710a210e07fdbeb16e35bbedd1f2597f

General

Target

710a210e07fdbeb16e35bbedd1f2597f
Size

13.3MB
MD5

710a210e07fdbeb16e35bbedd1f2597f
SHA1

0843416387ae6cc5f13d5f2190af8b9fd2dcbe92
SHA256

5afb066a84ee75584310cec6a01b9445e8b0220c80d8b6a63d075fceb7202f9e
SHA512

53ab37996305f154320a475bb7a0586e1b4ae75282358c61360ffee64e4011ab2c436389ac816b3c64cb7839f44643fde6faca7897d6dc145c8c60acd62099c4
SSDEEP

12288:CllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllZ:

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
710a210e07fdbeb16e35bbedd1f2597f

Files

710a210e07fdbeb16e35bbedd1f2597f
.exe windows:5 windows x86 arch:x86

0d032f45b11dce1e99ccf0071f3c247e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateServersA
WTSWaitSystemEvent
WTSFreeMemory
WTSVirtualChannelQuery
WTSVirtualChannelClose
WTSVirtualChannelWrite
WTSUnRegisterSessionNotification
WTSSetUserConfigW
WTSLogoffSession
WTSSetSessionInformationW
WTSQuerySessionInformationA
WTSVirtualChannelPurgeInput
WTSOpenServerW
WTSQueryUserToken
WTSRegisterSessionNotification
WTSEnumerateProcessesA
WTSVirtualChannelRead

dbnmpntw

ConnectionClose
ConnectionWrite

kernel32

lstrcmpiW
IsBadStringPtrW
SetErrorMode
GetCurrentThread
CreateSemaphoreW
WriteConsoleW
GetCurrentProcessId
GetProcAddress
LoadLibraryA
lstrcmpiW
SearchPathA
DeleteFileW
GetModuleHandleW
LoadLibraryExW

msimg32

vSetDdrawflag
TransparentBlt

advapi32

RegDeleteValueW
OpenServiceA
InitializeSid
RegRestoreKeyA
RegLoadKeyA
IsValidSid
OpenEventLogA
LogonUserA
RegOpenKeyW
CryptSignHashW
RegEnumKeyW
RegSaveKeyA
RegUnLoadKeyA

comsvcs

CoLoadServices
SafeRef
CoCreateActivity
RecycleSurrogate

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.udata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.udata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13.2MB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d032f45b11dce1e99ccf0071f3c247e

Headers

File Characteristics

Imports

wtsapi32

dbnmpntw

kernel32

msimg32

advapi32

comsvcs

Sections

.text Size: 20KB - Virtual size: 19KB

.udata Size: 6KB - Virtual size: 5KB

.udata Size: 2KB - Virtual size: 2KB

.rsrc Size: 13.2MB - Virtual size: 103KB

.text
Size: 20KB - Virtual size: 19KB

.udata
Size: 6KB - Virtual size: 5KB

.udata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 13.2MB - Virtual size: 103KB