527b2938064d38f0654f967759d5034d

Sharing

Copy URL Twitter E-mail

General

Target

527b2938064d38f0654f967759d5034d
Size

571KB
MD5

527b2938064d38f0654f967759d5034d
SHA1

6f995a1b8fcb590d159799d23c31d90161ab5843
SHA256

e01afd319b54f1755c9e8e63cbcf15ef9d61d692a3dc89131639c8809dd340e6
SHA512

cae8777ee9e4d3a16a8899695dff552c2eca7eda457344d3817a6e2aa4ce37aa17c4165bdf11393df4893db81bb4ef72a631b6a6c338e61bac9546af2b1db6b9
SSDEEP

12288:UHsfFD4CRvbk1GJ0l+LO5v02tdKjfsFVUNYEocMnH5KJMyT/fw1IuWmj:UHySB1GJ0l+Ll0KbZuYQH4N3w1Qm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
527b2938064d38f0654f967759d5034d

Files

527b2938064d38f0654f967759d5034d
.exe windows:5 windows x86 arch:x86

b73b2a5742d430c0e9facd8ee6591646

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

DestroyEnvironmentBlock
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetAppliedGPOListW
CreateEnvironmentBlock
UnregisterGPNotification
RegisterGPNotification
LeaveCriticalPolicySection
GetProfilesDirectoryW

kernel32

_lclose
VirtualFree
VirtualAlloc
VerifyVersionInfoA
VerLanguageNameA
SetUnhandledExceptionFilter
SetLastError
SetFileAttributesW
CancelIo
CreateMutexA
EraseTape
ExitProcess
FileTimeToDosDateTime
FindFirstChangeNotificationW
GetACP
GetAtomNameA
GetCalendarInfoW
GetCommandLineA
GetComputerNameA
GetCurrentThreadId
GetMailslotInfo
GetPrivateProfileStringA
HeapAlloc
IsBadStringPtrA
IsDBCSLeadByte
OpenFileMappingW
OpenMutexA
Process32FirstW
ReadProcessMemory

crtdll

wcsxfrm
vfwprintf
strcmp
sqrt
isleadbyte
clock
atan
abs
_ultoa
_strnset
_ecvt
_execve
_exit
_filelength
_finite
_ftime
_mbctohira
_mbscmp
_mbscpy
_mbsnccnt
_rotr
_stat
wctomb

rpcrt4

MesIncrementalHandleReset
RpcBindingFromStringBindingA
RpcBindingServerFromClient
tree_peek_ndr

version

VerFindFileW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerInstallFileA

ntdll

ZwQueryDefaultUILanguage
ZwOpenThreadToken
RtlTryEnterCriticalSection
RtlOemToUnicodeN
RtlNtStatusToDosError
NtWriteFile
NtQueryInformationFile
NtNotifyChangeKey
NtGetPlugPlayEvent

Exports

Exports

Gwrmz
arkds
cFiRkudfl
cfhikzitwikoEam
cuecuwtmeaiay
eXvrd
ebhsmjh
jhdnty
jrroezxQp
mgrbkJdeudNbzt
mkyeBMpziq
nexsyaqjVtpetsch
pmkYWpGvcDfubOwxtlg

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b73b2a5742d430c0e9facd8ee6591646

Headers

File Characteristics

Imports

userenv

kernel32

crtdll

rpcrt4

version

ntdll

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 508KB - Virtual size: 507KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 508KB - Virtual size: 507KB

.rsrc
Size: 26KB - Virtual size: 26KB