765b364cde6400c4e4c58dadf4ef448b

Sharing

Copy URL Twitter E-mail

General

Target

765b364cde6400c4e4c58dadf4ef448b
Size

81KB
MD5

765b364cde6400c4e4c58dadf4ef448b
SHA1

0945039a743826a1bd50e503864f71ea2523573f
SHA256

cea073816cdde755307e128b2973e0b8b562c07bf361459f20abffac04a037bd
SHA512

4db700d90ebfdbd71116b7332baf6bcbed0005b23a00ad3795d8acd34628a783ccc0a08505372fa4c8d80ad934b051e394486aea446b32f27954653d3a09521f
SSDEEP

1536:wLtfIiJ1hrR3NZxD6WF+ReL3RFUlcVkYsvFFcfiY:wuoZxD6K+EI6VkBdFC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
765b364cde6400c4e4c58dadf4ef448b

Files

765b364cde6400c4e4c58dadf4ef448b
.exe windows:6 windows x86 arch:x86

65f16610516b863b0c9e520a1b665ddd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegGetValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW

kernel32

GetCurrentProcess
GetLocalTime
GetDynamicTimeZoneInformation
SetDynamicTimeZoneInformation
CompareStringW
ExitProcess
HeapSetInformation
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLastError
FreeLibrary
GetLocaleInfoW
GetVersionExW
CreateFileW
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
SetLastError
GetSystemDirectoryW
FindResourceExW
LoadResource
LockResource
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
UnmapViewOfFile
InterlockedExchange
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
InitializeCriticalSection

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs
memset
wprintf
_wcsicmp
_itow_s
_wtoi
wcschr
_vsnwprintf
wcsncmp
_wcsnicmp
memcpy
bsearch

user32

BroadcastSystemMessageW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iqovwhu
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

65f16610516b863b0c9e520a1b665ddd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 31KB

iqovwhu Size: - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 31KB

iqovwhu
Size: - Virtual size: 4KB