61ab107f560024b8783e30d281dba639

Sharing

Copy URL

Twitter E-mail

General

Target

61ab107f560024b8783e30d281dba639
Size

36KB
MD5

61ab107f560024b8783e30d281dba639
SHA1

9d8ecffbb9d395f157c273d6dc1ce4a175375428
SHA256

e3293f7f338e844e98ea4548da11f5ef4806985e33f3810aebf8b7b786d85a6b
SHA512

b9501c171b98cfbddf1e4ff4c97c701afd8667b018f7776642422cfc8ac731a42b28743d62557bd57444e95379a9eb298c9de14002d56079a6220a10bc10d9bf
SSDEEP

768:wgpHZ/t0PNUQg+vQtkOLghyyATTIcmH0oOa:drF0PNtgmOLLyjcDo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61ab107f560024b8783e30d281dba639

Files

61ab107f560024b8783e30d281dba639
.exe windows:4 windows x86 arch:x86

86693bd8be3b57d3fb57a64d1d1778be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
WaitForSingleObject
OpenProcess
lstrcpyA
GetModuleFileNameA
FreeLibrary
FindClose
FindNextFileA
FindFirstFileA
CreateThread
LoadLibraryA
GetProcAddress
DeleteFileA
lstrcmpA
RemoveDirectoryA
GetWindowsDirectoryA
MoveFileExA
GetShortPathNameA
GetFileSize
lstrcatA
CreateFileA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
SetEndOfFile
CloseHandle
SetFilePointer
GetCurrentProcess
GetCurrentThread
GetLastError
lstrcmpiA
lstrlenA
LocalFree
GetStartupInfoA
WriteFile
RtlUnwind
HeapReAlloc
VirtualAlloc
GetVersionExA
LocalAlloc
ExitProcess
GetOEMCP
GetCPInfo
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
HeapAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetACP
GetStdHandle
GetFileType
TerminateProcess
GetModuleHandleA
FreeEnvironmentStringsW
GetCommandLineA
GetVersion
UnhandledExceptionFilter
FreeEnvironmentStringsA
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount

user32

SetDlgItemTextA
wsprintfA
DialogBoxParamA
PostMessageA
SendMessageA
GetWindowThreadProcessId
FindWindowA
EndDialog
ExitWindowsEx
LoadImageA
GetSystemMetrics
LoadIconA
EnableMenuItem
GetSystemMenu
EnableWindow
ShowWindow
GetDlgItem

advapi32

AllocateAndInitializeSid
OpenProcessToken
IsValidSecurityDescriptor
AccessCheck
SetSecurityDescriptorOwner
FreeSid
SetSecurityDescriptorGroup
RevertToSelf
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenThreadToken
GetLengthSid
RegCloseKey
RegDeleteValueA
ImpersonateSelf
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegFlushKey
AdjustTokenPrivileges
RegQueryValueExA
LookupPrivilegeValueA

ws2_32

WSACleanup
WSAStartup
WSCUnInstallNameSpace
WSAGetLastError
WSCInstallProvider
WSCDeinstallProvider
WSCGetProviderPath
WSCEnumProtocols

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86693bd8be3b57d3fb57a64d1d1778be

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB