1a3cee664939a135bbdbac6a1e70c85d

Sharing

Copy URL Twitter E-mail

General

Target

1a3cee664939a135bbdbac6a1e70c85d
Size

60KB
MD5

1a3cee664939a135bbdbac6a1e70c85d
SHA1

a4e93c01b7e3cb63d261144438f481696f6a3c71
SHA256

0c1720668736c57ebe0c33eba6f69a0709f43536cf265621b1be9267402ed7ba
SHA512

1aff753044fea49ab72c4390c875fd8a59e6a96487f5dd91419ff8c2811af3123abbcf8796b7af2221a4fb404114841b5e00790ab6423699051ef11b72dc7f84
SSDEEP

1536:8ucZMQONpaRxhGu6xgAvDQsS55SwQmMD:0ZMQS6Z6OuDXk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a3cee664939a135bbdbac6a1e70c85d

Files

1a3cee664939a135bbdbac6a1e70c85d
.exe windows:5 windows x86 arch:x86

80b7a6e9d314323693d6de8fad7d79a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwSetSecurityObject
RtlAdjustPrivilege
ZwYieldExecution
memset
memcpy
NtVdmControl
strtoul
strrchr
strcmp
ZwQuerySystemInformation
_snprintf
strlen
memcmp
NtAllocateVirtualMemory
NtFreeVirtualMemory
strcat
strcpy
_chkstk

shlwapi

StrStrIA

netapi32

NetUserGetInfo
NetQueryDisplayInformation
NetApiBufferFree

kernel32

ExitProcess
GetTempFileNameA
GetTempPathA
WinExec
CreateToolhelp32Snapshot
Process32Next
VirtualAlloc
CreateFileA
GetFileSize
WriteFile
ReadFile
CloseHandle
FreeLibrary
GetTickCount
SetCurrentDirectoryA
GetProcAddress
LoadLibraryA
MoveFileA
DeviceIoControl
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetProcessHeap
CreateRemoteThread
OpenProcess
HeapValidate
CreateProcessA
TerminateProcess
GetEnvironmentVariableA
ExitThread
CopyFileA
VirtualAllocEx
GetExitCodeThread
SetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
WriteProcessMemory
DeleteFileA
MoveFileExA
Process32First
VirtualFree
IsBadReadPtr
GetVolumeInformationA
GetSystemWindowsDirectoryA
GetCurrentProcessId

user32

PostMessageA
CharUpperA
FindWindowA

advapi32

LogonUserA
CheckTokenMembership
FreeSid
RevertToSelf
AllocateAndInitializeSid
ImpersonateLoggedOnUser
RegCreateKeyExA
DuplicateToken
GetUserNameA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA

shell32

SHGetFolderPathA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80b7a6e9d314323693d6de8fad7d79a0

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

netapi32

kernel32

user32

advapi32

shell32

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 42KB - Virtual size: 43KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 42KB - Virtual size: 43KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 2KB - Virtual size: 1KB