430389d5b39fef4b9f657b3b38f87a5e

General

Target

430389d5b39fef4b9f657b3b38f87a5e
Size

29KB
MD5

430389d5b39fef4b9f657b3b38f87a5e
SHA1

7b6135d5185f0afb49a9068bed3a89fa5ed6ddbe
SHA256

ce2f866406d81535e2346bc0b2675dc450cd4996ae3c1e8c423f96e63987dc31
SHA512

24a0156f8f266088e975f0bdafcb4ddfd0ef48a3da4b15b4784c7db5a0047648d52776390acfc814d37cbfde1acd2b88778e63bdd22a8911a77179b09bf6333b
SSDEEP

384:s/bLDikBiuo03bl9X9t9x1sdB2FXRv8YgdrjgLtbqRHWX2i8EQLhb/02L:EDijup1TlsdB8Np+sIR2Xu8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
430389d5b39fef4b9f657b3b38f87a5e

Files

430389d5b39fef4b9f657b3b38f87a5e
.exe windows:4 windows x86 arch:x86

c2dd1dbe1bdf7fb28dc2e7e79eb6ba27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwCreateSymbolicLinkObject
_strlwr
sprintf
strtol

kernel32

LoadLibraryA
GetVersionExA
CloseHandle
SetFileTime
CreateFileA
FindFirstFileA
HeapFree
GetProcAddress
HeapAlloc
GetProcessHeap
GetFileInformationByHandle
GetModuleHandleA
LocalFree
lstrcpyA
IsBadReadPtr
WinExec
CopyFileA
FreeLibrary
GetLocalTime
GetSystemDirectoryA
CreateThread
Sleep
GetModuleFileNameA
TerminateThread
GetStartupInfoA
ReadFile

user32

FindWindowA
PostMessageA

advapi32

StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
GetSecurityInfo
GetUserNameA
SetEntriesInAclA
SetSecurityInfo
OpenServiceA
OpenSCManagerA
StartServiceCtrlDispatcherA
ChangeServiceConfigA

msvcrt

__getmainargs
_controlfp
_except_handler3
fclose
fputs
fopen
fwrite
free
malloc
printf
_exit
_XcptFilter
exit
_acmdln
__set_app_type
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

shell32

ShellExecuteA

shlwapi

PathFileExistsA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2dd1dbe1bdf7fb28dc2e7e79eb6ba27

Headers

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

msvcrt

shell32

shlwapi

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 20KB - Virtual size: 24KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 20KB - Virtual size: 24KB