213ddafd5291263477181314b69767e9

Sharing

Copy URL

Twitter E-mail

General

Target

213ddafd5291263477181314b69767e9
Size

60KB
MD5

213ddafd5291263477181314b69767e9
SHA1

31de2cb38769a35b85f21f08edc5afc3e490539e
SHA256

b2e3fe5c8bc783d096b850bf1fb1c0c3d8254a1f06b426294cca4cec326c8af5
SHA512

315648650c6805ef3b910e2faf470f29b873875a786fbb4c1a577f272eefae4eed56df030c20583325b449b176c348b3cc17076e6cb99d15a12bd29937aaed4a
SSDEEP

1536:pQpPC5ZOaZ6sdzxe1m/Y6TVPvqncbI3Do:pAkESdzkoXPyncbADo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
213ddafd5291263477181314b69767e9

Files

213ddafd5291263477181314b69767e9
.exe windows:4 windows x86 arch:x86

e34fe03154af50805de02325b799e861

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PeekNamedPipe
TransactNamedPipe
ReadConsoleOutputA
MulDiv
_llseek
EnumCalendarInfoA
GetNumberOfConsoleMouseButtons
GetProcessAffinityMask
GlobalUnWire
SetConsoleTextAttribute
CreateConsoleScreenBuffer
SizeofResource
Heap32First
ResetEvent
SetConsoleCtrlHandler
CreateFileMappingA
SetNamedPipeHandleState
GetTickCount
BuildCommDCBA
GetProcessVersion
OpenSemaphoreA
WaitCommEvent
GetVersionExA
GetBinaryTypeA
lstrcpy
Thread32Next
GetProfileIntA
SetProcessShutdownParameters
DeleteAtom
IsBadHugeReadPtr
GetPrivateProfileIntA
SetVolumeLabelA
GetComputerNameA
CreateMailslotA
SystemTimeToTzSpecificLocalTime
HeapUnlock
WaitNamedPipeA
FindNextChangeNotification
OpenFileMappingA
SetEvent
LocalShrink
SetFilePointer
ReadFileEx
CreateThread
GetCommandLineA
UTRegister
FatalExit
SetCommTimeouts
EraseTape
SetMailslotInfo
SetupComm
GetOverlappedResult
ResumeThread
PurgeComm
CreateFiber
GetLogicalDriveStringsA
GlobalFindAtomA
FoldStringA

shlwapi

PathStripToRootA
HashData
SHIsLowMemoryMachine
SHRegEnumUSKeyA
PathCommonPrefixA
SHRegWriteUSValueA
PathIsFileSpecA
StrRChrIA
StrChrIA
StrCSpnA
StrSpnA
PathRemoveBlanksA
AssocQueryStringA
PathGetDriveNumberA
SHRegCreateUSKeyA
PathIsUNCA
SHCreateStreamWrapper
SHRegOpenUSKeyA
PathFileExistsA
StrToIntExA
SHDeleteValueA
ColorHLSToRGB
UrlGetLocationA
SHAutoComplete
UrlCombineA
StrFormatByteSize64A
PathIsRelativeA
PathQuoteSpacesA
StrIsIntlEqualA
PathMakePrettyA
PathSearchAndQualifyA
PathAppendA

advapi32

InitializeAcl

Sections

.dsjqb
Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ravqn
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lgfm
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vibel
Size: 27KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e34fe03154af50805de02325b799e861

Headers

File Characteristics

Imports

kernel32

shlwapi

advapi32

Sections

.dsjqb Size: 22KB - Virtual size: 45KB

.ravqn Size: 5KB - Virtual size: 10KB

.lgfm Size: 1KB - Virtual size: 2KB

.vibel Size: 27KB - Virtual size: 140KB

.rsrc Size: 2KB - Virtual size: 4KB

.dsjqb
Size: 22KB - Virtual size: 45KB

.ravqn
Size: 5KB - Virtual size: 10KB

.lgfm
Size: 1KB - Virtual size: 2KB

.vibel
Size: 27KB - Virtual size: 140KB

.rsrc
Size: 2KB - Virtual size: 4KB