65b712ca09bba28130a2da13be851ae1

Sharing

Copy URL

Twitter E-mail

General

Target

65b712ca09bba28130a2da13be851ae1
Size

64KB
MD5

65b712ca09bba28130a2da13be851ae1
SHA1

0c98ef02fce66aba5a5a4209d1dbcec9b984f4a6
SHA256

b796e88888a2c4a4bdf5761bf7adf647de333c7af9861c28aa8a174cf12fc85e
SHA512

a4e609b18512ac901cf4c4f117808d39ddbb499ca5fcfec9f8df9be7d4d2c4913c4973395be2c20d5b240b0050da5b65d30e8e3d988af3fa615406163957588f
SSDEEP

1536:VfS9oZjr91SAuShInwerpMaOBoDA1DFN+8ucpIOh:o9oZjr91SAVh8PrevomFPucxh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65b712ca09bba28130a2da13be851ae1

Files

65b712ca09bba28130a2da13be851ae1
.exe windows:5 windows x86 arch:x86

bf03c4f1e77adc0719a84cf4665342a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
LoadLibraryA
VirtualQuery
GetSystemDirectoryA
GetProcAddress
WideCharToMultiByte
CreateFileW
GetCurrentProcessId
GetCPInfo
GetVersion
FindResourceA
IsBadReadPtr
lstrcmpW
LockResource
GetModuleHandleW
GetTickCount
SetLastError
IsBadWritePtr
TlsFree
VirtualFree
TerminateProcess
ExitProcess
FreeEnvironmentStringsW
GetStringTypeW
VirtualAlloc
GetCommandLineW
GetStdHandle
GetCurrentThreadId
RtlUnwind
lstrlenA
GetConsoleMode
GetLastError
LocalAlloc
FindResourceW

ole32

OleRun
CoTaskMemRealloc
CreateILockBytesOnHGlobal
CoGetObjectContext
CoTaskMemFree
CoGetMalloc
CoSetProxyBlanket
StgCreateDocfile
OleRegGetMiscStatus
CoCreateInstance
CoCreateFreeThreadedMarshaler
CreateDataAdviseHolder
WriteClassStm
CoInitializeEx
CoUnmarshalInterface
OleUninitialize
OleRegEnumVerbs
StringFromGUID2
CoGetInterfaceAndReleaseStream
ReadOleStg
CoFreeUnusedLibraries

msvcrt

_vsnwprintf
fprintf
_initterm
wcsncmp
fseek
atol
malloc
memmove
isdigit
_stricmp
??1type_info@@UAE@XZ
_ftol
_ltow
_snprintf
wcscspn
_wcsdup
_CIsqrt
??0exception@@QAE@ABV0@@Z
__set_app_type
_exit
isleadbyte
strncpy
_vsnprintf
fwrite

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileW
VerQueryValueA

ntdll

RtlCreateUserThread
RtlReleaseResource
RtlGUIDFromString
RtlAcquireResourceExclusive
RtlAppendUnicodeToString
DbgPrint
RtlQueryInformationAcl
RtlCreateEnvironment
NtDuplicateToken
NtDuplicateObject
RtlGetNtProductType
RtlInitializeCriticalSection
RtlGetOwnerSecurityDescriptor
NtQueryAttributesFile
NtQueryObject
NtWriteFile
RtlDeleteCriticalSection
RtlInitializeCriticalSectionAndSpinCount
NtQueryInformationProcess
RtlFormatCurrentUserKeyPath
NtUnmapViewOfSection
RtlQueueWorkItem
RtlSubAuthoritySid
NtCreateFile

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 30KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf03c4f1e77adc0719a84cf4665342a3

Headers

File Characteristics

Imports

kernel32

ole32

msvcrt

version

ntdll

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 30KB - Virtual size: 91KB

.reloc Size: 512B - Virtual size: 483B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 30KB - Virtual size: 91KB

.reloc
Size: 512B - Virtual size: 483B