4812ed8b95c66af9d130a2c869352991

Sharing

Copy URL Twitter E-mail

General

Target

4812ed8b95c66af9d130a2c869352991
Size

324KB
MD5

4812ed8b95c66af9d130a2c869352991
SHA1

8a3992d8629a305aa06e7c6cbf416f7a005b3550
SHA256

be9d66afae75b4f4dd38dd03225e4dc904339e3bfd40279415f08f04e5c57a13
SHA512

23a220374f9874b25afe43b48d3fa13e576881234519bde6e5752cd90fc32fca23db5a186a09049e336e702a4d920a36e2228e72c43f83fdd7eaea200c91b5b5
SSDEEP

6144:LXnuGt22bm8QwhidIQzTu9JH1TIE4ZRLhn74uqa8UY10JoMqtdt27WuD:LeKx0RzTIH1TIDZMuqa/Y1aoM8A7x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4812ed8b95c66af9d130a2c869352991

Files

4812ed8b95c66af9d130a2c869352991
.exe windows:5 windows x86 arch:x86

01b8bdcc7cdcb11a624f313fcd4ab4e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateDebugObject
NtAllocateVirtualMemory
RtlUshortByteSwap

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

tapi32

lineShutdown
lineGetID
lineOpen
lineClose
lineInitializeExW
lineNegotiateAPIVersion
lineGetDevCapsW

setupapi

SetupCloseInfFile
SetupGetSourceFileLocationA
SetupGetSourceInfoA
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
SetupPromptForDiskA
SetupDiOpenDevRegKey
SetupOpenMasterInf

user32

wsprintfA

advapi32

RegOpenKeyExA
StartServiceA
RegSetValueExA
ChangeServiceConfigA
OpenSCManagerA
CloseServiceHandle
RegCloseKey
RegOpenKeyW
RegEnumKeyA
RegQueryValueExA
RegOpenKeyA
OpenServiceA
QueryServiceStatus
RegQueryValueExW

kernel32

VirtualQuery
lstrcpyA
GetModuleHandleA
LCMapStringW
FreeLibrary
GetSystemInfo
GlobalAlloc
GetLocaleInfoA
GetShortPathNameW
LoadLibraryA
lstrcmpiW
GetVersionExA
WriteFile
CreateFileA
GetProcessHeap
GlobalFree
FormatMessageA
GetTempPathW
HeapFree
GetStringTypeA
LoadLibraryW
DeleteFileW
GetProcAddress
HeapReAlloc
lstrlenW
GetLastError
VirtualFree
LCMapStringA
GetStringTypeW
VirtualProtect
lstrlenA
GetTickCount
CloseHandle
VirtualAlloc
WideCharToMultiByte
Sleep
lstrcmpiA
CreateDirectoryW
ExitProcess
lstrcmpA
GetCPInfo
HeapAlloc

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01b8bdcc7cdcb11a624f313fcd4ab4e7

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ole32

tapi32

setupapi

user32

advapi32

kernel32

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 294KB - Virtual size: 294KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 294KB - Virtual size: 294KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB