1863255e2c00e967f0e216c329a4d004

General

Target

1863255e2c00e967f0e216c329a4d004
Size

96KB
MD5

1863255e2c00e967f0e216c329a4d004
SHA1

fc65b4f251564421eec9c1b4ebb6a1e421068877
SHA256

40e6d62000cb79c29361e2737d7b2fc96ce33a833a9d6b6503cdd285d5c157eb
SHA512

4be3c77199754e9a48132b22e41b527d01d4e6f857bc26b8ff3339716d801f8a9d786af9d6b2ca53d18529716d00144ebf906f742a8b9200cb38d551c6c12bae
SSDEEP

1536:ueltrTOLuDGbf6Xs1TzlvHKHQqRcOzoAS009+nEQAsjxyY:ueXGb1lvHmQAc6NS00SAsjoY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1863255e2c00e967f0e216c329a4d004

Files

1863255e2c00e967f0e216c329a4d004
.exe windows:4 windows x86 arch:x86

8dc3c8f80345b8443d9f94de53ac47e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetLocaleInfoA
GetThreadLocale
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
GetCommandLineA
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
lstrcpyA
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
GetVersionExA
lstrcatA
GetTickCount
Sleep
GetCurrentProcess
CloseHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
GetStartupInfoA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr
GetStringTypeW

advapi32

OpenSCManagerA
CreateServiceA
ChangeServiceConfigA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenServiceA
CloseServiceHandle
QueryServiceStatus
StartServiceA
OpenProcessToken
GetTokenInformation

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8dc3c8f80345b8443d9f94de53ac47e2

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 52KB - Virtual size: 52KB