105a372c89d5f7d9b5b1e25e34812412

Sharing

Copy URL

Twitter E-mail

General

Target

105a372c89d5f7d9b5b1e25e34812412
Size

529KB
MD5

105a372c89d5f7d9b5b1e25e34812412
SHA1

30b074b3fa02846253a369ac5a74dc6b3ea6c2a4
SHA256

818efe724d9ecf6a24c2d4525dad8d73c3171b4d708873b25e972faf216a503a
SHA512

e0dcc5f4d40be0c099405d569b3254fb2b0ac871f4f947d59516936afe7b80527a64ab23dc1e0762228a3111c0cfcb017336bc493cec85abb134550c35717b1f
SSDEEP

12288:jzBgxrxjFPibENSb6X3PFRki9UcyRp7XTfvPR5rnW9G4Lr5SU:jzBOjFPibENEYDkYUcyRpXT3PR9/4RS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
105a372c89d5f7d9b5b1e25e34812412

Files

105a372c89d5f7d9b5b1e25e34812412
.exe windows:4 windows x86 arch:x86

02c6b1df5f92d1e13dc6c7be792d15e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetActiveWindow
RegisterClassA
RegisterClassExA

advapi32

RegCreateKeyA
RegDeleteKeyW
RegSetValueA
RegReplaceKeyW
DuplicateTokenEx
CryptDecrypt
CryptEncrypt
RegSetKeySecurity
RegQueryMultipleValuesW
LogonUserA
RegEnumKeyExA
CryptEnumProviderTypesW
RegSaveKeyA
LookupPrivilegeValueA
LookupPrivilegeNameW
RegQueryInfoKeyA
CryptDestroyKey
CryptSignHashW
RegQueryValueExA
RegQueryValueExW
CryptImportKey

kernel32

GetCurrentProcessId
TlsAlloc
IsBadWritePtr
GetCommandLineA
GetACP
UnhandledExceptionFilter
GetStringTypeW
ExitProcess
OutputDebugStringA
TlsSetValue
FreeEnvironmentStringsA
VirtualFree
GetProcAddress
EnterCriticalSection
VirtualQuery
HeapAlloc
CloseHandle
WriteFile
GetLastError
GetSystemTime
SetEnvironmentVariableA
GetFileType
SetStdHandle
InterlockedIncrement
GetModuleHandleA
LCMapStringA
LeaveCriticalSection
FlushFileBuffers
TlsFree
IsBadReadPtr
GetStdHandle
HeapCreate
SetUnhandledExceptionFilter
CreateMutexA
CompareStringW
SetConsoleCtrlHandler
SetHandleCount
GetTimeZoneInformation
LoadLibraryA
GetSystemTimeAsFileTime
HeapDestroy
CompareStringA
GetOEMCP
MultiByteToWideChar
TerminateProcess
CommConfigDialogW
VirtualAlloc
GetEnvironmentStrings
HeapValidate
ReleaseMutex
GetModuleFileNameA
OpenMutexA
DeleteCriticalSection
SetFilePointer
GetStringTypeA
GetStartupInfoA
InitializeCriticalSection
GetVersion
GetCurrentProcess
InterlockedDecrement
TlsGetValue
RtlUnwind
SetFileTime
GetTickCount
LocalAlloc
LCMapStringW
HeapFree
GetLocalTime
QueryPerformanceCounter
SetLastError
DebugBreak
GetCPInfo
ReadFile
HeapReAlloc
GetCurrentThread
FreeEnvironmentStringsW
GetCurrentThreadId
WideCharToMultiByte
InterlockedExchange
GetEnvironmentStringsW

comctl32

InitCommonControlsEx

Sections

.text
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02c6b1df5f92d1e13dc6c7be792d15e3

Headers

File Characteristics

Imports

user32

advapi32

kernel32

comctl32

Sections

.text Size: 382KB - Virtual size: 381KB

.rdata Size: 32KB - Virtual size: 46KB

.data Size: 105KB - Virtual size: 105KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 382KB - Virtual size: 381KB

.rdata
Size: 32KB - Virtual size: 46KB

.data
Size: 105KB - Virtual size: 105KB

.rsrc
Size: 8KB - Virtual size: 8KB