44e736ba75c0c9b83be88b7c83a8a997

Sharing

Copy URL Twitter E-mail

General

Target

44e736ba75c0c9b83be88b7c83a8a997
Size

2.2MB
MD5

44e736ba75c0c9b83be88b7c83a8a997
SHA1

12171f3bd13f2663fa3067684d3ab76631d673ec
SHA256

36a20a7d7685d773ee5e35a5a7b896748b923c4afc0826f502d04604512ba284
SHA512

077c35d9040d8c72475f416e51e97aaa93c4b20108736f2fcdb92d80c4f53d6f8d70fd491057181f31a2d844de21a72743d624401c544ba4f86e6a595e023d69
SSDEEP

24576:A/kkRfyiDNkIS3cbgiGavUmZ6/aDiBnrPMAv+MwMDD:A/jmcxGavxZ7iBnrtGc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44e736ba75c0c9b83be88b7c83a8a997

Files

44e736ba75c0c9b83be88b7c83a8a997
.exe windows:5 windows x86 arch:x86

66cd64a1dc311d22445d9617a8a2c4e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
CreateMutexW
GetConsoleMode
HeapReAlloc
SystemTimeToFileTime
GetLocaleInfoW
GetACP
GetLocalTime
VirtualAlloc
FreeEnvironmentStringsW
VerifyVersionInfoW
GetCommandLineW
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
GetLastError
SetLastError
GetCurrentThreadId
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
UnhandledExceptionFilter
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetOEMCP
GetCPInfo
LeaveCriticalSection
HeapFree
LoadLibraryExW
RtlUnwind
OutputDebugStringW
GetStringTypeW
HeapAlloc
HeapSize
LCMapStringW
FlushFileBuffers
GetConsoleCP
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
ReadFile
ReleaseSemaphore
GlobalAlloc
LocalAlloc
InterlockedIncrement
GetModuleHandleW
SetUnhandledExceptionFilter
lstrcmpW

advapi32

RegCreateKeyExW
GetTraceEnableFlags
RegEnumKeyExW
RegDeleteKeyW
OpenSCManagerW

mprapi

MprConfigTransportGetHandle
MprConfigBufferFree
MprConfigGetFriendlyName
MprConfigTransportDelete
MprConfigInterfaceTransportAdd
MprConfigInterfaceTransportRemove
MprConfigInterfaceGetInfo

esent

JetMove

Sections

.text
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 414KB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rl42ne
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66cd64a1dc311d22445d9617a8a2c4e1

Headers

File Characteristics

Imports

kernel32

advapi32

mprapi

esent

Sections

.text Size: 472KB - Virtual size: 471KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 414KB - Virtual size: 5.3MB

.rl42ne Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 1024B - Virtual size: 776B

.text
Size: 472KB - Virtual size: 471KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 414KB - Virtual size: 5.3MB

.rl42ne
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 1024B - Virtual size: 776B