704061912e717f63e52fa5fa5dbfa8c5

Sharing

Copy URL

Twitter E-mail

General

Target

704061912e717f63e52fa5fa5dbfa8c5
Size

384KB
MD5

704061912e717f63e52fa5fa5dbfa8c5
SHA1

b527f0340e21566d3494c0a3788385dccf1d0205
SHA256

e7bbdedf21f093bb9b08799c164407bd239221be6689e7c1d39620ffd924919d
SHA512

c2e24c4ffb6c73d6da5c9244557a06c32679ddb199885da59ecdb2483543046252d64d72c27a32c8fa9dab5f9b95c955696d070b0959f313f7a2ec9c9704b6b5
SSDEEP

6144:UiMqbHbEQhY8+/3/pVEbn/cHE/xIU+lVsdXGU/EzTT/F1vD9zeqo:JHbLhY8+/3ETG5zTLPQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
704061912e717f63e52fa5fa5dbfa8c5

Files

704061912e717f63e52fa5fa5dbfa8c5
.exe windows:4 windows x86 arch:x86

23c163a76b8bac8b29ab5d0f38cb718f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
CloseHandle
LeaveCriticalSection
OpenProcess
GetModuleFileNameW
GetLastError
GetLocaleInfoW
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
GetEnvironmentVariableW
EnumResourceNamesW
WideCharToMultiByte
SetFileAttributesW
FileTimeToSystemTime
CreateFileW
CreateProcessW
MoveFileExW
CreateDirectoryW
WaitForSingleObject
GlobalFree
GlobalAlloc
GetCurrentThreadId
CopyFileW
DeleteFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
WaitForMultipleObjects
FormatMessageW
SetFilePointer
DuplicateHandle
ExitThread
GetCurrentProcess
SetLastError
LocalFree
CreateThread
WriteFile
CreateEventW
GetTempPathW
GetCurrentProcessId
GetCommandLineW
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
GetSystemDirectoryW
InterlockedIncrement
InterlockedCompareExchange
OpenMutexW
ReleaseMutex
CreateMutexW
LocalAlloc
Sleep
ReadFile
FlushFileBuffers
GetFileSize
GetModuleHandleA
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
GetVersionExA
SetEnvironmentVariableA
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
FileTimeToLocalFileTime
GetDriveTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSection
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
LCMapStringA
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryA
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
GetProcessHeap

user32

BeginPaint
GetSystemMetrics
GetKeyboardLayoutList
SystemParametersInfoW
LoadKeyboardLayoutW
LoadStringW
UnloadKeyboardLayout
MessageBoxW
GetWindowLongW
CheckDlgButton
EndPaint
DestroyWindow
CreateDialogParamW
SetWindowTextW
IsDlgButtonChecked
EndDialog
ShowWindow
SetWindowLongW
EnableWindow
GetFocus
GetClientRect
PostMessageW
LoadIconW
FindWindowW
SetForegroundWindow
IsIconic
SetWindowPos
GetDlgItem
SendMessageW
DialogBoxParamW

advapi32

RegDeleteKeyW
LookupAccountSidW
GetTokenInformation
RegQueryValueExW
RegFlushKey
RegSetValueExW
DuplicateTokenEx
CreateProcessAsUserW
OpenProcessToken
RegEnumKeyW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
AddAccessAllowedAceEx
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
GetSidLengthRequired
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW

shlwapi

SHDeleteKeyW

imm32

ImmGetHotKey
ImmSetHotKey
ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

23c163a76b8bac8b29ab5d0f38cb718f

Headers

File Characteristics

Imports

userenv

kernel32

user32

advapi32

shlwapi

imm32

version

comctl32

shell32

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 8KB - Virtual size: 25KB

.rsrc Size: 28KB - Virtual size: 28KB

.text Size: 10KB - Virtual size: 9KB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 8KB - Virtual size: 25KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 10KB - Virtual size: 9KB