71e1bd768c533d02fceb157b8b83475d

Sharing

Copy URL Twitter E-mail

General

Target

71e1bd768c533d02fceb157b8b83475d
Size

100KB
MD5

71e1bd768c533d02fceb157b8b83475d
SHA1

3df5aa578aecf05ab2f3774dc641f60a7ec7c7b1
SHA256

cf259075191eb71daf66c903da9bf1f45b68ab82c9793ac550ad730889908be7
SHA512

bf4db406bb35483d5696b145a9fc42dd3a19d367ae16622409f1e24c74ccca7ca96ed88de73fe490672acfce8498d0c3ac7955cd07d8f5eecf6d8660a5656975
SSDEEP

1536:QzIvEWYQiG+nqiXhLXhRuaS1UVNFKZNT41/SkdUgaJMxUgiv:CIvEWyGAqIzK3T41/TU9JMwv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71e1bd768c533d02fceb157b8b83475d

Files

71e1bd768c533d02fceb157b8b83475d
.exe windows:5 windows x86 arch:x86

a0bd78a1257703765c92d27da4f7ef2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

free
sprintf
_mbsstr
_mbsicmp
_mbsnbicmp
malloc
_mbschr
_mbslwr
atof
fprintf
_mbscmp
fclose
atoi
??2@YAPAXI@Z
strchr
fopen
??3@YAXPAX@Z
_mbsrchr
isalpha
sscanf
_mbsinc
_except_handler3
_controlfp
__p__commode
__set_app_type
__p__fmode
_initterm
_adjust_fdiv
__setusermatherr
exit
__getmainargs
_acmdln
strstr
_XcptFilter
_exit
printf
_itoa
memmove

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegCreateKeyExA
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegEnumValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryInfoKeyA

kernel32

WritePrivateProfileStringA
_lopen
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject
CopyFileA
CreateProcessA
CreateFileA
GetFileSize
MoveFileExA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SetFilePointer
SetEndOfFile
CloseHandle
LoadLibraryA
GetProcAddress
GetLastError
GetVersionExA
WriteProfileStringA
FreeLibrary
MultiByteToWideChar
CreateDirectoryA
DeleteFileA
_llseek
_lclose
GetCurrentProcess
ExpandEnvironmentStringsA
GetSystemDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetPrivateProfileStringA
GetShortPathNameA
GetProfileStringA

user32

wsprintfA
MessageBoxA
LoadStringA
ExitWindowsEx

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid

rpcrt4

RpcStringFreeA
UuidToStringA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHChangeNotify

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0bd78a1257703765c92d27da4f7ef2d

Headers

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

rpcrt4

version

shell32

Sections

.text Size: 76KB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 848B

.rsrc Size: 16KB - Virtual size: 28KB

.text
Size: 76KB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 848B

.rsrc
Size: 16KB - Virtual size: 28KB