47f36d651409bb122a3f13c51be41a24

General

Target

47f36d651409bb122a3f13c51be41a24
Size

91KB
MD5

47f36d651409bb122a3f13c51be41a24
SHA1

f2324b998a9731526a872b9111d9dfcf74e4f43c
SHA256

b5e0afeabae5b59ecf77290e324b58103e1d0e2d085e95557233b8939a2c42c1
SHA512

dd4d5921ca5bc91486a086407f2ecad5ec31d10c00f4b89db2d166aac965e9a450b76a7ed8058c0c5247ab9578c614339396f51ace36da9954312938e8fe04bc
SSDEEP

1536:6L8mumJvhhVKsP6V1zqsuirT+4c2GP5bhy2hARyqkE1spycYh2HOWhivTnNx6UIN:1yZKjXqfirT+N2GP5b4GtZY3TNx6z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47f36d651409bb122a3f13c51be41a24

Files

47f36d651409bb122a3f13c51be41a24
.exe windows:5 windows x86 arch:x86

543941ec86a314738afa8a5fc7ac1a7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_chkstk
RtlDeleteElementGenericTable
NtQuerySystemInformation
NtQueryPerformanceCounter
RtlFormatMessage
RtlDecompressBuffer
RtlOemToUnicodeN
_allrem
RtlInsertElementGenericTable
_alldiv
RtlNumberOfSetBits
_allmul
RtlSystemTimeToLocalTime
RtlAnsiStringToUnicodeString
NtTerminateProcess
RtlFreeHeap

msvcrt

fputs
__setusermatherr
_errno
_XcptFilter
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
??3@YAXPAX@Z
free
time
__set_app_type
__getmainargs
atoi
_initterm
__initenv
fopen
??2@YAPAXI@Z
toupper

ulib

?Strcat@WSTRING@@QAEEPBV1@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
??1STRING_ARGUMENT@@UAE@XZ
?Get_Standard_Output_Stream@@YGPAVSTREAM@@XZ
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
??1ARGUMENT_LEXEMIZER@@UAE@XZ
??0PROGRAM@@IAE@XZ
??1PATH_ARGUMENT@@UAE@XZ
??0FLAG_ARGUMENT@@QAE@XZ
??1ARRAY@@UAE@XZ
??1PATH@@UAE@XZ
?SetAttributes@FSN_FILTER@@QAEEKKK@Z
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ

kernel32

lstrcpyA
GetCommandLineA
GetModuleHandleA
lstrcatW
GetFileType
LocalAlloc
GetVersionExA
LoadLibraryA
GetCommandLineW
GetSystemTimeAsFileTime
DeviceIoControl
DeleteFileA
VirtualProtect
GetUserDefaultLCID
lstrlenW
LoadLibraryW
GetThreadLocale
GetStringTypeW
HeapSize

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

543941ec86a314738afa8a5fc7ac1a7d

Headers

File Characteristics

Imports

ntdll

msvcrt

ulib

kernel32

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 4KB - Virtual size: 28KB

.rsrc Size: 1024B - Virtual size: 984B

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 28KB

.rsrc
Size: 1024B - Virtual size: 984B