2826aa87cbc8ffbae80f416bac2a8a44

Sharing

Copy URL Twitter E-mail

General

Target

2826aa87cbc8ffbae80f416bac2a8a44
Size

249KB
MD5

2826aa87cbc8ffbae80f416bac2a8a44
SHA1

48322ebd10d38b3cf04ee1f3ecef1cf6b4e44381
SHA256

18b48a51c85ad5be794d9ffbae882170fe62833c6df43f86b1689edc748ddcd2
SHA512

b54ddcda82bedaea3ec39dc63efd0ea174b3b91d550ced1d6ee19cac37a97ac817490f407d42c02d7cdd6bb49ae38334c0c366e22652d8b48ea19fbb06c26bfc
SSDEEP

6144:9lLIKUXKcr1K6hzj9oxFs49Rm3hIHiWYTlYgBukquGNBe:nsXaco61Zoxl9cSHI29u3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2826aa87cbc8ffbae80f416bac2a8a44

Files

2826aa87cbc8ffbae80f416bac2a8a44
.exe windows:4 windows x86 arch:x86

ba097fc3db74e9561c7b16c0399210a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyExA
QueryServiceStatus
OpenThreadToken
OpenServiceA
OpenSCManagerA
LookupPrivilegeValueA
SetServiceStatus
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerA
RegSetValueExA
RegEnumKeyA
InitializeSecurityDescriptor
StartServiceCtrlDispatcherA
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

setupapi

SetupRemoveFromDiskSpaceListA
SetupQueryDrivesInDiskSpaceListA
SetupDestroyDiskSpaceList
SetupCreateDiskSpaceListA
SetupAddToDiskSpaceListA
SetupFindFirstLineA
SetupFindNextLine
SetupInstallServicesFromInfSectionExA
SetupRemoveInstallSectionFromDiskSpaceListA
SetupRemoveSectionFromDiskSpaceListA
SetupQueueCopySectionA
SetupAddInstallSectionToDiskSpaceListA
SetupAddSectionToDiskSpaceListA
SetupQueueDeleteSectionA

kernel32

HeapSize
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
LoadLibraryA
VirtualQuery
InterlockedExchange
InitializeCriticalSection
QueryPerformanceCounter
GetVolumeInformationA
GetSystemTime
OpenProcess
GetVersionExA
GetModuleHandleA
GetDateFormatA
SizeofResource
CreateEventA
FileTimeToLocalFileTime
GetVersion
GetCommandLineA
GetLocalTime
CreateFileA
RemoveDirectoryA
TlsSetValue
TlsAlloc
SetTapePosition
VirtualProtect
BeginUpdateResourceA
GetSystemInfo
HeapFree
HeapAlloc
GetStartupInfoA
SetLastError
GetCurrentThreadId
GetLastError
TlsFree
TlsGetValue
GetProcAddress
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetLocaleInfoA
RtlUnwind
GetACP
GetOEMCP

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba097fc3db74e9561c7b16c0399210a7

Headers

File Characteristics

Imports

advapi32

setupapi

kernel32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 68KB - Virtual size: 234KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 68KB - Virtual size: 234KB

.reloc
Size: 9KB - Virtual size: 9KB