7111607b296f0ce3219814dea6c3a232

Sharing

Copy URL Twitter E-mail

General

Target

7111607b296f0ce3219814dea6c3a232
Size

591KB
MD5

7111607b296f0ce3219814dea6c3a232
SHA1

e52299486ea9a861c172cea473e59ea5e26eabe4
SHA256

a888a5668fbe02bd9fce63a11bbb5fa230f2a52f0c80be41632ee0a580842ede
SHA512

d64544455707c3d6f6e41b01cad1d453d0b5c3e8d693cbf78cc6914d3d317335cd069beade312f5962571509a766716d8b75002cd232862cc61c4d2d5e7b8bb6
SSDEEP

12288:GmNTcGuSxI6sRpmTzL10bOrmnlgLdf94iIxezBt6IacnzeB6l4WRed2re7t:zCqI6cpizx0bOrelgB1DHlIIaierWReZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7111607b296f0ce3219814dea6c3a232

Files

7111607b296f0ce3219814dea6c3a232
.exe windows:5 windows x86 arch:x86

56ccd1abfeddd3fa60f44c9363f3916a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BuildCommDCBW
DeviceIoControl
DnsHostnameToComputerNameA
EnumDateFormatsW
EnumResourceLanguagesW
ExitProcess
FlushInstructionCache
FreeConsole
GetACP
GetCommandLineA
GetCurrencyFormatA
GetCurrentThread
GetMailslotInfo
GetProcessAffinityMask
HeapAlloc
IsValidLanguageGroup
OpenMutexA
RtlZeroMemory
SetCalendarInfoW
SetLastError
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeLabelA
VerLanguageNameA
VirtualAlloc
VirtualFree
WriteProfileSectionA
_lwrite

version

VerFindFileA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA

ntdll

RtlExpandEnvironmentStrings_U
NtFsControlFile
RtlNtStatusToDosError
RtlSetThreadPoolStartFunc
ZwCreateProcess
ZwDeleteFile
ZwDuplicateObject
RtlLookupElementGenericTable

userenv

RegisterGPNotification
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetAppliedGPOListW
CreateEnvironmentBlock
UnregisterGPNotification
DestroyEnvironmentBlock
LeaveCriticalPolicySection
GetProfilesDirectoryW

crtdll

freopen
_mbctoupper
_initterm
_finite
_exit

rpcrt4

IUnknown_Release_Proxy
float_from_ndr
double_from_ndr
RpcSsSetThreadHandle
RpcSmSetClientAllocFree
RpcServerUseAllProtseqsIfEx
RpcServerUseAllProtseqsIf
RpcServerUseAllProtseqsEx
RpcServerInqIf
RpcServerInqDefaultPrincNameA
RpcObjectSetInqFn
RpcMgmtInqIfIds
RpcCancelThread
RpcBindingToStringBindingA
RpcBindingInqAuthClientA
RpcAsyncInitializeHandle
CStdStubBuffer_IsIIDSupported
MIDL_wchar_strcpy

Exports

Exports

IwctmomOwcbrCrnu
aaZUaxGtvsvivk
auVnudZpLdrvIkQrg
bEgwds
bspqbeoKkekjt
cMshpu
gnaupmmLu
gvcgnlQyqhu
kOrQzoyqz
kxVfxEcyflcqjjgc
lFuuxdfLkyocnN
rXXyulZ
shtFdvnrY
tGsdjkweuwlekjosohc
uAriolz
uwfmpgcllguprP
vhKtzsxgju
wcsMfboj

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 505KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56ccd1abfeddd3fa60f44c9363f3916a

Headers

File Characteristics

Imports

kernel32

version

ntdll

userenv

crtdll

rpcrt4

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 505KB - Virtual size: 507KB

.rsrc Size: 51KB - Virtual size: 51KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 505KB - Virtual size: 507KB

.rsrc
Size: 51KB - Virtual size: 51KB