17767c488f191e3c66854d7ab96c9988

Sharing

Copy URL Twitter E-mail

General

Target

17767c488f191e3c66854d7ab96c9988
Size

586KB
MD5

17767c488f191e3c66854d7ab96c9988
SHA1

a14c88df2be461bbdcb5ade9229ca4da24c81a6d
SHA256

e06fa271936ae7bbb0d44eda3d29b71ee7bb8baf902bdaf81a47d99cb01b2c67
SHA512

3223d3c19fbba20f1d69a0493e4487d9534880d68eac61bbecd961ee3ee3dcfc6ee001aea046babdf5ab479a9b8a449e0112c029e9f2fc1b5f97dd6ee02d2b86
SSDEEP

12288:uCrnAJP7TBOTECUHFa7jPmSxrgdV9Dt1rwZQGHR7rCpN1:HnG7TBOhUHFaHPmSxr0fF8R7Gb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17767c488f191e3c66854d7ab96c9988

Files

17767c488f191e3c66854d7ab96c9988
.exe windows:4 windows x86 arch:x86

d92a799c7b9f0b0daa94e5a7caed0323

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHFreeNameMappings

comctl32

InitCommonControlsEx

kernel32

GetEnvironmentStrings
GetDateFormatA
SetStdHandle
InterlockedExchange
SetEnvironmentVariableA
GetLocaleInfoA
GetCurrentProcessId
GetCurrentProcess
FreeEnvironmentStringsW
IsValidLocale
TlsAlloc
GetVersionExA
IsBadWritePtr
GetOEMCP
LCMapStringW
GetCurrentThread
GetCommandLineA
TlsGetValue
LoadLibraryA
CreateMutexA
GetLastError
GetModuleFileNameW
LCMapStringA
GetStringTypeW
SetHandleCount
EnumSystemLocalesA
HeapSize
GetModuleFileNameA
TlsSetValue
HeapReAlloc
InitializeCriticalSection
HeapFree
WideCharToMultiByte
GetTimeZoneInformation
GetStdHandle
GetCurrentThreadId
EnterCriticalSection
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
OpenMutexA
UnhandledExceptionFilter
GetTickCount
GetCPInfo
FreeEnvironmentStringsA
WriteFile
GetFileType
SetFilePointer
IsValidCodePage
CompareStringW
MultiByteToWideChar
CompareStringA
TerminateProcess
GetTimeFormatA
GetCommandLineW
LeaveCriticalSection
CloseHandle
SetLastError
GetUserDefaultLCID
ExitProcess
FlushFileBuffers
HeapDestroy
GetSystemInfo
GetEnvironmentStringsW
QueryPerformanceCounter
VirtualQuery
GetStartupInfoW
GetLocaleInfoW
DeleteCriticalSection
GetStringTypeA
GetProcAddress
RtlUnwind
GetACP
VirtualAlloc
HeapCreate
Sleep
ReadFile
GetModuleHandleA
VirtualProtect
HeapAlloc
TlsFree
VirtualFree
GetStartupInfoA

user32

UnregisterHotKey
CreateMenu
GetNextDlgTabItem
TrackPopupMenuEx
MessageBoxExW
CreateMDIWindowA
RegisterClassExA
GetTabbedTextExtentW
ScrollDC
RegisterClassA

advapi32

LookupPrivilegeDisplayNameA
RegEnumKeyW
CryptCreateHash
CryptEncrypt
LookupPrivilegeValueW
RegRestoreKeyW
RegDeleteKeyA
RegSetValueExA
LookupPrivilegeNameW
DuplicateToken
RevertToSelf
RegDeleteValueA
RegDeleteValueW
RegFlushKey
LookupAccountSidW
StartServiceW
CryptGetProvParam
InitializeSecurityDescriptor
RegCreateKeyExA
CryptSetKeyParam
RegSetValueExW
RegQueryValueA
CryptGetHashParam
LookupSecurityDescriptorPartsA
RegOpenKeyW

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d92a799c7b9f0b0daa94e5a7caed0323

Headers

File Characteristics

Imports

shell32

comctl32

kernel32

user32

advapi32

Sections

.text Size: 250KB - Virtual size: 249KB

.rdata Size: 8KB - Virtual size: 23KB

.data Size: 316KB - Virtual size: 316KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 250KB - Virtual size: 249KB

.rdata
Size: 8KB - Virtual size: 23KB

.data
Size: 316KB - Virtual size: 316KB

.rsrc
Size: 11KB - Virtual size: 10KB