10545c5d4a3e98edd4309aa302906bbb

Sharing

Copy URL

Twitter E-mail

General

Target

10545c5d4a3e98edd4309aa302906bbb
Size

148KB
MD5

10545c5d4a3e98edd4309aa302906bbb
SHA1

f0493277641d7ea134fa69db6ec18ab2305676e9
SHA256

d3af87542bf486ac8ce97874b760df900677d4d671f903eb9e113d104a13e4d5
SHA512

355034f2fcc62e5b708f7e3cba9d2542d58eea56913f989aa997285605183c6bdda3e7eb96c0f9d8a9dd37fd4f4242f86fc58b3dd2c494985e16aa3c30f081a0
SSDEEP

1536:LBvXUCMY2zu26MaSNmxwNa/DrwPgcRbViWZRc3/dh4cJJQfZPcDK9h72AiaYuVAZ:LBDt2a2TBaf/DrwPZriWwcjc27iSU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10545c5d4a3e98edd4309aa302906bbb

Files

10545c5d4a3e98edd4309aa302906bbb
.exe windows:4 windows x86 arch:x86

16f33af445cdd5465810dc129de65327

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
WriteProcessMemory
VirtualProtectEx
GetProcAddress
GetModuleHandleA
ResumeThread
SetThreadContext
CreateFileA
GetThreadContext
SuspendThread
CreateProcessA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
IsBadStringPtrA
GetCurrentProcess
CloseHandle
FlushInstructionCache
GetVersionExA
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
TerminateProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetFilePointer
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
FlushFileBuffers

user32

MessageBoxA

comdlg32

GetOpenFileNameA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.2rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

16f33af445cdd5465810dc129de65327

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 14KB - Virtual size: 14KB

.2rdata Size: 80KB - Virtual size: 80KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 14KB - Virtual size: 14KB

.2rdata
Size: 80KB - Virtual size: 80KB