36a5c62f792be3c2a4470e138cfc1073

Sharing

Copy URL

Twitter E-mail

General

Target

36a5c62f792be3c2a4470e138cfc1073
Size

364KB
MD5

36a5c62f792be3c2a4470e138cfc1073
SHA1

fbbe92e95e72a648fa469d8625617e4b7e66a67c
SHA256

05769104c59445b8a01029554436ca0d55c62efc5bc9ba583eac2ebe3c13300f
SHA512

09ab12a605230ca99c443620f576e32f558c95e53645ab17916d9327a2d979d9ba76f19451494c0530fba9ba77db64f880ae70b1006942cf6f948cf96d86b462
SSDEEP

6144:G59cHU9rkK9OyRA+8ic3+ibKwLKxXYxPj1tHi9dT3fQIfKczf9Ye3r2ZHnKFA02g:VHiky/XwGexPj1tC5VKwYe3rKnGXVgha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36a5c62f792be3c2a4470e138cfc1073

Files

36a5c62f792be3c2a4470e138cfc1073
.exe windows:4 windows x86 arch:x86

55b5ac32e9fc82c490801e328fb786e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
FindNextFileW
DeleteFileW
SetFileAttributesW
CopyFileW
CreateDirectoryW
GetSystemTimeAsFileTime
GetModuleHandleW
WaitForSingleObject
lstrcpynW
GetStdHandle
CloseHandle
ResetEvent
WaitForMultipleObjects
SetEvent
OpenProcess
GetVolumeNameForVolumeMountPointW
DuplicateHandle
GetCurrentProcess
GetModuleHandleA
WriteConsoleW
WideCharToMultiByte
WriteFile
GetFileType
GetConsoleMode
Sleep
InterlockedCompareExchange
InterlockedExchange
LocalFree
LocalAlloc
GetLocaleInfoA
lstrcpyW
VirtualProtect
lstrcmpiW
lstrlenW
GetProcAddress
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
FileTimeToSystemTime
lstrcatW
GetCommandLineA
ReleaseMutex
GetStartupInfoA

user32

CharNextW
UpdateWindow
SetDlgItemTextW
GetParent
PostMessageW
wsprintfW
LoadStringW
BroadcastSystemMessageW
GetWindowThreadProcessId
CheckRadioButton

advapi32

RegCloseKey
RegDeleteValueW
CreateProcessAsUserW
RegEnumKeyExW
RegEnumKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
ReportEventW
RegisterEventSourceW
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
AddAccessAllowedAceEx
RegSetKeySecurity
AddAce
EqualSid
GetAce
DeregisterEventSource

rpcrt4

RpcStringFreeW
RpcRevertToSelf
RpcImpersonateClient
UuidEqual
UuidToStringW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
__getmainargs
_acmdln
_exit
wcschr
wcscmp
_wcsicmp
memset
malloc
free
_except_handler3
_adjust_fdiv
_amsg_exit
_cexit
exit
_XcptFilter
tolower
_wfullpath
towupper
memcpy

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 308KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55b5ac32e9fc82c490801e328fb786e0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

rpcrt4

msvcrt

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 308KB - Virtual size: 610KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 308KB - Virtual size: 610KB

.rsrc
Size: 8KB - Virtual size: 5KB