2692617da44663bbcd09fa343df43674

Sharing

Copy URL

Twitter E-mail

General

Target

2692617da44663bbcd09fa343df43674
Size

150KB
MD5

2692617da44663bbcd09fa343df43674
SHA1

b10f6383c89e34de01f4dd4bf67377ebcdfe3cd9
SHA256

791338a0f41af2e57ceff7df8236669045201ec78e98dcf36f43d9f1438cb8fe
SHA512

892772a5b477c7bbddcd995a1945785778ec9be4e3f125f141f52e640c0b3fbd0e6eb3b13045f52b9e01e9086cf2c6be6a0dcc101fe1f4307c3f2cfc3d9f833f
SSDEEP

3072:T+qtxIIaFWkVxQQnIThWtmidMKv6DpP0l7M6msLPXvER4fJ:iTItQKQKa6Dp+QKER4fJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2692617da44663bbcd09fa343df43674

Files

2692617da44663bbcd09fa343df43674
.exe windows:5 windows x86 arch:x86

8b4f54baa7aa4c1f2732d039486d5b4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
CloseServiceHandle
QueryServiceStatus
ControlService
OpenServiceA
OpenSCManagerA
AllocateAndInitializeSid
OpenProcessToken
OpenThreadToken
CopySid
GetTokenInformation
FreeSid
EqualSid
AdjustTokenPrivileges
LookupPrivilegeValueA
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
RegEnumKeyExA
RegEnumValueA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyA

kernel32

FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
Sleep
GetCurrentProcess
GetCurrentThread
CloseHandle
lstrlenA
LocalFree
FormatMessageA
lstrcmpiA
OutputDebugStringA
GetSystemDirectoryA
lstrcatA
lstrcpyA
SetFileAttributesA
CreateFileA
DeleteFileA
GetFileAttributesA
RemoveDirectoryA
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
GetDriveTypeA
GetWindowsDirectoryA
GetEnvironmentVariableA
lstrcpynA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitProcess
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle
VirtualProtect
GetSystemInfo
FlushFileBuffers
ReadFile

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

msi

ord8
ord200
ord117
ord160
ord159
ord31
ord91

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.adata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b4f54baa7aa4c1f2732d039486d5b4c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

shell32

msi

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 3KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.adata Size: 72KB - Virtual size: 72KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.adata
Size: 72KB - Virtual size: 72KB