231b618690a57446067687fb57c6adc8

Sharing

Copy URL Twitter E-mail

General

Target

231b618690a57446067687fb57c6adc8
Size

919KB
MD5

231b618690a57446067687fb57c6adc8
SHA1

c2eeebac9d550c38c3d1c6837a57eeaee92e7471
SHA256

8f741b5a68265bb99c2f4cbd2be5d819a5e16887f5a0a75d7988f752b949e5ad
SHA512

47c2cdec131323eb7a8a8fe20b61f37104d70d2fb12a929379598559eaffd023a42f2f0519c3282f32128c446197a3f463e8aaf3e6007330436c32e07d4b55b7
SSDEEP

24576:kjBGYqZYJVEN2w0xD8vqbRXaLPR3fVTPhHOZ75N:kjBDqZYJVLDgFdT0DN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
231b618690a57446067687fb57c6adc8

Files

231b618690a57446067687fb57c6adc8
.exe windows:4 windows x86 arch:x86

e75056675fb30f808d25ed52dd8b449e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_errno
_acmdln
__wgetmainargs
time
_initterm
_strnicmp
_iob
_controlfp
strchr
__set_app_type
fputs
malloc
??3@YAXPAX@Z
realloc
_XcptFilter
atoi
exit
_stricmp
printf
__winitenv

ntdll

NtQuerySymbolicLinkObject
NtQueryVolumeInformationFile
NtQuerySystemInformation
RtlLookupElementGenericTable
NtSetInformationFile
DbgBreakPoint
RtlSystemTimeToLocalTime
_aulldiv
NtReadFile
RtlInitAnsiString
_allmul
NtQuerySystemTime
NtQueryInformationFile
NtWriteFile
NtQueryVirtualMemory
RtlAnsiStringToUnicodeString
RtlInitializeGenericTable
RtlSetGroupSecurityDescriptor
NtDeviceIoControlFile
memmove

kernel32

GlobalAlloc
HeapCreate
HeapDestroy
LocalAlloc
LocalFree
GlobalFree
WriteConsoleW
TerminateProcess
GlobalReAlloc
lstrcmpiW
GetFileAttributesW
HeapAlloc
InterlockedIncrement
LCMapStringA
LoadLibraryA
GetThreadLocale
GetTimeFormatW
GetACP

ulib

?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
?Compare@OBJECT@@UBEJPBV1@@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
??0STRING_ARGUMENT@@QAE@XZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
?Strcat@WSTRING@@QAEEPBV1@@Z
?Fatal@PROGRAM@@UBEXXZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
??0CLASS_DESCRIPTOR@@QAE@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
??0PROGRAM@@IAE@XZ
??0PATH_ARGUMENT@@QAE@XZ
?Initialize@WSTRING@@QAEEPBDK@Z
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??0FLAG_ARGUMENT@@QAE@XZ
?IsValueSet@ARGUMENT@@QAEEXZ
??0STREAM_MESSAGE@@QAE@XZ
?SetAttributes@FSN_FILTER@@QAEEKKK@Z

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e75056675fb30f808d25ed52dd8b449e

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

ulib

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 31KB - Virtual size: 80KB

.rsrc Size: 1024B - Virtual size: 944B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 31KB - Virtual size: 80KB

.rsrc
Size: 1024B - Virtual size: 944B