7abc94d012fcd7dc032bca218b7bad83

Sharing

Copy URL Twitter E-mail

General

Target

7abc94d012fcd7dc032bca218b7bad83
Size

76KB
MD5

7abc94d012fcd7dc032bca218b7bad83
SHA1

40957512494130765c3ca0a0f462e96072f3cea6
SHA256

d00d481d25a2583037fda953e9b0bc3e9fc69c986bb28318648843adca2cdf69
SHA512

deab5be2b73366e67de24a3a982d704e090ff383ad26b59f74c775195399d55be1e6dc50315e2bfc833246a8fd8568dcc34a31fe6ffa33803aa7b94bdb1fe7cf
SSDEEP

768:zHDHWu8424jMp44+lS8ZHdJL3vdp3kWKP4yQAlvxNPzkr4b2bi9tvH:v2fp4jMp4jPHf1eP46Pzcb+tv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7abc94d012fcd7dc032bca218b7bad83

Files

7abc94d012fcd7dc032bca218b7bad83
.exe windows:4 windows x86 arch:x86

e37867b13edfe9d9759372493835980c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
GetTickCount
GetFileAttributesA
Sleep
lstrcmpA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
DeleteFileA
GetSystemDirectoryA
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
CopyFileA
GetModuleFileNameA
Process32First
GetStartupInfoA
GlobalAlloc
TerminateProcess
GetProcAddress
LoadLibraryA
TerminateThread
CreateThread
FlushFileBuffers
Process32Next
OpenProcess
GetModuleHandleA
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
WriteFile
CloseHandle
CreateFileA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
InitializeCriticalSection
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP

user32

GetDesktopWindow
wsprintfA
MessageBoxA

advapi32

CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA

shell32

ShellExecuteA

ws2_32

recv
socket
sendto
WSAStartup
WSASocketA
WSACleanup
gethostbyname
htons
inet_ntoa
WSAConnect
inet_addr
setsockopt
send

iphlpapi

GetNetworkParams

urlmon

URLDownloadToFileA

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

19G8POW4
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e37867b13edfe9d9759372493835980c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

urlmon

Sections

.text Size: 56KB - Virtual size: 52KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 176B

19G8POW4 Size: 4KB - Virtual size: 8KB

.text
Size: 56KB - Virtual size: 52KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B

19G8POW4
Size: 4KB - Virtual size: 8KB