76f7d8063a18b4dadbfc32d4028c0ac2

General

Target

76f7d8063a18b4dadbfc32d4028c0ac2
Size

335KB
MD5

76f7d8063a18b4dadbfc32d4028c0ac2
SHA1

5e5478451b4499d210c234cd2d2f63019d29a9b8
SHA256

52c8dec927b94a9d5fd728c54f4274ca4abd9c158905f51295137b1170793589
SHA512

2c7c2ac9db64b88e283f7c87d07f882ba178076ea288c7c6230c38e164aa1e4b17ffe4436608883eabfbf2cd42945a50ebca33d984309fdb3f8be67c9fa9b81d
SSDEEP

6144:FBBRNgSDMNusvl554CAFdmr2CaIQAoOvrPsD2FuGByKQdJ1Hy3jO:P6+MNT5NAFdGaGvrO2F6d3y3a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76f7d8063a18b4dadbfc32d4028c0ac2

Files

76f7d8063a18b4dadbfc32d4028c0ac2
.exe windows:4 windows x86 arch:x86

cb4bc6601a5efc8c6c5408db7be631d6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegLoadKeyA
RegQueryValueExA
RegOpenKeyExA
ReportEventW
RegCreateKeyA
RegReplaceKeyA
RegDeleteValueA
RegQueryMultipleValuesA
RegNotifyChangeKeyValue
RegSaveKeyA
OpenProcessToken

shlwapi

SHRegWriteUSValueW
PathIsSameRootW
StrTrimW
PathCompactPathExW
PathStripPathW
StrDupW
PathUnmakeSystemFolderA
StrChrIW
PathMakePrettyA
StrCSpnIA
SHRegCreateUSKeyA
PathRemoveBlanksW

kernel32

GetModuleHandleA
SetEvent
SuspendThread
VirtualAllocEx
CreateSemaphoreA
ReleaseMutex
OpenSemaphoreA
ResumeThread
ResetEvent
ReleaseSemaphore
GetProcAddress
GetPrivateProfileSectionA
VerLanguageNameA
GlobalSize
GetStringTypeA
GetThreadLocale
CreateMutexA
VirtualQueryEx
WaitForMultipleObjects
IsValidCodePage
GetProcessHeap
HeapLock
HeapDestroy
LeaveCriticalSection
VirtualFreeEx
LocalSize
GetOverlappedResult
GetProfileStringA
GetStartupInfoA

version

VerInstallFileA
GetFileVersionInfoSizeA
VerFindFileA
VerQueryValueA
GetFileVersionInfoA

netapi32

NetGroupGetInfo

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
perror
__mb_cur_max
_isctype
iswctype
_pctype

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb4bc6601a5efc8c6c5408db7be631d6

Headers

File Characteristics

Imports

advapi32

shlwapi

kernel32

version

netapi32

msvcrt

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 311KB - Virtual size: 419KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 311KB - Virtual size: 419KB

.rsrc
Size: 6KB - Virtual size: 5KB