796b7055e3d3ebf331cbbdbbebcaba72

Sharing

Copy URL Twitter E-mail

General

Target

796b7055e3d3ebf331cbbdbbebcaba72
Size

145KB
MD5

796b7055e3d3ebf331cbbdbbebcaba72
SHA1

b3eca2e86e94314945b6925d4a63b943bcce93bc
SHA256

cb72d1b9379de8e8d7e0a62f54f8a74835b409158f23e81788310294f91de450
SHA512

0931388ed6f3d1b2f9b1f62c1e2a249bfb3248891a36afaef8ae4f2e17a945508537746847635608a4e21e38c89f03d6808cfe50e551453ce7e9056b694fd7d2
SSDEEP

3072:kPOfZwYJCbfy362k0zNoBgtNS/qcqE7lijHjs7llldUaviWEyBB+:yubCbfwkJ6NSScBlKDCHdUiiW7s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
796b7055e3d3ebf331cbbdbbebcaba72

Files

796b7055e3d3ebf331cbbdbbebcaba72
.exe windows:1 windows x86 arch:x86

bb542ac5042e187aacf2d4e7e2738cc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetSystemDirectoryA
FindNextFileA
Sleep
DeleteFileA
GetCurrentProcess
CreateFileA
EnterCriticalSection
ShowConsoleCursor
LeaveCriticalSection
ReadFile
EnumCalendarInfoExA
CopyFileA
MapViewOfFileEx
OpenProcess
ExitVDM
GetSystemTimeAdjustment
GetFileSizeEx
GetFullPathNameA
GetDefaultSortkeySize
VirtualAlloc
FindClose
GetLastError
MultiByteToWideChar
GlobalFlags
GetWindowsDirectoryA
GetHandleInformation
lstrcpyW
GetFileAttributesW
WaitNamedPipeW
WriteFile
FindFirstFileA
lstrcpyA
DuplicateHandle
InitializeCriticalSection
GetSystemDirectoryW
LockFileEx
GetModuleFileNameA
CloseHandle
VirtualFree
WTSGetActiveConsoleSessionId
lstrcatA

advapi32

LookupPrivilegeValueA
RegSetValueExA
CloseServiceHandle
LookupSecurityDescriptorPartsW
RemoveTraceCallback
RegCreateKeyA
AdjustTokenPrivileges
ClearEventLogA
OpenSCManagerA
OpenProcessToken
RegCloseKey
EnumServicesStatusA
RegOpenKeyA
BuildTrusteeWithObjectsAndSidA
RegQueryValueExA
AccessCheckAndAuditAlarmW

ntdll

strstr
NtQueryObject
RtlAnsiStringToUnicodeString
memcpy
strlen
RtlFreeUnicodeString
sprintf
ZwLoadDriver
NtQuerySystemInformation
RtlInitAnsiString
vsprintf
wcsstr

ole32

CoCreateGuid

ws2_32

connect
WSASendTo
send
socket
gethostbyname
closesocket
WSALookupServiceEnd
htons
inet_addr
WSAStartup

psapi

EnumProcesses
GetProcessImageFileNameA

user32

CharLowerW
LoadLocalFonts
ExitWindowsEx

Sections

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 393B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb542ac5042e187aacf2d4e7e2738cc8

Headers

File Characteristics

Imports

kernel32

advapi32

ntdll

ole32

ws2_32

psapi

user32

Sections

.data Size: 12KB - Virtual size: 12KB

.text Size: 512B - Virtual size: 393B

.idata Size: 2KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.text
Size: 512B - Virtual size: 393B

.idata
Size: 2KB - Virtual size: 2KB