796d95c2b3d26c866f4a9309ae85e58e

Sharing

Copy URL Twitter E-mail

General

Target

796d95c2b3d26c866f4a9309ae85e58e
Size

171KB
MD5

796d95c2b3d26c866f4a9309ae85e58e
SHA1

e2920663bd7e656b4ca88574fee7395a0933eb4c
SHA256

bd49493edc23926b7765206c6db67f5f96e8e50fec048e8f79bdfd3c1ee94543
SHA512

cf53700a44ee7d1922e96fbbb6d197b35edf098352fd8b2e1a3b90b601342d073ba6274cd203a3aede5cd152a44c6d05043f44207756d53562f9f0072a20feff
SSDEEP

3072:Xde+Rb/R0YpCp1X0RX/8pb7uWklA2WxYfBN5ldKQ+:Xde+dR0YpCT0RXsb1kup4jKQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
796d95c2b3d26c866f4a9309ae85e58e

Files

796d95c2b3d26c866f4a9309ae85e58e
.exe windows:5 windows x86 arch:x86

c1b0774101fc69936c8d07d1ff1500ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
GetDefaultCommConfigW
BuildCommDCBAndTimeoutsA
HeapAlloc
FlushConsoleInputBuffer
SetCommBreak
GetTickCount
OpenProcess
GlobalAlloc
WideCharToMultiByte
GetModuleFileNameW
GetVolumePathNameA
lstrlenW
DisconnectNamedPipe
FindFirstFileExA
GetLastError
GetLongPathNameW
EnumDateFormatsExA
SetVolumeLabelW
EnumSystemCodePagesW
SetFileApisToOEM
GetAtomNameA
ProcessIdToSessionId
GetProcessWorkingSetSize
SetConsoleCtrlHandler
GetCommMask
GetModuleHandleA
VirtualProtect
SetCalendarInfoA
GetWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrcpyA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
RtlUnwind
IsProcessorFeaturePresent
SetFilePointer
HeapFree
CloseHandle
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
CreateFileA
RaiseException
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
SetEndOfFile
GetProcessHeap
MultiByteToWideChar
ReadFile
WriteConsoleW
HeapSize
LCMapStringW
GetStringTypeW
CreateFileW

user32

GetCursorInfo

Exports

Exports

@calcPrecision@4

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1b0774101fc69936c8d07d1ff1500ee

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 6KB - Virtual size: 66.6MB

.rsrc Size: 29KB - Virtual size: 28KB

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 6KB - Virtual size: 66.6MB

.rsrc
Size: 29KB - Virtual size: 28KB