1398ba29b29a9324838f4bdf2963252a

Sharing

Copy URL Twitter E-mail

General

Target

1398ba29b29a9324838f4bdf2963252a
Size

136KB
MD5

1398ba29b29a9324838f4bdf2963252a
SHA1

666dcce9b56c622eb5351c6df7e8c3bf387071b0
SHA256

c728d5ce3a14ee7e746451ba0056c30770824f872d7d35cc8fcb35edc2d34b5a
SHA512

290c51514c53dc23bea69a9df766873772782ea9a99b0dbfdf72af1aba24cae16946e56d10afcca90e699406bca16e7fbfeb725c8145d18177087a31ba779b29
SSDEEP

3072:vvc3JFFIEVi64tlt17noGM2dffxDwb47RhMFViTcjpoI2GsbB+aF:vWni62tLM2dSb47ReiAjeI2G6U2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1398ba29b29a9324838f4bdf2963252a

Files

1398ba29b29a9324838f4bdf2963252a
.exe windows:4 windows x86 arch:x86

37408810d7145b41857a14bbcc02f152

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
WriteProcessMemory
GetVersionExA
FreeLibrary
FlushInstructionCache
GetCurrentProcess
WriteFile
SizeofResource
LoadResource
FindResourceA
GetLastError
SetFileAttributesA
lstrcatA
GetSystemDirectoryA
GetTempPathA
HeapFree
HeapAlloc
FreeResource
LockResource
SetLastError
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
Sleep
DeleteFileA
SwitchToThread
WaitForSingleObject
CreateEventA
OpenEventA
GetCurrentThreadId
MoveFileExA
MoveFileA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTickCount
SetFilePointer
CreateFileA
InitializeCriticalSection
CloseHandle
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcessHeap
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetStartupInfoA
HeapDestroy
HeapCreate
HeapReAlloc
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetFileType
RtlUnwind
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW

user32

GetInputState
PostThreadMessageA
GetMessageA
SendMessageTimeoutA
wsprintfA

advapi32

GetUserNameA
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA

netapi32

NetUserGetLocalGroups
NetApiBufferFree

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37408810d7145b41857a14bbcc02f152

Headers

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 77KB

.rsrc Size: 77KB - Virtual size: 77KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 77KB

.rsrc
Size: 77KB - Virtual size: 77KB