3a79edcd2333c4c5708baaba12a00153

Sharing

Copy URL Twitter E-mail

General

Target

3a79edcd2333c4c5708baaba12a00153
Size

176KB
MD5

3a79edcd2333c4c5708baaba12a00153
SHA1

b8b350c36f5be6c73391a6f744a11db005e5e37e
SHA256

10cd235bb4d5dc23c3c21e143c693309df3a019a625111313138cb4337887f8f
SHA512

a13ce3c09095e02c5878cb4e10b50865eeed3c75290a4f75398d8430381a7cfe2ccb1e1015432edbc4999520c7c1addd18a8f4570eefc7c5fcb840cbed686fa0
SSDEEP

1536:fM6Z9HyHnNmrxSkDaSFDaubF03EoSn2JyMugGhqkcJ:fXZZRrFDaEaub23EHnauqkcJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a79edcd2333c4c5708baaba12a00153

Files

3a79edcd2333c4c5708baaba12a00153
.exe windows:4 windows x86 arch:x86

6922d9ac01e39e63e1b56e136a5bb2b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hpainst

UninstallHpaDrv

fixdll

ord1
ord2

hidepart

fnHidePart

kernel32

CreateProcessA
GetLastError
GetSystemDirectoryA
SetFileAttributesA
CreateDirectoryA
DeleteFileA
CloseHandle
WaitForSingleObject
InterlockedIncrement
SetHandleCount
GetEnvironmentStringsW
FlushFileBuffers
GetStringTypeA
LCMapStringW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetStringTypeW
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
LCMapStringA
IsBadWritePtr
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
SetFilePointer
SetConsoleCtrlHandler
GetOEMCP
IsBadReadPtr
HeapValidate
GetCPInfo
GetACP
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
MultiByteToWideChar

user32

MessageBoxA

advapi32

RegCreateKeyA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.CHONG
Size: 4KB - Virtual size: 155B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6922d9ac01e39e63e1b56e136a5bb2b4

Headers

File Characteristics

Imports

hpainst

fixdll

hidepart

kernel32

user32

advapi32

shell32

Sections

.text Size: 136KB - Virtual size: 132KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.CHONG Size: 4KB - Virtual size: 155B

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB

.CHONG
Size: 4KB - Virtual size: 155B