70ae8a4f7ea8ab38a88e961e5e0ee37b

Sharing

Copy URL Twitter E-mail

General

Target

70ae8a4f7ea8ab38a88e961e5e0ee37b
Size

52KB
MD5

70ae8a4f7ea8ab38a88e961e5e0ee37b
SHA1

bfdca9da8d8b65fe784a7227078a780fd53397aa
SHA256

d51679f42abb46750b11f4d7330ea736ee43e339cdf8bc2e45d4a58651a90164
SHA512

36998c9b8d08c308e39f9274395e6e749acb14c91a77e5a5ba088ae254b3f46b30f945dc6461b443e5d6963ea39588625cb5b6d6aca238b2619adb98d2f85bc1
SSDEEP

768:Gx5V0v2CSCwgiT8GDxWFrI/gh8WEHCLh8NPSMyF13PMofMjH4:y5uv2C5iAGCc/gpWCLha6MyF1koD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70ae8a4f7ea8ab38a88e961e5e0ee37b

Files

70ae8a4f7ea8ab38a88e961e5e0ee37b
.exe windows:4 windows x86 arch:x86

9c41b1109942f0d225a550a2674096d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??3@YAXPAX@Z
malloc
_adjust_fdiv
exit
_controlfp
_pctype
__p__fmode
fopen
time
_except_handler3
_XcptFilter
__p__commode
__wgetmainargs
_errno
realloc
__getmainargs
??2@YAPAXI@Z
_wcsicmp
_strnicmp

kernel32

LocalFree
GlobalAlloc
HeapCreate
GlobalFree
LocalAlloc
HeapDestroy
GetModuleHandleW
WaitForSingleObject
SetCurrentDirectoryW
GetConsoleMode
LoadLibraryW
CreateMutexA
lstrcatW
GetCommandLineW
GetStartupInfoA
GetSystemDirectoryW
GlobalLock
GetVolumeNameForVolumeMountPointW
IsBadWritePtr
SetEndOfFile

ntdll

sprintf
RtlPrefixUnicodeString
DbgPrint
RtlNewSecurityObject
RtlAddAce
RtlClearBits
NtQueryInformationFile
RtlCopySid
RtlUpcaseUnicodeString
RtlQueryRegistryValues
NtWriteFile
wcsstr
_wcslwr
wcslen
RtlExpandEnvironmentStrings_U
NtShutdownSystem
RtlRaiseStatus
_allmul
DbgBreakPoint
RtlInitializeBitMap
NtQueryVolumeInformationFile
NtQueryValueKey
NtOpenProcessToken

ulib

?Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ
?IsValueSet@ARGUMENT@@QAEEXZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
?Initialize@FSN_FILTER@@QAEEXZ
??0STREAM_MESSAGE@@QAE@XZ
??0PROGRAM@@IAE@XZ
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
??1PATH_ARGUMENT@@UAE@XZ
??1STRING_ARGUMENT@@UAE@XZ
?Usage@PROGRAM@@UBEXXZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
??1OBJECT@@UAE@XZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?Fatal@PROGRAM@@UBEXXZ
??0ARRAY@@QAE@XZ
??0DSTRING@@QAE@XZ
?Initialize@PROGRAM@@QAEEKKK@Z
?SetAttributes@FSN_FILTER@@QAEEKKK@Z
?Compare@OBJECT@@UBEJPBV1@@Z
??1PATH@@UAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
??0LONG_ARGUMENT@@QAE@XZ
?Get_Standard_Output_Stream@@YGPAVSTREAM@@XZ

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c41b1109942f0d225a550a2674096d0

Headers

File Characteristics

Imports

msvcrt

kernel32

ntdll

ulib

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 13KB - Virtual size: 184KB

.rsrc Size: 1024B - Virtual size: 952B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 13KB - Virtual size: 184KB

.rsrc
Size: 1024B - Virtual size: 952B