79991cfaff41e955b2a5532bb0885aba

Sharing

Copy URL Twitter E-mail

General

Target

79991cfaff41e955b2a5532bb0885aba
Size

414KB
MD5

79991cfaff41e955b2a5532bb0885aba
SHA1

94f3b3e2f04670de7dea7257b4bc0fa598021971
SHA256

bd20330ffc94173f57fc0684c989d9ca5b7beb464bd6394528fbdb45747d2381
SHA512

b628feb86220cf5d5487c231c828d9bf5106871faea40162514c6cf760eb50cf6087b9bf2e89a7fe4fa45cf086dc59bbbc8aa911d5dfaac9cc139e11094cd40e
SSDEEP

6144:tozoguPLCnBjIn2DkQ0KwZkOLlWCC8G1FqwhRQmwQQbbJecHZIjBMjKusnrTRVil:tWog2n2DkNKwZkOLwCCCmw7bbhIj4ATo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79991cfaff41e955b2a5532bb0885aba

Files

79991cfaff41e955b2a5532bb0885aba
.exe windows:4 windows x86 arch:x86

e70fa11baca858daaadcacea1b6a501d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
SetConsoleCtrlHandler
LoadLibraryA
GetEnvironmentStringsW
GetModuleFileNameW
VirtualProtect
InterlockedCompareExchange
TerminateProcess
GetModuleFileNameA
CreateProcessW
GetVersionExA
lstrcpynW
CompareStringW
CloseHandle
GetVersion
GetModuleHandleA
HeapReAlloc
GetProcAddress
CreateThread
SetFileTime
ExitProcess
CreateFileA
EnterCriticalSection
GetSystemTimeAsFileTime
GetEnvironmentStrings
RaiseException
lstrcatW
GetFileTime
lstrlenA
HeapAlloc
TlsAlloc
LCMapStringA
lstrcpyA
GetShortPathNameW
VirtualAlloc
GetSystemTime
FindNextFileW
SetLastError
FindFirstFileW
GetWindowsDirectoryA
GetFileAttributesA
GetVolumeInformationW
GetCPInfo
GetStringTypeA
GetCurrentProcessId
CopyFileW
UnmapViewOfFile
TlsSetValue
MultiByteToWideChar
GetLastError
GetStdHandle
HeapDestroy
LoadResource
lstrcmpiW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetAtomNameW
GetFileAttributesW
GetTickCount
lstrcmpiA
ResetEvent
WideCharToMultiByte

user32

MsgWaitForMultipleObjects
GetKeyboardState
UnregisterClassA
SetActiveWindow
SetFocus
DestroyIcon
GetCursorPos
ValidateRect
SetProcessWindowStation
IntersectRect
GetWindowLongA
GetWindow
GetKeyState
GetWindowThreadProcessId
GetDlgItemTextA
GetWindowTextA
DispatchMessageA
IsIconic
GetWindowDC
SendMessageA
InvalidateRect
GetForegroundWindow
CheckRadioButton
GetClientRect
SetThreadDesktop
TrackPopupMenu
PeekMessageA
DefWindowProcA
LoadMenuW
OpenDesktopA
CheckMenuItem
UpdateWindow
CloseDesktop

msvcrt

_vsnwprintf
malloc
__set_app_type
?terminate@@YAXXZ
fprintf
_initterm
_adjust_fdiv
_wcsnicmp
memmove

shlwapi

wnsprintfW
PathRemoveFileSpecW
PathMatchSpecW
SHDeleteKeyA
PathCombineW
PathFileExistsW
PathFindFileNameW
wvnsprintfW
StrCmpNIW
StrCmpNIA

advapi32

RegCloseKey
CryptHashData
RegEnumKeyExA
CryptCreateHash
AllocateAndInitializeSid
RegQueryValueExA
CryptDestroyHash
RegDeleteValueA
CryptGetHashParam
RegCreateKeyExA
CryptReleaseContext
SetSecurityDescriptorDacl
RegQueryInfoKeyW
CryptAcquireContextW
DuplicateTokenEx

aclui

CreateSecurityPage

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e70fa11baca858daaadcacea1b6a501d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

shlwapi

advapi32

aclui

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 18KB - Virtual size: 47KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 18KB - Virtual size: 47KB

.rsrc
Size: 2KB - Virtual size: 1KB