144857d13d8459fb28a369e497db754d

Sharing

Copy URL Twitter E-mail

General

Target

144857d13d8459fb28a369e497db754d
Size

84KB
MD5

144857d13d8459fb28a369e497db754d
SHA1

b9db010014cd5be1cadcc692f7f56758e143748f
SHA256

2ec2207b5112eeb27bea30e9ce4c18605b1880757a3b797676a835d3879cf2bf
SHA512

6dc967a4d7029f88676acad943ac9f7428d4f70d5444482727d6a859e02eefca19fade8a20fa885f6541324d507f2079ddd752b244f5325769cef05c0474558c
SSDEEP

1536:iG58MIhyoPNrbnS2bzCFqZUFlUtpgozSWMj:laXPNrZbzCkZBtpgozSR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
144857d13d8459fb28a369e497db754d

Files

144857d13d8459fb28a369e497db754d
.exe windows:4 windows x86 arch:x86

d71806aea623bf80aef8dc26bda29b8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

comctl32

ord17

kernel32

OutputDebugStringA
FindClose
Sleep
FindFirstFileA
GetSystemDirectoryA
CreateFileA
ReadFile
RemoveDirectoryA
CloseHandle
SetEndOfFile
SetFilePointer
CreateDirectoryA
DeleteFileA
WriteFile
GetVolumeInformationA
GetVersionExA
DeviceIoControl
RaiseException
SetHandleCount
GetStdHandle
HeapFree
LoadLibraryA
GetProcAddress
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
SetConsoleCtrlHandler
FreeEnvironmentStringsA
RtlUnwind
GetFileType
HeapReAlloc
HeapAlloc
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
SetUnhandledExceptionFilter
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
ExitProcess

msi

ord65
ord112
ord89

user32

SetFocus
MessageBoxA
CreateDialogParamA
ShowWindow
UpdateWindow
wsprintfA
SetWindowTextA
EnableWindow
PostQuitMessage
GetDlgItem
SendMessageA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
LoadStringA

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d71806aea623bf80aef8dc26bda29b8b

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

msi

user32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 4.0MB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 4.0MB

.rsrc
Size: 8KB - Virtual size: 4KB