28af4663b96a4da81c0b8230122a277d

General

Target

28af4663b96a4da81c0b8230122a277d
Size

605KB
MD5

28af4663b96a4da81c0b8230122a277d
SHA1

1ac299145d3022cfe29a76d60c3c40d3db900360
SHA256

ec36accfdd5818f27a07d529b96dfc3accad77ebd297d91e7eb5281ffd9d3402
SHA512

8cbb9a4ad6de19d77269fdaaa7e3a56f6bad05691c9cdb74ce16e904b04399df61d4bb48f14c4eeeac3f9fe2cb11d831dae94e2169757f9d8c2552bb3e446f0d
SSDEEP

12288:G7W3hApjWousPBrWd6NE0Nt+m1iS85LcrQvRE0nw+anL0PTx3qqliLt:G7W3hApjWousPBrWk7T1/OcrcRnYnS3e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28af4663b96a4da81c0b8230122a277d

Files

28af4663b96a4da81c0b8230122a277d
.exe windows:5 windows x86 arch:x86

77287866a755e3750a74b11f8e760bee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EqualRect
LoadIconA
OemToCharA
DeleteMenu
PostMessageA
SendMessageA
SetMenuInfo
UpdateWindow

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerInstallFileA
VerQueryValueW
VerFindFileW
GetFileVersionInfoA

rpcrt4

tree_into_ndr
short_array_from_ndr
RpcObjectSetInqFn
RpcNsBindingInqEntryNameA
RpcMgmtSetServerStackSize
RpcBindingVectorFree
RpcBindingSetAuthInfoA
RpcBindingInqAuthClientExA
MesHandleFree

crtdll

fmod
_exit
_finite
_fpieee_flt
_isnan
isalpha
rand
swscanf
wcsxfrm

ntdll

DbgUserBreakPoint
LdrLoadDll
NtQuerySystemTime
NtSetInformationObject
RtlCreateSecurityDescriptor
RtlNtStatusToDosError
RtlStartRXact
RtlUniform
RtlUpperString
ZwAlertThread

kernel32

WriteProfileSectionW
VerLanguageNameA
SetLastError
SetCommTimeouts
PurgeComm
OpenJobObjectW
OpenEventW
LoadLibraryExA
LeaveCriticalSection
LCMapStringA
IsDBCSLeadByte
HeapAlloc
GlobalUnfix
GetTickCount
GetThreadTimes
GetQueuedCompletionStatus
GetPriorityClass
GetFileSize
GetDefaultCommConfigA
GetCommandLineA
FreeConsole
ExitProcess
DisableThreadLibraryCalls
DeleteFileA
CreatePipe

Exports

Exports

CytTHxriHl
NrPbkytfqF
Yivuo
awftv
isXuw
qbbbyuLzibyerjgi
sxukyqmvtqieBNelv
vplmuavs
wzaOmbfs
xlllqchpxchzxiwIc
yztTqXwgkWiikb

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77287866a755e3750a74b11f8e760bee

Headers

File Characteristics

Imports

user32

version

rpcrt4

crtdll

ntdll

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 512KB - Virtual size: 511KB

.rsrc Size: 51KB - Virtual size: 51KB

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 512KB - Virtual size: 511KB

.rsrc
Size: 51KB - Virtual size: 51KB