566eeb95673fbb9c4c38615ee243a065

Sharing

Copy URL Twitter E-mail

General

Target

566eeb95673fbb9c4c38615ee243a065
Size

73KB
MD5

566eeb95673fbb9c4c38615ee243a065
SHA1

691a69d51178540dcc6206f8fb1428aefa244733
SHA256

94788bb9d5ebb7e81c79b5b817efdfc6aea5177027b1de078d54965c8459dc77
SHA512

5d10e8a2639468ef17ea4b1c5b54d4a5b4236b5fb38422bfa90110760fd65e67c95519ddc2d2f9f1c470db51d6cbf5046f9d135f37e30e03bb1041cdbd63cf90
SSDEEP

1536:yU50fresR//a1c4vNoyLVg4rpzi81q036SzrZ2O6Sj5:j5Oqmna1tNoSrpQGz92O6k5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
566eeb95673fbb9c4c38615ee243a065

Files

566eeb95673fbb9c4c38615ee243a065
.exe windows:4 windows x86 arch:x86

f770807860a9d1624cfcf959c110c532

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupAccountSidA
RegEnumValueA
EqualSid
OpenServiceA
RegQueryValueExA
GetSidIdentifierAuthority
GetKernelObjectSecurity
LookupPrivilegeValueW
RegSetValueExA
RegCreateKeyA
ControlService
OpenProcessToken
IsValidSid
LookupPrivilegeNameA
QueryServiceObjectSecurity
LookupPrivilegeValueA
StartServiceA
InitializeAcl
RegDeleteValueA
GetLengthSid
OpenSCManagerA
GetSidSubAuthorityCount

kernel32

GetEnvironmentStrings
GetCurrentThreadId
WriteConsoleA
SetProcessWorkingSetSize
WaitForSingleObject
GetUserDefaultLCID
GetExitCodeThread
HeapCreate
DeviceIoControl
IsValidLocale
SetEnvironmentVariableA
GetTickCount
FindClose
SetUnhandledExceptionFilter
GetStringTypeA
GetCommandLineW
EnumSystemLocalesA
ExpandEnvironmentStringsA
IsValidCodePage
GlobalLock
VirtualFree
SetLastError
TerminateProcess
MapViewOfFile
LCMapStringW
lstrcpyA
GetProcessHeap
LoadLibraryA
LocalFree
VirtualQueryEx
GetCurrentProcess
CompareStringW
SetThreadAffinityMask
FileTimeToSystemTime

user32

IsDialogMessageA
MoveWindow
GetSystemMetrics
SystemParametersInfoA
EndDialog
TranslateMessage
GetSysColor
GetDlgCtrlID
PostMessageA
GetWindowDC
LoadStringA
GetDlgItemTextA
CreateWindowExA
SetWindowPos
CallWindowProcA
GetWindowRect
SetCapture
SendMessageTimeoutA
SetClassLongA
SetWindowLongA
LoadIconA
DefFrameProcA
DeleteMenu

ole32

OleTranslateAccelerator
OleCreateEx
CoMarshalInterface
CoSuspendClassObjects
OleCreateLinkToFile
CoTaskMemRealloc
OleCreateStaticFromData
CoRevokeMallocSpy
OleRegEnumFormatEtc
OleQueryLinkFromData
CoGetClassObject
OleCreateLinkEx
OleDuplicateData
CoFileTimeToDosDateTime
CoRevokeClassObject
CoFreeUnusedLibraries

msvcrt

_controlfp
memmove
wcsncmp
malloc
fgets
_except_handler3
_wsplitpath
abs
__dllonexit
_strlwr
qsort
fclose
realloc
wcsncpy
_XcptFilter
_waccess
wcscmp

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f770807860a9d1624cfcf959c110c532

Headers

File Characteristics

Imports

advapi32

kernel32

user32

ole32

msvcrt

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 3KB

.bss Size: - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 888B

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 3KB

.bss
Size: - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 888B