62f4a17aaecc626e80043cbe170a6be5

Sharing

Copy URL Twitter E-mail

General

Target

62f4a17aaecc626e80043cbe170a6be5
Size

27KB
MD5

62f4a17aaecc626e80043cbe170a6be5
SHA1

e30da8dd6bac1168e8c415b7beddb2e4444d93d6
SHA256

e2bf990307fab71cf5fe3794be0d4755e891d7789e180ef537025ba1d6aeade3
SHA512

e1b2861dc8df286efef2de3cb1236656f27f24e7c38a049ec79dc9872f8c87724c26b00796e5c6378622c54c6d05ec9f2782c50435a75e5df14e8ed5e942de19
SSDEEP

768:2+1agCg5u1QXgUT0npzGoNuhcGr1wXptfJML1ReyJ:vhCvyXOnJFNuh9rifq1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62f4a17aaecc626e80043cbe170a6be5

Files

62f4a17aaecc626e80043cbe170a6be5
.exe windows:4 windows x86 arch:x86

647e7b92c676036314d9464c1a6afdd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
LoadResource
lstrcmpiA
InterlockedIncrement
UnhandledExceptionFilter
GetTempFileNameA
GlobalAlloc
InterlockedDecrement
lstrcpyA
InitializeCriticalSection
GetTickCount
GlobalFree
FindFirstFileA
GlobalReAlloc
WriteFile
VirtualFree
FindResourceA
GetThreadLocale
IsDBCSLeadByte
LoadLibraryExA
IsDBCSLeadByteEx
CompareFileTime
IsBadWritePtr
TlsGetValue
DisableThreadLibraryCalls
WaitForSingleObject
GetCurrentThread
GlobalHandle
HeapFree
GetModuleHandleA
GetFileTime
TlsSetValue
GetTimeFormatW
FormatMessageW
GetCurrentThreadId
WideCharToMultiByte
LocalFree
GetProcAddress
GetTempPathA
CopyFileA
IsValidCodePage
GetSystemTime
SetEndOfFile
SetFileAttributesA
FlushFileBuffers
GetLocaleInfoA
GetShortPathNameA
CreateFileW
VirtualAlloc
ExitProcess
LoadLibraryA
lstrlenW
GetSystemInfo
ReadFile
TlsAlloc
lstrcatA
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetCPInfo
HeapAlloc
GetLastError
LeaveCriticalSection
SetEvent
GetDateFormatW
GlobalUnlock
EnterCriticalSection
lstrcpynA
GetStringTypeW
InterlockedExchange
GetSystemDefaultLangID
SizeofResource
GetModuleFileNameA
DeleteCriticalSection
lstrlenA
GetCurrentProcessId
GetFileSize
CreateFileA
ResetEvent
GetUserDefaultLCID
SetFilePointer
GetOverlappedResult
FileTimeToSystemTime
FormatMessageA
FindNextFileA
HeapDestroy
FreeLibrary
GetTimeFormatA
GetACP
CloseHandle
TlsFree
CreateEventA
Sleep
GetVersionExA
GetSystemTimeAsFileTime
IsBadReadPtr
HeapCreate
GetTimeZoneInformation
SetUnhandledExceptionFilter
FindClose
GlobalLock
VirtualQuery
SystemTimeToFileTime
GetLocaleInfoW
GetDateFormatA

user32

RegisterWindowMessageA
wsprintfA
DispatchMessageA
CallMsgFilterW
PostThreadMessageA
GetMessageA
CharNextA

shlwapi

StrCatBuffW

cfgmgr32

CM_Get_Version_Ex

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

647e7b92c676036314d9464c1a6afdd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

cfgmgr32

Sections

.text Size: 8KB - Virtual size: 7KB

.idata Size: 3KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 160KB

.reloc Size: 512B - Virtual size: 28B

.rdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.idata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 160KB

.reloc
Size: 512B - Virtual size: 28B

.rdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB