00afbf06609753e9a59d30b7daff6e6a

General

Target

00afbf06609753e9a59d30b7daff6e6a
Size

1.2MB
MD5

00afbf06609753e9a59d30b7daff6e6a
SHA1

c6e05cc2430a762b097e3b8e9e81481af78b4c8a
SHA256

3a0380e8e892f1b69161343f09e0ffbf198d2403fdc62bd84f18b8841f7380de
SHA512

7f4f5ecd5d78bf71934ff0b346f0fa5c8c65caf13a72950d8ba042454cb30460166cf56ab21ce582252ac1e03c12d6a069415ed96b4d7f648c4ae49481c6bd24
SSDEEP

24576:Wmj6SpYCnR3dK57UGGMdNQMFoaSMwCVlbML9AbsJ0pKz/:8SpYCnRo7DrdpblwgbML7+4/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00afbf06609753e9a59d30b7daff6e6a

Files

00afbf06609753e9a59d30b7daff6e6a
.exe windows:4 windows x86 arch:x86

2bfd743fea37f0c974a93a9901bbfab3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
VirtualProtect
SetTapePosition
GetModuleHandleW
GetStartupInfoW

advapi32

SetEntriesInAclW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
GetTokenInformation
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
AdjustTokenPrivileges
SetServiceStatus
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerW
RegSetValueExW
RegEnumKeyW
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
OpenProcessToken
FreeSid
AllocateAndInitializeSid

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoCreateInstance

ws2_32

WSAConnect
WSAWaitForMultipleEvents
WSASocketW

wtsapi32

WTSLogoffSession
WTSQueryUserToken
WTSCloseServer

msvcrt

malloc
_onexit
__dllonexit
_controlfp
__setusermatherr
_initterm
__wgetmainargs
_except_handler3
__set_app_type
__p__fmode
__p__commode
time
strncmp
fclose
fwrite
fseek
fopen
free
_wcmdln
_exit
_XcptFilter
exit
_adjust_fdiv

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bfd743fea37f0c974a93a9901bbfab3

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

ws2_32

wtsapi32

msvcrt

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 400KB - Virtual size: 399KB

.data Size: 224KB - Virtual size: 1.4MB

.tls Size: 4KB - Virtual size: 44B

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 400KB - Virtual size: 399KB

.data
Size: 224KB - Virtual size: 1.4MB

.tls
Size: 4KB - Virtual size: 44B

.rsrc
Size: 28KB - Virtual size: 25KB