28b94c9ac4dbb4ef470ada008ee3d481

General

Target

28b94c9ac4dbb4ef470ada008ee3d481
Size

81KB
MD5

28b94c9ac4dbb4ef470ada008ee3d481
SHA1

28262c5dcfdec8ed50067039084a3cec953b6e0e
SHA256

c64ab51bcf6cb510b0c6968676826b71939fe8a397e382acdef6fa602acda83c
SHA512

a5faa228b5a7f8ae7c020c173bb0c5c9b4f382fe13e2cd81e493b2376909d78bc7adec3cab16568b98f806acb0d2fdb723f2e4963309bfeb5c13005513d22edc
SSDEEP

1536:jdJbEXo9FlIowD9THv34MyDCQ8ijjyae8dB9SaHCz1ms+Dkj:xhmo9Fln8RI7pyaeaB9VC4Dk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28b94c9ac4dbb4ef470ada008ee3d481

Files

28b94c9ac4dbb4ef470ada008ee3d481
.exe windows:5 windows x86 arch:x86

7c992c88ad08ae279cb8d55be9185e12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadWritePtr
VirtualAlloc
lstrlenW
GetFileAttributesA
GetFileAttributesW
GetExitCodeProcess
GetACP
lstrcpyW
GetCurrentProcess
SetHandleCount
GetConsoleMode
GetStdHandle
GetCommandLineW
EnterCriticalSection
ExitProcess
GetFileSize
LockResource
ResumeThread
GetProcessHeap
GetSystemTime
GetSystemTimeAsFileTime
GetProcAddress
VirtualProtect
CreateFileA

ole32

CoMarshalInterface
StgIsStorageFile
CLSIDFromString
MkParseDisplayName
PropVariantCopy
CoUnmarshalInterface
OleRegEnumFormatEtc
StgCreateDocfileOnILockBytes
CreateOleAdviseHolder
CoMarshalInterThreadInterfaceInStream
CoRegisterClassObject
CreateDataAdviseHolder
CreateBindCtx
CoImpersonateClient

version

GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueA
VerFindFileW
VerQueryValueW

ntdll

RtlRunEncodeUnicodeString
RtlInitializeCriticalSection
NtConnectPort
NlsMbOemCodePageTag
_wcslwr
RtlQueryEnvironmentVariable_U
RtlCreateUnicodeStringFromAsciiz
NtOpenProcess
RtlInitializeCriticalSectionAndSpinCount
RtlGetDaclSecurityDescriptor
NtSetInformationThread
NtUnmapViewOfSection
NtFsControlFile
RtlUnicodeToMultiByteN
NtQueryDirectoryFile
NtEnumerateValueKey
RtlDestroyEnvironment
RtlFreeUnicodeString
RtlAcquireResourceShared

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7c992c88ad08ae279cb8d55be9185e12

Headers

File Characteristics

Imports

kernel32

ole32

version

ntdll

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 56KB - Virtual size: 117KB

.idata Size: 8KB - Virtual size: 8KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 56KB - Virtual size: 117KB

.idata
Size: 8KB - Virtual size: 8KB