590efef6094a124bb487cc45e3dfc900

Sharing

Copy URL Twitter E-mail

General

Target

590efef6094a124bb487cc45e3dfc900
Size

172KB
MD5

590efef6094a124bb487cc45e3dfc900
SHA1

6c87bbebb7bf60a63cb042eb90a5f97399135f2f
SHA256

dafbc0c74e9d1d4d62c8a3d8fd2a1b89961f0f0805e4251e7b1f182f5fdac3f3
SHA512

ee6ec8291d6f49e636d37fb7328dc47212f3be8e74940f1900aaa26467245226855d792e31fad1298a1edf323c187464608882b912fc9f394d8108f5c19ff59e
SSDEEP

3072:JFjv+WfqqYE1YWitQ8bOe4DGH9upwTj/7NmastkGFlSK1tk3Ft:JFj45PWKDOe4DGH9mONmaJGFl91wFt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
590efef6094a124bb487cc45e3dfc900

Files

590efef6094a124bb487cc45e3dfc900
.exe windows:4 windows x86 arch:x86

10b553f8689c8aaa15ecc6f54d30ec9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
GetSystemInfo
GetComputerNameA
GetModuleFileNameA
CopyFileA
SetErrorMode
GetTickCount
GetLocalTime
GetCurrentProcessId
GetCurrentProcess
SetStdHandle
LCMapStringW
LCMapStringA
FlushFileBuffers
LocalReAlloc
OpenProcess
TerminateProcess
WaitForMultipleObjects
LocalAlloc
ReadFile
LocalFree
GetProcessHeap
HeapAlloc
CreateThread
lstrcmpiA
lstrcatA
DeleteFileA
lstrcpyA
MultiByteToWideChar
CreateProcessA
GetVersionExA
lstrlenA
InterlockedExchange
FreeLibrary
ResetEvent
GetLastError
CloseHandle
VirtualAlloc
Sleep
VirtualFree
DeleteCriticalSection
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
SetFilePointer
RtlUnwind
RaiseException
TlsSetValue
TlsGetValue
ExitThread
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement

user32

GetWindowTextA
ExitWindowsEx
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
wsprintfA
MessageBoxA

advapi32

RegEnumKeyExA
RegOpenKeyA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
OpenSCManagerA
DeleteService
CloseServiceHandle
OpenEventLogA
ClearEventLogA
CloseEventLog
RegCreateKeyExA
RegSetValueExA
RegCloseKey

netapi32

NetUserAdd
NetLocalGroupAddMembers

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10b553f8689c8aaa15ecc6f54d30ec9d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

wtsapi32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 24KB - Virtual size: 33KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 24KB - Virtual size: 33KB

.rsrc
Size: 36KB - Virtual size: 36KB