e8b3eee1656d214f40619531cb019dbaa8369e6b3eaa55099a5137d060849f11

Sharing

Copy URL Twitter E-mail

General

Target

e8b3eee1656d214f40619531cb019dbaa8369e6b3eaa55099a5137d060849f11
Size

326KB
MD5

37b16593cc3bd6588131327f4d5c3b07
SHA1

55c34c37cad8dd82af229549b8a39099bbc32f52
SHA256

e8b3eee1656d214f40619531cb019dbaa8369e6b3eaa55099a5137d060849f11
SHA512

b678c2e09ae3d46811febefef708e7631f29785bd76ba3b1d668755366a61df2cde724cd8641887c0f19183b65bcba0e2fb7360af46d3be0b53176752652a088
SSDEEP

6144:AR1oQ0dA88jjwvv/MGGBdbj3xRqll/A6tU3LAZLgRKAOKAOOyWdU:AR1oQ0dA88jjwvv/MGGBd/3xRq3RC3Lv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8b3eee1656d214f40619531cb019dbaa8369e6b3eaa55099a5137d060849f11

Files

e8b3eee1656d214f40619531cb019dbaa8369e6b3eaa55099a5137d060849f11
.exe windows:5 windows x86 arch:x86

91b7abe46eda5996a0f59cca2c720d19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
FreeLibrary
LoadLibraryW
Sleep
GetProcAddress
CreateMutexA
ReleaseMutex
CloseHandle
GetTempPathA
GetModuleHandleW
GetSystemDirectoryW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
DecodePointer
TerminateProcess
SetEnvironmentVariableA
GetFileAttributesExW
GetTimeZoneInformation
CreatePipe
CreateProcessA
DuplicateHandle
OutputDebugStringA
GetConsoleScreenBufferInfo
InitializeCriticalSection
GetWindowsDirectoryA
HeapSize
GetLastError
RaiseException
MultiByteToWideChar
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
SetConsoleTextAttribute
GetComputerNameA
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileW
EnumSystemLocalesW
GetUserDefaultLCID
DeleteFileW
IsValidLocale
GetLocaleInfoW
EncodePointer
ReadFile
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
WriteFile
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetConsoleCP
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
CompareStringW
LCMapStringW

user32

wsprintfW
LoadStringW

advapi32

RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteExW

shlwapi

PathFileExistsW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91b7abe46eda5996a0f59cca2c720d19

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

setupapi

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 7KB - Virtual size: 78KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 7KB - Virtual size: 78KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 11KB - Virtual size: 10KB