293509fb251f8a7198011f96101616ac

Sharing

Copy URL

Twitter E-mail

General

Target

293509fb251f8a7198011f96101616ac
Size

29KB
MD5

293509fb251f8a7198011f96101616ac
SHA1

b6e8a61bfc6cc869ebf95572706577edb596542a
SHA256

92875fc7d903d0395e4b28339da091e0b748a09c8503d82f081d0c22aa64af0f
SHA512

68c7df1f88470aaccb0cc0165f11aa1e349ab9bab42317a7b13256f2bd6970502a850b8a5683b31a6448b08390ff9e073f0fb9d885ce8d0f53b5d4dd3cc93832
SSDEEP

768:uxeBlwo3ACJ9PSHLx1QdYWt1ZzR3qU3LZaCXKoz:6efwDCJ9KHLx1BWjLcCN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
293509fb251f8a7198011f96101616ac

Files

293509fb251f8a7198011f96101616ac
.exe windows:4 windows x86 arch:x86

7a70114d958395e6a6b18b6f04d41cde

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateIoCompletionPort
CreateFileW
SetLastError
GetFileAttributesW
PostQueuedCompletionStatus
SetThreadPriority
GetThreadPriority
ReadDirectoryChangesW
GetQueuedCompletionStatus
GetCurrentThread
DeleteFileW
Sleep
ExitProcess
CreateProcessW
GetCommandLineW
GetVersion
CreateThread
lstrcpyW
GetCurrentProcess
GetEnvironmentVariableW
lstrlenW
SetFileAttributesW
CreateDirectoryW
SetFileTime
GetFileTime
GetSystemDirectoryW
GetModuleFileNameW
CopyFileW
lstrcmpW
GetWindowsDirectoryW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDrives
GetFileSize
RemoveDirectoryW
WideCharToMultiByte
GetLastError
GetModuleHandleW
ResetEvent
FreeLibrary
CreateEventW
SetEvent
CloseHandle
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
lstrcatW

user32

PostThreadMessageW
wsprintfW
GetWindowTextW
IsWindow
DestroyWindow
RegisterClassW
DefWindowProcW
CreateWindowExW
PostMessageW
PeekMessageW
GetMessageW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
GetForegroundWindow

gdi32

GetStockObject

advapi32

RegOpenKeyExW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW
RegCloseKey
RegSetValueExW

ole32

CoInitialize
CoCreateInstance

mfc42u

ord5706
ord5679
ord861
ord860
ord4197
ord2756
ord537
ord922
ord2606
ord2910
ord5568
ord356
ord2762
ord2773
ord4053
ord3173
ord3176
ord1972
ord668
ord825
ord823
ord800
ord538
ord540
ord940
ord942
ord535
ord3579
ord543
ord803
ord6303
ord521
ord858
ord3696
ord500
ord772
ord1105
ord6138
ord2385
ord5856
ord663
ord348
ord1184
ord3806
ord547

msvcrt

wcsstr
_controlfp
wcslen
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
wcsncpy
free
_wcsdup
_except_handler3
_beginthreadex
__CxxFrameHandler
_purecall
malloc
wcstok
wcsrchr
_wcsicmp

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a70114d958395e6a6b18b6f04d41cde

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

mfc42u

msvcrt

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 16B