07ca160c517b6936ff02218294e07a0d

Sharing

Copy URL

Twitter E-mail

General

Target

07ca160c517b6936ff02218294e07a0d
Size

400KB
MD5

07ca160c517b6936ff02218294e07a0d
SHA1

24c9c5a3534289214c6af51040eda240bf14ab99
SHA256

e675053cecf40306c99cfa9b4f0d0313d9bb8ddf8537458ff6b8d6eb9278bcd0
SHA512

9e843a010ff58f806e122797012780a092357e3c23337657157f9f225c03d4301f3d8a75d91a113f0275a6544551036312697294ae1a75953df182bc9f54b5bc
SSDEEP

6144:kmfATGEOMRBkxPGSM3Z45fIy4IMbX+n04V/qanNtR7xU7MZQY3Q5NsuU:347eeSM3wx4IS4d7S7mw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07ca160c517b6936ff02218294e07a0d

Files

07ca160c517b6936ff02218294e07a0d
.exe windows:4 windows x86 arch:x86

f834f393a7d40a4038c853f297cd54a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcpynA
lstrlenA
lstrcmpiA
GetLastError
WinExec
GetModuleHandleA
OpenProcess
TerminateProcess
MoveFileExA
GetVersion
WritePrivateProfileStringA
DeviceIoControl
GetSystemDirectoryA
WriteFile
GetCurrentProcess
DeleteFileA
CreateFileA
LoadLibraryA
CloseHandle
GetVersionExA
GetModuleFileNameA
LoadLibraryExA
FreeLibrary
GetProcAddress
GlobalAlloc
GetTempPathA
GetSystemDefaultLangID
GlobalFree
HeapFree
LCMapStringA
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
IsBadCodePtr
IsBadReadPtr
GetStringTypeA
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
VirtualFree
GetEnvironmentStringsW
HeapAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate

user32

MessageBoxA
wsprintfA
ExitWindowsEx

advapi32

OpenSCManagerA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
CreateServiceA
CloseServiceHandle
RegCloseKey
StartServiceA
ControlService
OpenServiceA
OpenProcessToken
LookupPrivilegeValueA
DeleteService
RegEnumValueA
RegSetValueExA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f834f393a7d40a4038c853f297cd54a2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

shlwapi

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 364KB - Virtual size: 364KB

.rsrc Size: 4KB - Virtual size: 928B

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 364KB - Virtual size: 364KB

.rsrc
Size: 4KB - Virtual size: 928B