79bfb0b050c4062e7044c68d712c8a4b

Sharing

Copy URL

Twitter E-mail

General

Target

79bfb0b050c4062e7044c68d712c8a4b
Size

132KB
MD5

79bfb0b050c4062e7044c68d712c8a4b
SHA1

209b9558ff6e2fb40052653330552ef01e2ac95d
SHA256

74172eb4e6f1f0697624b75b1e4b91947391a5c2ee77e272852bd58b5efc7aef
SHA512

cdb0f314576117c630d9134c2fb20d54d8960bd0d5150b7e7831bf7435c865fe37b68b78e8c4e79db600dcc1b0d6307bc723f2310f4866a0154b3dc3090e95fc
SSDEEP

3072:tP23f54Y58BIcE1v/LcHarIpB/hpRg8sB5CutScRheP7lp8CdfW:VM52Iaa8lpRVsOu8cRqxff

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79bfb0b050c4062e7044c68d712c8a4b

Files

79bfb0b050c4062e7044c68d712c8a4b
.exe windows:5 windows x86 arch:x86

f1e5930309b3c336e48e6a51d845e242

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
FindClose
GetSystemInfo
FreeEnvironmentStringsW
TlsGetValue
LeaveCriticalSection
ExitProcess
FindResourceA
IsBadReadPtr
WritePrivateProfileStringA
LoadLibraryW
GetUserDefaultLCID
GetConsoleCP
GetACP
WriteConsoleA
SetFileAttributesW
DeleteCriticalSection
ResetEvent
DeleteFileA
CreateProcessW
FlushFileBuffers
GetTempPathW
GetShortPathNameA
GlobalMemoryStatus
GetModuleFileNameW
GlobalFree
CreateProcessA
LoadLibraryA
LockFile
Sleep
GetPrivateProfileStringA
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
CreateDirectoryW
VirtualAlloc
SetFileAttributesA
OutputDebugStringW
GetLocaleInfoW
CompareFileTime
DeleteFileW
FormatMessageA
WriteConsoleW
GlobalDeleteAtom
GetComputerNameW
InterlockedIncrement
GetModuleHandleW
FindFirstFileW
GetWindowsDirectoryW
SetEnvironmentVariableA
GetFileType
WaitForMultipleObjects
GetTempFileNameA
WaitForSingleObject
lstrcpyA
RtlUnwind
CreateSemaphoreW
GetTimeZoneInformation
GetCommandLineW
CreateFileA
RemoveDirectoryA
DeviceIoControl

msvcrt

_initterm
memset
__set_app_type
_wtoi
iswspace
??1type_info@@UAE@XZ
memmove
_fileno
_onexit
??3@YAXPAX@Z
??_V@YAXPAX@Z
__p__commode
_purecall
exit
__wgetmainargs
__getmainargs
_lock
_CxxThrowException
fprintf
fclose
_controlfp

advapi32

RegisterEventSourceW
QueryServiceStatus
AllocateAndInitializeSid
RegEnumValueW
RegOpenKeyExA
SetSecurityDescriptorDacl
RegDeleteKeyW

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1e5930309b3c336e48e6a51d845e242

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 56KB - Virtual size: 182KB

.reloc Size: 1024B - Virtual size: 1024B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 56KB - Virtual size: 182KB

.reloc
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 1KB - Virtual size: 1KB