403f42c8a0e96ab176891c1dc1ee17d7

General

Target

403f42c8a0e96ab176891c1dc1ee17d7
Size

152KB
MD5

403f42c8a0e96ab176891c1dc1ee17d7
SHA1

6ee868c260ba047c824b32ca06fe4e9ca7749e0b
SHA256

20de12c655418a2b2411d63207ed72bbffb30c22a1b8bd90c4b8a6f51daa9320
SHA512

3b2abd794bf682d3096eba2434952e5bb5d5e437aa674b89d893403b0be382a845a8e20a57adadf23799aa566861687a45b8ca7fe7bf34e51705961894dfbb96
SSDEEP

3072:um9xNLXrSooBhnL2QxtWRyZq7YtzrDTwMQOu9eH4QAjJ9CfFSPzx:R5rgL2yzZqa/hQHQEimd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
403f42c8a0e96ab176891c1dc1ee17d7

Files

403f42c8a0e96ab176891c1dc1ee17d7
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

0aab38e5b30d481db5096d95414408b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

usp10

ScriptStringValidate
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringOut
ScriptStringGetOrder
ScriptStringGetLogicalWidths
ScriptStringFree

wsnmp32

ord401
ord320
ord302
ord106
ord105
ord104
ord100
ord400

xolehlp

ord5
DtcGetTransactionManagerExA

kernel32

TerminateProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
HeapReAlloc
VirtualAlloc
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
CloseHandle
ReadFile
GetFileSize
SetFilePointer
CreateFileA
DeleteCriticalSection
WriteConsoleW
lstrcmpA
GetEnvironmentVariableA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 697KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0aab38e5b30d481db5096d95414408b3

Headers

File Characteristics

Imports

usp10

wsnmp32

xolehlp

kernel32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 56KB - Virtual size: 697KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 56KB - Virtual size: 697KB

.reloc
Size: 8KB - Virtual size: 5KB