795e0331e7b3572e522f1499617be018

Sharing

Copy URL Twitter E-mail

General

Target

795e0331e7b3572e522f1499617be018
Size

723KB
MD5

795e0331e7b3572e522f1499617be018
SHA1

b6b6cc93fbb2e3090555991da9f1e1225aff86a1
SHA256

46d47fb955560dc7d87dc4a5be556e7c7208f42e87532ee419a54b6b7234b72c
SHA512

c3d026bdc518061931068a00236677a423883dbac2e55464acb70c80178decd290752f624bd83f8d04f3e9456f13642b2e99e730a67af669abd095b34f54c718
SSDEEP

6144:5Lex9NUJCedIVBXln1fyGcBgEY0l1OIcpldlIzO:5ix9NsyVBVn1KGcxYIOD7dlgO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
795e0331e7b3572e522f1499617be018

Files

795e0331e7b3572e522f1499617be018
.exe windows:5 windows x86 arch:x86

836058ddb0836ac80fdd3387375fcd11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW

kernel32

GetModuleHandleW
OpenEventW
SetEvent
CloseHandle
DeleteFileW
InterlockedIncrement
CreateDirectoryW
WaitForSingleObject
GetLastError
LockResource
SizeofResource
LoadResource
FindResourceW
TlsGetValue
CreateFileA
ReadFile
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
WriteFile
GetConsoleCP
GetConsoleMode
HeapAlloc
GetProcAddress
GetModuleHandleA
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
CreateFileW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
LoadLibraryA
SetEndOfFile
GetProcessHeap

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegEnumKeyExW

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

V_SHRDHO
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 635KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

836058ddb0836ac80fdd3387375fcd11

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

advapi32

shell32

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 12KB

V_SHRDHO Size: 512B - Virtual size: 4B

.rsrc Size: 635KB - Virtual size: 634KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 12KB

V_SHRDHO
Size: 512B - Virtual size: 4B

.rsrc
Size: 635KB - Virtual size: 634KB