526d988fef70be897c895258427a8479

General

Target

526d988fef70be897c895258427a8479
Size

117KB
MD5

526d988fef70be897c895258427a8479
SHA1

f36f9824ddd6fd3de5bf67dcf22941e3a920eae1
SHA256

f40d269884a566e6f17865a8c3d3ca1b151f7472e5d6619cdf02d3952b8e6781
SHA512

eb1b17ee826cfff1a3e188667ce1bffdf5ae33296d6c24918afd71ae7e76ad59e1bf08a62855af51874cbb6d98f4ffcf511f1ad57b4a07941532431cd78af01f
SSDEEP

3072:zXgVA725wqx+67JlZApjo+o/0T5oX8VammsxJBg:zl6f78XOXemn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
526d988fef70be897c895258427a8479

Files

526d988fef70be897c895258427a8479
.exe windows:4 windows x86 arch:x86

451872b80b6a023081d3a24a5d95289a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExA
WriteFile
DeviceIoControl
GetVersionExA
Sleep
MoveFileA
GlobalFree
GlobalAlloc
GetProcAddress
GetModuleHandleA
CreateFileA
GetLastError
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
MoveFileExA
SetFileTime
CreateProcessA
CloseHandle
WritePrivateProfileStringA
GetSystemDirectoryA
WinExec
GetTempPathA
GetModuleFileNameA
GetTempFileNameA
DeleteFileA

advapi32

DeleteService
RegCloseKey
OpenSCManagerA
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegEnumKeyA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

msvcrt

memmove
_onexit
__dllonexit
strncat
strlen
sprintf
strncpy
strrchr
memset
strcpy
__CxxFrameHandler
strcat
strcmp
strchr
??3@YAXPAX@Z
isalpha
memcpy
_snprintf
_stricmp
_strlwr
??2@YAPAXI@Z
rand
srand
atoi
isdigit

shlwapi

SHDeleteKeyA
SHSetValueA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

wininet

InternetOpenUrlA
InternetOpenA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT
Size: 16B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 976B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

451872b80b6a023081d3a24a5d95289a

Headers

File Characteristics

Imports

kernel32

advapi32

version

msvcrt

shlwapi

rpcrt4

wininet

setupapi

Sections

.text Size: 116KB - Virtual size: 116KB

.CRT Size: 16B - Virtual size: 8B

.rsrc Size: 976B - Virtual size: 976B

.text
Size: 116KB - Virtual size: 116KB

.CRT
Size: 16B - Virtual size: 8B

.rsrc
Size: 976B - Virtual size: 976B