70e86f1f75aad9aedc81b05dc02a44ea

General

Target

70e86f1f75aad9aedc81b05dc02a44ea
Size

103KB
MD5

70e86f1f75aad9aedc81b05dc02a44ea
SHA1

66c3e2a88dd419d7fcc69a4eb7c109ea71d550ad
SHA256

98ddf62b4f1ac6fd49e57c64770d5b586152d5fbf258036d1ca823decd0570a2
SHA512

4a28d45bb3c3d363c1b217e2d4bcd4627437e42ce21ad921f65ca436439a1d4b1d6c3416f43c4f39ee3e576600e773f743c5488fc9389d28557087ce4ee40aad
SSDEEP

1536:SXP7YSnVV/+nAQqpQVTVqICGUCKK7RN4zttov8XeN+VS9uYW5jhqG+Hh:uni0QVTVpKUOHoUOmYkVq5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70e86f1f75aad9aedc81b05dc02a44ea

Files

70e86f1f75aad9aedc81b05dc02a44ea
.exe windows:4 windows x86 arch:x86

c6f30a1c4c2b17ad9abfed8a7979e4eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetSystemTimeAsFileTime
GetProcAddress
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetConsoleMode
InterlockedCompareExchange
MoveFileW
lstrcmpW
GetModuleHandleW
QueryPerformanceCounter
GetProcessVersion
TerminateProcess
LocalAlloc
LoadLibraryW
ExitProcess
FreeLibrary
EnumUILanguagesW
LoadLibraryExW
GetTickCount
CreateDirectoryW
Sleep
WaitForSingleObject
CloseHandle
WriteFile
lstrlenW
DecodePointer
InterlockedExchange
GetCurrentProcessId
OpenEventW
CreateFileW
LocalFree
GetModuleHandleA
ExpandEnvironmentStringsW
DeleteFileW
GetCurrentProcess
GetModuleFileNameW

shlwapi

StrStrW
PathFindFileNameW
StrCmpNW
PathFileExistsW

shell32

SHGetFolderPathAndSubDirW
SHSetLocalizedName

ddraw

DirectDrawCreateClipper

ntdll

RtlUnwind

crypt32

CryptEncodeObjectEx
CryptEnumOIDInfo
CryptEncodeObject

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6f30a1c4c2b17ad9abfed8a7979e4eb

Headers

File Characteristics

Imports

kernel32

shlwapi

shell32

ddraw

ntdll

crypt32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 39KB

.rsrc Size: 1024B - Virtual size: 88KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 39KB

.rsrc
Size: 1024B - Virtual size: 88KB