21682da5a29f8f9ba2f385f911717082

Sharing

Copy URL Twitter E-mail

General

Target

21682da5a29f8f9ba2f385f911717082
Size

41KB
MD5

21682da5a29f8f9ba2f385f911717082
SHA1

5001686d1464c96f5044d8b226be7ce9183686b0
SHA256

9c9c542858c966db27d12487e49c0b8c19156666ce777c9053689542054247bc
SHA512

01f2a63f6763d0c88c38d9a1f8fc52fd19736a0ffd03a3fbefba7756142c8a1fed878073e1002a1023e51325deaa630867f3fcc9364e5926bceb28dec9cf9aec
SSDEEP

768:0RUkwemIdFv2QjDBY7rGahls6DiaDg1DmeDE/jDqmDIeDORDlj1HsADi8DgsDmIf:NeddptdY7rfhls6DiaDg1DmeDUjDqmDu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21682da5a29f8f9ba2f385f911717082

Files

21682da5a29f8f9ba2f385f911717082
.exe windows:4 windows x86 arch:x86

de655d0d7973503c65df505329e22933

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
lstrcatA
GetTempPathA
VirtualProtectEx
OutputDebugStringA
WriteProcessMemory
GetStartupInfoA
GetModuleHandleA
CreateMutexA
Sleep
GetLastError
DeleteFileA
GetTickCount
MoveFileA
CopyFileA
WinExec
GetSystemTime
SetSystemTime
lstrlenA
GetSystemDirectoryA
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
CreateThread
GetComputerNameA
GetModuleFileNameA
ReadProcessMemory

user32

SendMessageA
GetWindowThreadProcessId
GetMessageA
LoadStringA
RegisterClassExA
LoadCursorA
CreateWindowExA
DestroyWindow
DefWindowProcA
PostQuitMessage
EndPaint
BeginPaint
wsprintfA
GetForegroundWindow
GetDlgItem
GetClassNameA

advapi32

RegQueryValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
RegSetValueExA

msvcp60

??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

psapi

GetModuleFileNameExA
EnumProcessModules

msvcrt

strrchr
ftell
_purecall
_vsnprintf
atoi
memmove
free
__dllonexit
_onexit
_exit
_XcptFilter
_stricmp
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
memchr
fread
strncmp
strncpy
__CxxFrameHandler
sprintf
_mbsicmp
_strlwr
??2@YAPAXI@Z
fclose
fopen
_timezone
_tzset
rand
srand
fseek

urlmon

URLDownloadToFileA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de655d0d7973503c65df505329e22933

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcp60

psapi

msvcrt

urlmon

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB