178262693ae18b6c8d31b4640d530f33

Sharing

Copy URL Twitter E-mail

General

Target

178262693ae18b6c8d31b4640d530f33
Size

145KB
MD5

178262693ae18b6c8d31b4640d530f33
SHA1

02afa15a4bce08feb2239e2583f56c1971916f71
SHA256

9ec7e2125c4cc85e8f6bbbd633c68f532d5645e295aec0433f1acec5afea6e0f
SHA512

1e8f03bcd20d8925e297d7f9a111ab999712762c61d18f2944ed08118459ece090562c3d0912884f56e989fb5b6ce1c4c9ea1b100e56c4298fc2db35b9329532
SSDEEP

3072:HFyEsPZqU5e+fjRDPlBhDy4jdUuW4aT860h48lUfE:lllU5eS5RDBU54aYH48lx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
178262693ae18b6c8d31b4640d530f33

Files

178262693ae18b6c8d31b4640d530f33
.exe windows:4 windows x86 arch:x86

b48dfe26cabad2efcbaa01dff9a5a0ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GetFileAttributesA
WideCharToMultiByte
SystemTimeToFileTime
FileTimeToLocalFileTime
lstrcmpA
lstrcpyW
FileTimeToSystemTime
MultiByteToWideChar
FormatMessageA
lstrlenA
LocalAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
SetEndOfFile
GetOEMCP
GetACP
GetLocaleInfoA
LocalFree
OpenProcess
ReadProcessMemory
CloseHandle
GetTickCount
GetCurrentProcess
Sleep
GetSystemDirectoryA
CopyFileA
GetLastError
HeapFree
HeapAlloc
ExitProcess
MoveFileA
DeleteFileA
GetSystemTimeAsFileTime
GetModuleHandleA
GetCommandLineA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
WriteFile
FlushFileBuffers
GetTimeZoneInformation
RtlUnwind
InterlockedExchange
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
InitializeCriticalSection
CreateFileA
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetCPInfo
CreateDirectoryA

user32

wsprintfA

advapi32

RegCloseKey
DeleteService
CloseServiceHandle
CreateServiceA
StartServiceA
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
SetServiceStatus
ControlService

shell32

SHGetFolderPathA

wsock32

bind
recvfrom
inet_addr
setsockopt
closesocket
ioctlsocket
htons
sendto
inet_ntoa
socket
WSAStartup
ntohs

wintrust

WinVerifyTrust

crypt32

CertGetNameStringA
CryptDecodeObject
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CertVerifyTimeValidity
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ardata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b48dfe26cabad2efcbaa01dff9a5a0ed

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wsock32

wintrust

crypt32

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 20KB

.ardata Size: 72KB - Virtual size: 72KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 20KB

.ardata
Size: 72KB - Virtual size: 72KB