693553ae717b96b77c270f853b47fac2

Sharing

Copy URL

Twitter E-mail

General

Target

693553ae717b96b77c270f853b47fac2
Size

772KB
MD5

693553ae717b96b77c270f853b47fac2
SHA1

5573adbf55846fb873ecf490ac7300ddec4dda01
SHA256

890ac5a5052207139cbafcfe5bd61aeb0d56539020aeb4135a61233f0ee07446
SHA512

b5bbb1b1216007601d1db362edebf181c5607c4e88596d691f2448ac0ad07ca0de2126ff5977d9bd49a40b202e8eb8b59bf613659c48910e708be9843fb64532
SSDEEP

12288:gEIofc+w8/eAd9k7vfAcyNAgD3PkA3AX3w175AGX3My4xfXr5qnk7Nw6k2:gEIA/LdWsdNAgeXKpdcXNBhwj2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
693553ae717b96b77c270f853b47fac2

Files

693553ae717b96b77c270f853b47fac2
.dll windows:4 windows x86 arch:x86

37bec5239bb568a3e10bd5088cde021f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualProtect
SetConsoleOutputCP
GetCurrentDirectoryW
GetTempPathW
GetModuleFileNameW
SetSystemPowerState
GetFileAttributesW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetProcessHeap
CreateProcessW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DuplicateHandle
CloseHandle
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetCPInfo
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetFileType
CreateFileA
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetStdHandle
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEndOfFile
ReadFile
LoadLibraryA
GetLocaleInfoW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

advapi32

OpenProcessToken
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
ControlService
RegisterServiceCtrlHandlerW
RegOpenKeyExW
FreeSid
SetEntriesInAclW
SetServiceStatus
AllocateAndInitializeSid
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegEnumKeyW
GetTokenInformation
StartServiceCtrlDispatcherA
CreateServiceA
CloseServiceHandle
DeleteService

Exports

Exports

Steamthank
Type
Usestay

Sections

.text
Size: 748KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37bec5239bb568a3e10bd5088cde021f

Headers

File Characteristics

Imports

kernel32

ole32

advapi32

Exports

Exports

Sections

.text Size: 748KB - Virtual size: 744KB

.data Size: 8KB - Virtual size: 99KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 748KB - Virtual size: 744KB

.data
Size: 8KB - Virtual size: 99KB

.reloc
Size: 12KB - Virtual size: 11KB