76fee684a60bedcf0027a38969dee654

Sharing

Copy URL Twitter E-mail

General

Target

76fee684a60bedcf0027a38969dee654
Size

260KB
MD5

76fee684a60bedcf0027a38969dee654
SHA1

fa27fff728728851e9a7616a7af97836bdb2d103
SHA256

94e0cc5f644f298fec7431f1724c69db3805d2ec07a4477006557a6c88b2cf6a
SHA512

3ac05f38573ffc9108c607ee2875d5bc4680c0e2408c94fa731ed5539470ddcd7de881d4371210b516802ac2714d64519682707e1c4f3d4d7faa63c0a3df9c61
SSDEEP

3072:ORfr2ZLv+uBLHxpYFbXouf8yZgsqoT77I01cewz/TaAkzmyDbKNOkbJI+YwrlSWs:OpPuBLcFbHxT73cNzhemyPS8kLeCaz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76fee684a60bedcf0027a38969dee654

Files

76fee684a60bedcf0027a38969dee654
.exe windows:4 windows x86 arch:x86

8e727ad7e2617583b3fe1ae6e362bdfa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
CompareStringA
IsValidCodePage
GetStringTypeExW
RtlUnwind
GetStringTypeA
GlobalUnlock
GetCurrentProcess
GetModuleHandleW
VirtualAlloc
LCMapStringW
InterlockedIncrement
HeapReAlloc
GetLastError
LockFile
GetFileType
FreeEnvironmentStringsW
LCMapStringA
GetModuleFileNameA
GetACP
GetStdHandle
ExitProcess
GetCurrentThread
GetStartupInfoW
GetTimeZoneInformation
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetOEMCP
EnumSystemLocalesA
HeapDestroy
QueryPerformanceCounter
TlsGetValue
SetEnvironmentVariableA
SetConsoleTitleW
SetConsoleCtrlHandler
TlsAlloc
EnterCriticalSection
HeapAlloc
GetLocaleInfoW
HeapFree
SetLastError
LeaveCriticalSection
GetCurrentProcessId
UnlockFile
GetStringTypeW
GetStartupInfoA
SetUnhandledExceptionFilter
HeapCreate
DeleteCriticalSection
GetDateFormatA
GetTimeFormatA
FreeLibrary
VirtualFree
SetHandleCount
CreateEventW
GlobalCompact
WriteFile
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedExchangeAdd
GetProfileStringA
MultiByteToWideChar
CreateEventA
SetLocaleInfoW
CompareStringW
GetUserDefaultLCID
GetProcAddress
GetEnvironmentStringsW
GetLocaleInfoA
GetConsoleCP
IsDebuggerPresent
InterlockedExchange
HeapSize
TlsSetValue
GetModuleFileNameW
VirtualQuery
TlsFree
Sleep
SetEnvironmentVariableW
IsValidLocale
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
lstrcpynW
TerminateProcess
GetCommandLineW
InterlockedDecrement
CreateDirectoryExA
GetModuleHandleA

advapi32

AbortSystemShutdownW
RegLoadKeyA
InitiateSystemShutdownW
CryptGenRandom
InitiateSystemShutdownA
CryptEnumProvidersA
RegReplaceKeyW
CryptSignHashW
LogonUserA
RegQueryValueW
RegQueryMultipleValuesW
RegEnumKeyA
LogonUserW
RegCloseKey
CryptSetProviderExA
CryptExportKey
CryptEnumProviderTypesA
RegSetValueExW
CryptSetProviderA
CryptGetProvParam
CryptSetHashParam

shell32

DragQueryFileAorW
CommandLineToArgvW
SHGetSpecialFolderLocation
DragQueryFile
SHBrowseForFolderW
SHInvokePrinterCommandA
RealShellExecuteW
SHLoadInProc

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e727ad7e2617583b3fe1ae6e362bdfa

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

Sections

.text Size: 131KB - Virtual size: 131KB

.data Size: 114KB - Virtual size: 113KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 131KB - Virtual size: 131KB

.data
Size: 114KB - Virtual size: 113KB

.rsrc
Size: 13KB - Virtual size: 13KB