEGTEXT
Size: 49KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DGROUP
Size: 7KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hhqg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e4fdba20a760d8d273ac2258ad888343

Headers

File Characteristics

Imports

user32

kernel32

advapi32

dbtl50t

Exports

Exports

Sections

BEGTEXT Size: 49KB - Virtual size:

DGROUP Size: 7KB - Virtual size:

.bss Size: 1024B - Virtual size:

.idata Size: 3KB - Virtual size:

.edata Size: 512B - Virtual size:

.reloc Size: 2KB - Virtual size:

.rsrc Size: 2KB - Virtual size:

.hhqg Size: 4KB - Virtual size: 4KB

BEGTEXT
Size: 49KB - Virtual size:

DGROUP
Size: 7KB - Virtual size:

.bss
Size: 1024B - Virtual size:

.idata
Size: 3KB - Virtual size:

.edata
Size: 512B - Virtual size:

.reloc
Size: 2KB - Virtual size:

.rsrc
Size: 2KB - Virtual size:

.hhqg
Size: 4KB - Virtual size: 4KB