57386ba813186db225b5f9704c79bd12

Sharing

Copy URL Twitter E-mail

General

Target

57386ba813186db225b5f9704c79bd12
Size

128KB
MD5

57386ba813186db225b5f9704c79bd12
SHA1

3da09044bc22ded11f4a3919567466db2f46f7e0
SHA256

75ed2a6282fb5931a166191d000db27a33eb740419039b1fa2ba3dff8947ede8
SHA512

40941695fd6244b05c7772262a094be7367fa859c4a83afe79bff24c086d7c64311e30f756af943bb270418953581493ca68747ec649ee168d0ab16bd7257ce4
SSDEEP

3072:67NW+tqpcz+Vhiuf6wrWyZwnC2mKE9sP2Nh:MWta4hiuf3WgDX6C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57386ba813186db225b5f9704c79bd12

Files

57386ba813186db225b5f9704c79bd12
.exe windows:4 windows x86 arch:x86

c699e38b3fd60d51eefc396eae0406b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
CreateFileA
LoadResource
FindResourceA
SetFileAttributesA
lstrcatA
GetWindowsDirectoryA
GetSystemDirectoryA
GetVersionExA
WriteFile
WinExec
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
Module32First
Module32Next
OpenProcess
GetModuleHandleA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
CloseHandle
GetCurrentProcess
GetLastError
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
Sleep
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeW

user32

EnumWindows
IsWindowVisible
GetWindowThreadProcessId
SendMessageA
wsprintfA

advapi32

LookupPrivilegeValueA
AbortSystemShutdownA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
OpenProcessToken
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.topo0
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pepack
Size: 6B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c699e38b3fd60d51eefc396eae0406b9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 88KB - Virtual size: 88KB

.topo0 Size: 4KB - Virtual size: 1000B

pepack Size: 6B - Virtual size: 6B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 88KB - Virtual size: 88KB

.topo0
Size: 4KB - Virtual size: 1000B

pepack
Size: 6B - Virtual size: 6B