296a438fddf6e582078cab57c3a96afd

Sharing

Copy URL Twitter E-mail

General

Target

296a438fddf6e582078cab57c3a96afd
Size

124KB
MD5

296a438fddf6e582078cab57c3a96afd
SHA1

ee815dba5dcc300dbb989c24fd43dbda1931dba5
SHA256

7916ee6cb81e8bff1cf411a7e6aec82b49da1d532dc6eacc0107e5b9a87eb3b4
SHA512

a923b64f7e327d06a0540bddc2c1cbf84d3881a22929df68761c1b9ce9366c25341a4e03fd4a90241d9d32c782bd76cae7372b3f3c5c13dbda5fd09752a474c1
SSDEEP

1536:6bExY5KIDOGnhTFCFxZymrdCOJMOhP742HK7nJuc3iQsZaPh9JzJZ/HkL/cuqlp:6bEeKc2FxZy0ZJ2JNuc3rpR9HE/cdlp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296a438fddf6e582078cab57c3a96afd

Files

296a438fddf6e582078cab57c3a96afd
.exe windows:4 windows x86 arch:x86

10b511c79a9a35ed19392ecf837c6780

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

urlmon

URLDownloadToFileW

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetTickCount
CreateProcessW
GetFileAttributesW
GetModuleFileNameW
CompareStringA
GetOEMCP
SetEndOfFile
GetLocaleInfoA
GetACP
InterlockedExchange
CompareStringW
SetEnvironmentVariableA
WaitForSingleObject
CreateFileW
Sleep
GetModuleHandleA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetCPInfo
GetLastError
DeleteFileW
GetTimeZoneInformation
GetExitCodeProcess
LCMapStringA
LCMapStringW
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
SetUnhandledExceptionFilter
VirtualQuery
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
WriteFile
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
VirtualProtect
GetSystemInfo
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
SetStdHandle
GetLocaleInfoW
ReadFile

advapi32

RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10b511c79a9a35ed19392ecf837c6780

Headers

File Characteristics

Imports

rpcrt4

urlmon

kernel32

advapi32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 9KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 9KB