17c6e50aaecab4ebe4f68cc0fe62fdf6

Sharing

Copy URL

Twitter E-mail

General

Target

17c6e50aaecab4ebe4f68cc0fe62fdf6
Size

23KB
MD5

17c6e50aaecab4ebe4f68cc0fe62fdf6
SHA1

4951aefd34d572d1414161b4cee043abe262a6f9
SHA256

cabf9a9aa92ae6aa5c903598bbd169fe456140fcaa4380b03d2c43fc02c9af3a
SHA512

7d4d9d84900ca9d00620dc2437c1c085cbe955868572149e23fa5067b4ff4376ecd51004c394c845761ef561d84cd668b2a8befe0f841be5c9ea5360346f9e4f
SSDEEP

384:eaP2k/S5hdPHoGoQ+cJl+WjhHyZcuDra1cvfGweyqG16mOme1Aa8XVBft+P:vn/S5hdPHoGopcJBjhHZaraCWVpGAmO/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17c6e50aaecab4ebe4f68cc0fe62fdf6

Files

17c6e50aaecab4ebe4f68cc0fe62fdf6
.exe windows:4 windows x86 arch:x86

9a29c4ada0f48da475e017e48b02c93d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileSectionA
SetUnhandledExceptionFilter
GetCurrentThreadId
LoadLibraryA
FreeLibrary
GetLastError
TerminateThread
GetCurrentProcessId
WriteConsoleW
WritePrivateProfileStringA
QueryPerformanceCounter
CloseHandle
GetSystemTimeAsFileTime
CreateFileW
GetTickCount
Sleep
FindResourceA
MultiByteToWideChar
TlsFree
LoadResource
GetProcAddress
GetCurrentProcess
SleepEx
WaitForSingleObjectEx
ExitProcess
TerminateProcess
WriteConsoleInputA
WaitForSingleObject
VirtualAlloc
UnhandledExceptionFilter
CreateFileA
WriteProfileSectionW

advapi32

RegSetValueExW
RegQueryValueExA
RegDeleteValueW
RegDeleteKeyA
InitializeSecurityDescriptor
CloseServiceHandle
AccessCheckByTypeAndAuditAlarmA
OpenThreadToken
RegDeleteKeyW
GetLengthSid
AddAccessAllowedAce
FreeSid
OpenProcessToken
RegEnumKeyExA
RegEnumValueW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExW
GetTokenInformation
RegQueryInfoKeyW
AccessCheckByTypeResultListAndAuditAlarmByHandleW
RegEnumKeyExW
RegCloseKey
AllocateAndInitializeSid
RegDeleteValueA
NotifyBootConfigStatus

comdlg32

PrintDlgExA
PrintDlgA
FindTextA
GetSaveFileNameA
dwLBSubclass
PageSetupDlgA
GetOpenFileNameA
WantArrows
ChooseColorA
dwOKSubclass
GetFileTitleA
ReplaceTextA
ChooseFontA
LoadAlterBitmap
CommDlgExtendedError

Sections

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a29c4ada0f48da475e017e48b02c93d

Headers

File Characteristics

Imports

kernel32

advapi32

comdlg32

Sections

BSS Size: - Virtual size: 12KB

CODE Size: 2KB - Virtual size: 1KB

DATA Size: 14KB - Virtual size: 14KB

.idata Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 406B

.rsrc Size: 2KB - Virtual size: 2KB

BSS
Size: - Virtual size: 12KB

CODE
Size: 2KB - Virtual size: 1KB

DATA
Size: 14KB - Virtual size: 14KB

.idata
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 406B

.rsrc
Size: 2KB - Virtual size: 2KB