4a03d6160fb0d8996c3c2f2a54fc153d1c0237f79e3b5d0fe372d89b3f9473d8

Sharing

Copy URL Twitter E-mail

General

Target

4a03d6160fb0d8996c3c2f2a54fc153d1c0237f79e3b5d0fe372d89b3f9473d8
Size

256KB
MD5

e5210c0c20eafb9cd683ea8644ded738
SHA1

74ad563afe65d52086449d1391fc8e5e7cd6cdce
SHA256

4a03d6160fb0d8996c3c2f2a54fc153d1c0237f79e3b5d0fe372d89b3f9473d8
SHA512

4e7a64c4acabbb38eacd94d6fbaca9e7decb2ed23f3b3df60b399652d3c3243d0a57df75dcce1e3be9465a599135dfc6296271f339a3c923b57089ae48326f7d
SSDEEP

6144:NTfsPZGQM3HRtzDo9P2C6fjg7B2uryieB:9sPZLM3bo9u3fdB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a03d6160fb0d8996c3c2f2a54fc153d1c0237f79e3b5d0fe372d89b3f9473d8

Files

4a03d6160fb0d8996c3c2f2a54fc153d1c0237f79e3b5d0fe372d89b3f9473d8
.exe windows:5 windows x86 arch:x86

dd96e0cec1b8a0478429697ce8e07973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DecodePointer
EnterCriticalSection
GetSystemTime
RaiseException
GetTimeFormatW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateDirectoryW
GetDateFormatW
LocalFree
DeleteFileW
CreateEventW
LocalAlloc
CopyFileW
Sleep
TerminateThread
GetTickCount
SetEvent
WaitForSingleObject
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
WTSGetActiveConsoleSessionId
Process32NextW
ProcessIdToSessionId
Process32FirstW
GetLastError
GetModuleFileNameW
TerminateProcess
OpenProcess
lstrcmpiW
DeleteCriticalSection
GetComputerNameExW
ReadConsoleW
ReadFile
SetEndOfFile
GetCurrentDirectoryW
GetDriveTypeW
OutputDebugStringW
WriteConsoleW
SetStdHandle
SetFilePointerEx
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetFileType
InterlockedCompareExchange
GetLongPathNameW
InterlockedIncrement
GetFileAttributesW
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
HeapFree
GetCommandLineW
GetFullPathNameW
GetSystemTimeAsFileTime
RtlUnwind
HeapAlloc
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle

advapi32

QueryServiceConfigW
ControlService
GetUserNameA
RevertToSelf
QueryServiceStatusEx
SetServiceStatus
ChangeServiceConfigW
ImpersonateLoggedOnUser
StartServiceW
ChangeServiceConfig2W
LookupAccountNameA
RegisterServiceCtrlHandlerExW
GetSidSubAuthorityCount
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
GetSidSubAuthority
CloseServiceHandle
GetSidIdentifierAuthority
CreateServiceW
DuplicateTokenEx
CreateProcessAsUserW
GetTokenInformation
OpenProcessToken

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathIsRelativeW
PathAddBackslashW
PathCanonicalizeW
PathFileExistsW
PathQuoteSpacesW
PathUnquoteSpacesW
SHRegGetPathW
PathAppendW
PathRemoveFileSpecW

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dd96e0cec1b8a0478429697ce8e07973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

wtsapi32

userenv

shlwapi

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 78KB - Virtual size: 80KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 78KB - Virtual size: 80KB