161ab8c519f827cf77152349653ed726

General

Target

161ab8c519f827cf77152349653ed726
Size

224KB
MD5

161ab8c519f827cf77152349653ed726
SHA1

b1ce827f19ae6373dc2029a5b8a885b0281ab39c
SHA256

5a3b1d8ef0a435304c886035d2b7cc76b5ab4df2512bc05cb53af88ca42edd1c
SHA512

c8d8d4db5b8c2a414de7880717cdb1029b078f2b8f47f8267ee154e0de7bc455a1c8359d3d21df28c66050dc41e9dcba3ef0088e54168bd2110eb50db065a078
SSDEEP

6144:Orkg5hveZ6LEmpZDtkIDkwbuStu1eft6X:Rg5hHFVDBbc1s8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
161ab8c519f827cf77152349653ed726

Files

161ab8c519f827cf77152349653ed726
.exe windows:5 windows x86 arch:x86

c0e4cd8f7785dcd16890fb65dfb3bcf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtSuspendThread
NtSetSystemInformation
RtlCreateTimer
ZwOpenSection
RtlCompareMemory
ZwQuerySystemInformation
RtlFillMemory
NtQueryValueKey
NtCreateSection
RtlExitUserThread
NtWriteFile
RtlCancelTimer
RtlCompareUnicodeString

kernel32

MoveFileExA
GetProcessHeap
WriteConsoleW
VirtualProtect
IsDebuggerPresent
OutputDebugStringA
SetUnhandledExceptionFilter
HeapCreate
SetThreadAffinityMask
MapViewOfFileEx
GetSystemTime
QueryPerformanceFrequency
GetTempPathA
GetCurrentThread
GetFileSize
FindFirstChangeNotificationA
LockFileEx
OpenProcess
GetCurrentThreadId
RemoveDirectoryA
FormatMessageA
GlobalLock
GetFileTime
SetFileAttributesW
FreeEnvironmentStringsW
ExitThread
WriteConsoleA
GetWindowsDirectoryA
GetCommandLineW
GetVolumeInformationA
OpenEventA
GetACP
CompareStringA
SystemTimeToFileTime
HeapAlloc
GetCurrentProcessId
GetCommandLineA
VirtualFree
GetLogicalDriveStringsA
LocalFileTimeToFileTime
GlobalFree
CreateEventA
GetLongPathNameA
ReleaseSemaphore
FindFirstFileExA
DeleteFileA
CopyFileExW
WritePrivateProfileSectionA
LoadLibraryW
SetEnvironmentVariableA
GlobalSize
TerminateThread
SetProcessAffinityMask
GetCommandLineA
TlsGetValue
SleepEx
HeapFree
CompareStringW
FileTimeToLocalFileTime

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0e4cd8f7785dcd16890fb65dfb3bcf0

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 180KB - Virtual size: 180KB

.data Size: 41KB - Virtual size: 40KB

.rsrc Size: 2KB - Virtual size: 4KB

.text
Size: 180KB - Virtual size: 180KB

.data
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 2KB - Virtual size: 4KB