534af96a98bf2d8fa455f72a3043245e

Sharing

Copy URL

Twitter E-mail

General

Target

534af96a98bf2d8fa455f72a3043245e
Size

243KB
MD5

534af96a98bf2d8fa455f72a3043245e
SHA1

0ce1e3728fa5f548df440a160144bf8533c1778c
SHA256

a2f62b1c79f392229c8439c59eecbdb7c9aae8ea8ac051c47a63faf39023f7e3
SHA512

df28fa5ba2c65244953577fb9e08cb46d99ba89f2c8ca6d7c9c4df3f388f9f495590ac12fd5e09e97556cae26c330a3ca510d09b62658c5165b99ddc06cca899
SSDEEP

6144:GKmpwnZgq/KwP8L3bOb4YXsEReb/CFNoASqgr3MN3orKJMDMcAG:GFQZgq/b8L3+4XEkbaf7rgLAo24

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/41879375720210805.bat

Files

534af96a98bf2d8fa455f72a3043245e
.rar
41879375720210805.bat
.exe windows:5 windows x86 arch:x86

577b8945b527503cab8c479ade2a7e53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

fwrite
fclose
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
?what@exception@std@@UBEPBDXZ
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
fread
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
__CxxUnregisterExceptionObject
memmove_s
free
sprintf
__FrameUnwindFilter
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
_encoded_null
_encode_pointer
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
exit
_crt_debugger_hook
??1exception@std@@UAE@XZ

kernel32

GetFileType
SetLastError
GetModuleHandleW
LocalAlloc
GetSystemInfo
GetLastError
GetModuleHandleA
VirtualProtect
ExitThread
GetSystemRegistryQuota
GetSystemTimes
LocalFileTimeToFileTime
FileTimeToSystemTime
CompareFileTime
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetTapeParameters
IsProcessorFeaturePresent
GetNativeSystemInfo

user32

AdjustWindowRect
GetWindowTextLengthW
GetCursor
GetWindowRect
GetClientRect
AnyPopup
CreateWindowExA
ShowWindow
UpdateWindow
CreateCaret
LoadIconW

gdi32

CreateDiscardableBitmap
PlayMetaFileRecord
BitBlt
EndPath
BeginPath
StretchBlt
SetPolyFillMode
CreateEllipticRgn
CreateDIBitmap
CreateDIBPatternBrush
CreateDCA
GetPath

advapi32

RegSetValueW

shell32

DragAcceptFiles

msimg32

GradientFill
AlphaBlend
TransparentBlt

comctl32

ord6

winhttp

WinHttpWriteData
WinHttpSetOption
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest

msvcp90

??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z

mscoree

_CorExeMain

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.daludu
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

577b8945b527503cab8c479ade2a7e53

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

kernel32

user32

gdi32

advapi32

shell32

msimg32

comctl32

winhttp

msvcp90

msvcm90

mscoree

Sections

.text Size: 211KB - Virtual size: 211KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 59KB

.daludu Size: 512B - Virtual size: 10B

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 211KB - Virtual size: 211KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 59KB

.daludu
Size: 512B - Virtual size: 10B

.rsrc
Size: 40KB - Virtual size: 39KB