213a71d1976615d56abdd532d19b1c6b

General

Target

213a71d1976615d56abdd532d19b1c6b
Size

55KB
MD5

213a71d1976615d56abdd532d19b1c6b
SHA1

522a4f8db1d7a99f07782c5d71b963dc291add91
SHA256

7ea21e29240a924e729b5e61a03aad6755a43bde5ec876b8879cdb51d741e810
SHA512

55a820e8b1ecf44cabb8dc007a8775801cc13213cf01a63cad2689c296c1dfa1da87214aa901fb30f474b577569096ec9c841e097e71c3ef9d97762e179d7968
SSDEEP

768:D+BvrtfpARZAVW1gaCTeuLf0YDBmTaISJ9qi6/ArEVfvdRopDnlB:ufqrLgZjLfHDYSWX/IotRKl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
213a71d1976615d56abdd532d19b1c6b

Files

213a71d1976615d56abdd532d19b1c6b
.exe windows:4 windows x86 arch:x86

42d9c4a0cb9f5c5e6f6c104dddf7e530

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z

kernel32

lstrlenW
CreateDirectoryW
GetTempPathW
CreateProcessW
lstrcpyA
TerminateProcess
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetTickCount
SetFileAttributesW
CopyFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Thread32Next
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetCommandLineW
GetLocalTime
GetSystemTime
CreateEventW
GetVersionExW
WideCharToMultiByte
GetVolumeInformationW
FreeLibrary
LoadLibraryW
CreateFileW
SetFilePointer
ReadFile
RemoveDirectoryW
ExitProcess
Sleep
GetModuleHandleW
GetModuleFileNameW
lstrcmpiW
lstrcatW
SetEvent
WaitForSingleObject
lstrcpyW
VirtualProtect
RtlMoveMemory
LoadLibraryA
GetProcAddress
LocalAlloc
LocalFree
GetCurrentProcess
GetLastError
CloseHandle
DeleteFileW
Thread32First

user32

CharUpperW
wsprintfW
PostThreadMessageW

advapi32

CreateServiceW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
AllocateAndInitializeSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
DeleteService
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegSetValueW
ControlService

shell32

CommandLineToArgvW

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 760B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42d9c4a0cb9f5c5e6f6c104dddf7e530

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 760B - Virtual size: 760B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 760B - Virtual size: 760B