05e165796c2ba9d4a6475e00908da262

General

Target

05e165796c2ba9d4a6475e00908da262
Size

225KB
MD5

05e165796c2ba9d4a6475e00908da262
SHA1

1f7471168801210594bd060706409af7eb1e9fb7
SHA256

5a140fafe13518a5e4528a7805a2e8594bd8f571fd19f25a61d7a8e5e36f8ecf
SHA512

f204da601bd74dda972fb9076be4825143031acf940e7b6a4db296580133906a142ee5fd23bac19edbbab7317321e854c9cbead6352bf92826b6728270135f2b
SSDEEP

6144:yEumDEtpFNfkjVDzTXcvjLhY2kO5itxiRCmGIaK:yEMs5DzTXcLLhY2kO5wi0Oa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05e165796c2ba9d4a6475e00908da262

Files

05e165796c2ba9d4a6475e00908da262
.exe windows:4 windows x86 arch:x86

bc6ddfd3390ff9eef22ad093cda6ca02

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateFileA
MoveFileA
DeleteFileA
WinExec
WriteFile
GetSystemDirectoryA
lstrcpyA
CloseHandle
GetCurrentProcess
TerminateProcess
OpenProcess
SetFileAttributesA
GetCommandLineA
GetStartupInfoA
CreateProcessA
FreeLibrary
GetSystemTime
GetWindowsDirectoryA
lstrcatA
LoadLibraryA
GetProcAddress
GetModuleFileNameA
HeapFree
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
SetFileTime
GetLocalTime
lstrlenA
SetFilePointer
ExitProcess
GetModuleHandleA
lstrcmpiA

user32

wsprintfA
MessageBoxA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nah
Size: 434B - Virtual size: 434B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc6ddfd3390ff9eef22ad093cda6ca02

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

Size: 6KB - Virtual size: 5KB

Size: 1KB - Virtual size: 1KB

Size: 1024B - Virtual size: 3KB

Size: 2KB - Virtual size: 5KB

.nah Size: 434B - Virtual size: 434B

.nah
Size: 434B - Virtual size: 434B