00a9594d51a7e2e9c3b1e6bcc46925b2

Sharing

Copy URL Twitter E-mail

General

Target

00a9594d51a7e2e9c3b1e6bcc46925b2
Size

50KB
MD5

00a9594d51a7e2e9c3b1e6bcc46925b2
SHA1

9b9f737d388d53ffafacb52328cfc512366d5f6b
SHA256

135fa9877ae947fd677e50a7ea40b51fda6f0f9ae1cf5bd476227fbfe5aa0bc8
SHA512

dfae06d92e68a6a81b68ff0bdefbcb4276a180e01a840457627896c7b79acc73779fa03ce3a2756f3b7ea823e7f4fa5dc60451a40f280e58a4fbbb6dd2d5b168
SSDEEP

1536:0+amVhUVfdlUhVHDBA+kR1pXBAQznhhES2Cqnds:0o8P8J8pVDES2VS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00a9594d51a7e2e9c3b1e6bcc46925b2

Files

00a9594d51a7e2e9c3b1e6bcc46925b2
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

8a04fd5eb790361a4a24b84abfd087e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
GetLocalTime
CloseHandle
Sleep
HeapFree
ReleaseMutex
WaitForSingleObject
CreateMutexA
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
TerminateThread
CreateFileMappingA
lstrcpynA
HeapReAlloc
DeleteFileA
CreateProcessA
PulseEvent
GetFileAttributesA
GetCurrentProcess
VirtualFree
WinExec
FreeLibrary
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
VirtualProtect
VirtualQuery
lstrcmpiA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
OpenMutexA
OpenProcess
LoadLibraryA
FlushInstructionCache
SetLastError
lstrcmpA
FileTimeToSystemTime
GetCurrentThreadId
GetVersionExA
OutputDebugStringA
GetTickCount
MapViewOfFileEx
VirtualAlloc
SetThreadContext
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ResumeThread
DuplicateHandle
CreateRemoteThread
FindNextFileA
FindFirstFileA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualAllocEx
VirtualFreeEx
QueryDosDeviceA
GetLogicalDriveStringsA
CreateThread
GetTempFileNameA
GetTempPathA
CopyFileA
GetSystemDirectoryA
GetFileSize
CreateFileA
lstrcatA
RemoveDirectoryA
GetWindowsDirectoryA
OpenFile
CompareFileTime
GetCurrentProcessId
CreateEventA
GetLastError
WaitForSingleObjectEx
ResetEvent
OpenEventA
SetEvent
ExitProcess
GetProcessHeap
HeapAlloc
lstrcpyA
IsBadReadPtr
lstrlenA

user32

MessageBoxA
wsprintfA

advapi32

AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
OpenProcessToken
RegDeleteValueA

shell32

SHGetSpecialFolderPathA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
InternetCanonicalizeUrlA

shlwapi

SHDeleteKeyA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

Exports

Exports

BhoInstall
_WorkProc@4
__mp@4

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a04fd5eb790361a4a24b84abfd087e2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

shlwapi

rpcrt4

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.reloc Size: 4KB - Virtual size: 3KB

Size: 512B - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 44KB

.reloc
Size: 4KB - Virtual size: 3KB