0a7608d0c5f26cbd9da70cee7708ba46

Sharing

Copy URL Twitter E-mail

General

Target

0a7608d0c5f26cbd9da70cee7708ba46
Size

531KB
MD5

0a7608d0c5f26cbd9da70cee7708ba46
SHA1

8951299e2b55e320a5c857ee8d0a8d8ab09ff415
SHA256

a78c53ed79380ae8626f258fe0a923d853be9f5270faebbcb40f4b6696891fd9
SHA512

437f121b8551cafebba51b15169c9b532e94263e1369d2287e546e5137ff4896e546950848f5082622a2c9dec39ddf10c7e6db7353c8960f84773cbfb16b99cc
SSDEEP

12288:qTTx5KRZ18xtSP+szdcIugOO50MMEMOkPdwZa:fmxtSP+sJ+O5FWPPKI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a7608d0c5f26cbd9da70cee7708ba46

Files

0a7608d0c5f26cbd9da70cee7708ba46
.exe windows:6 windows x64 arch:x64

b1f7912642f728cf3656a03b9a53dbf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

HeapFree
GetProcessHeap
LoadLibraryW
GetFileAttributesW
FreeLibrary
GetLastError
GetProcAddress
HeapSetInformation
LocalFree
ExpandEnvironmentStringsW
LoadLibraryExA
DelayLoadFailureHook
GetCommandLineW
lstrlenW
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapAlloc
lstrlenA
LocalAlloc
IsDBCSLeadByte
RegisterApplicationRestart
Sleep

gdi32

GetStockObject

user32

MessageBoxW
RegisterClassW
CreateWindowExW
LoadStringW
LoadIconW
LoadCursorW
PostQuitMessage
DefWindowProcW

msvcrt

memset
memcpy
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

shell32

CommandLineToArgvW

shlwapi

StrCmpNIW
PathAppendW
PathRemoveFileSpecW
StrCmpIW
PathFindExtensionW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1f7912642f728cf3656a03b9a53dbf0

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

shell32

shlwapi

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 360B

.rsrc Size: 488KB - Virtual size: 487KB

.reloc Size: 27KB - Virtual size: 28KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 360B

.rsrc
Size: 488KB - Virtual size: 487KB

.reloc
Size: 27KB - Virtual size: 28KB