946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818

Sharing

Copy URL

Twitter E-mail

General

Target

946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818
Size

448KB
MD5

700a9938d0fcff91df12cbefe7435c88
SHA1

f1f661f00b19007a5355a982677761e5cf14a2c4
SHA256

946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818
SHA512

7fa6b52d10bcfc56ac4a43eda11ae107347ba302cc5a29c446b2d4a3f93425db486ed24a496a8acd87d98d9cfb8cad6505eb0d8d5d509bc323427b6931c8fff8
SSDEEP

6144:btb2kbTOXb1JSqar6LNzVLReCCOQ6j4zu+jf6U5peQRVOm+T:MaTOqq+6LNzjwxPfhCQRVOmW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818

Files

946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818
.exe windows:5 windows x86 arch:x86

7894ebd869f40ac69e6712adb71cda3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToTzSpecificLocalTime
InterlockedIncrement
GetCurrentProcess
GetSystemWindowsDirectoryW
InterlockedCompareExchange
BackupSeek
GetModuleHandleW
GetTickCount
FindNextVolumeMountPointA
GetConsoleAliasesLengthA
TlsSetValue
GetCurrencyFormatW
GlobalAlloc
LoadLibraryW
Sleep
AssignProcessToJobObject
SizeofResource
GetVersionExW
EnumResourceLanguagesA
ReadFile
CreateFileW
GetVolumePathNameA
CreateJobObjectA
LCMapStringA
GlobalDeleteAtom
GetLastError
SetLastError
GetProcAddress
GetProcessHeaps
VirtualAlloc
BackupWrite
EnumDateFormatsExA
SetComputerNameA
LoadLibraryA
OpenMutexA
CreateFileMappingA
CreateFileMappingW
FindFirstVolumeMountPointW
BeginUpdateResourceA
GlobalFindAtomW
CreateIoCompletionPort
FindFirstChangeNotificationA
VirtualProtect
OpenSemaphoreW
FindAtomW
GlobalAddAtomW
GetComputerNameA
GetDateFormatW
InterlockedExchange
GetFullPathNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExitProcess
GetCommandLineA
GetStartupInfoA
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsFree
GetCurrentThreadId
HeapSize
HeapFree
TerminateProcess
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapAlloc
HeapReAlloc
RtlUnwind

gdi32

SetDeviceGammaRamp

advapi32

RegisterEventSourceW

msimg32

AlphaBlend

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7894ebd869f40ac69e6712adb71cda3c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

msimg32

Sections

.text Size: 302KB - Virtual size: 301KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 4.1MB

.rsrc Size: 131KB - Virtual size: 131KB

.text
Size: 302KB - Virtual size: 301KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 4.1MB

.rsrc
Size: 131KB - Virtual size: 131KB