0904f1d130c71fa49587161c3613deb0

Sharing

Copy URL Twitter E-mail

General

Target

0904f1d130c71fa49587161c3613deb0
Size

450KB
MD5

0904f1d130c71fa49587161c3613deb0
SHA1

d03fe27cadc1d004b6497b43bb234374e4be8b21
SHA256

51b9954f31a62f6fc46be59897e05a2c2b6ba39db3c9ca7920cb3f17bd4e8f12
SHA512

7983cc5055397779e0544af8fa055594ce2a0e3639bf30de0791df95f3fdab2e771fabd11b374fdc931f8e374915eeba49ebdf72449d229a26d9d1554ccb716a
SSDEEP

12288:UwEPUqjTJ5Fkwl2Fkrx1hYtnIzoQjpy1k4YgeFd60BWO6ule:Uwupvkkh1OIoDneFdbW5T

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Pinnacle.exe
unpack001/rinst.exe

Files

0904f1d130c71fa49587161c3613deb0
.rar
Pinnacle.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
inst.dat
mc.dat
pk.bin
rinst.exe
.exe windows:4 windows x86 arch:x86

7ca32fe06cef41cf114a012e2f8f89d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpW
lstrcmpiW
GetProcAddress
GetModuleHandleW
GetVersionExW
LoadLibraryW
FreeLibrary
CloseHandle
OpenProcess
GetLastError
MultiByteToWideChar
GetSystemDirectoryW
ReadFile
GetFileSize
CreateFileW
lstrcatW
lstrcpyW
lstrcpynW
CreateDirectoryW
SetFileTime
SystemTimeToFileTime
GetSystemTime
WriteFile
DeleteFileW
CreateProcessW
Sleep
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
SetCurrentDirectoryW
lstrlenW
CopyFileW
GetTempPathW
FileTimeToSystemTime
GetFileTime
TerminateProcess
GetCurrentProcess
GetModuleFileNameW
LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA
GetModuleHandleA

user32

PostMessageW
CharLowerW
FindWindowW

shell32

ShellExecuteW

msvcrt

__getmainargs
??3@YAXPAX@Z
wcscpy
wcslen
memcpy
??2@YAPAXI@Z
wcschr
memset
__p___argv
__p___argc
wcsrchr
__CxxFrameHandler
_EH_prolog
_exit
_XcptFilter
exit
_acmdln
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
snake.exe
snakehk.dll

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 64KB - Virtual size: 68KB

.data Size: 2KB - Virtual size: 24KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 28KB - Virtual size: 28KB

7ca32fe06cef41cf114a012e2f8f89d5

Headers

File Characteristics

Imports

kernel32

user32

shell32

msvcrt

Sections

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 19KB - Virtual size: 19KB

.text
Size: 64KB - Virtual size: 68KB

.data
Size: 2KB - Virtual size: 24KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 28KB - Virtual size: 28KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 19KB - Virtual size: 19KB