17d40d638e3949606cb903b2849e9b71

General

Target

17d40d638e3949606cb903b2849e9b71
Size

33KB
MD5

17d40d638e3949606cb903b2849e9b71
SHA1

2192fe90d894a74279814c90001ceb56afbe6474
SHA256

ac7d8d100fbe4531e03dbfb5e818a61cf6ab6d0e13bad4a03ee9b5a06e30cfd5
SHA512

1dfe766600bd228a4a1144d161f4efb0da48685d5ac96e82e310fd9d61368c7923509203108656996a04cd8ff5046edda809bdeeb475e0767dd1f6547fe67653
SSDEEP

768:71oz2icqpoL22VB2kOi7FSoBd73TnPy954F5dVIFq6vqU:71oz6cQ2ZiZx5TP+54FPzU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17d40d638e3949606cb903b2849e9b71

Files

17d40d638e3949606cb903b2849e9b71
.exe windows:4 windows x86 arch:x86

2dbef4961bae6c83f5dc004e62626267

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
OpenProcessToken
GetSidSubAuthority
RegConnectRegistryA
SetSecurityInfo
AddAce
GetKernelObjectSecurity
CloseServiceHandle
LookupPrivilegeValueA
RegSetValueExA
RegCreateKeyA

ole32

OleQueryLinkFromData
OleLoadFromStream
CoReleaseServerProcess
CoIsOle1Class
CoMarshalInterface
OleQueryCreateFromData
OleCreateLinkToFile
OleGetAutoConvert
OleCreateFromData
CoRegisterClassObject

msvcrt

__p__fmode
_strlwr
strncmp
_except_handler3
_access
memset
fprintf
strstr
_wfopen
_isctype
wcscpy

gdi32

CreateRectRgn
CreateCompatibleDC
GetTextMetricsA
SetBkColor
GetObjectA
GetStockObject
CreateRectRgnIndirect
SetMapMode
CreateFontIndirectA
GetBkColor

kernel32

GetCurrentDirectoryA
GetCommandLineA
GetCurrentThreadId
lstrcmpiA
GetCurrentProcess
GetCPInfo
HeapSize
HeapCreate
Sleep
lstrlenW
HeapReAlloc
LoadLibraryA
LocalAlloc
FormatMessageA
TlsFree
LocalFree

user32

EnableWindow
SendMessageA
SystemParametersInfoA
GetWindowPlacement
LoadBitmapA
EnumWindows
GetWindowThreadProcessId
MapWindowPoints
PtInRect
ChildWindowFromPoint
OpenClipboard
CreatePopupMenu

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2dbef4961bae6c83f5dc004e62626267

Headers

File Characteristics

Imports

advapi32

ole32

msvcrt

gdi32

kernel32

user32

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 65KB

.rsrc Size: 1024B - Virtual size: 984B

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 65KB

.rsrc
Size: 1024B - Virtual size: 984B