79c5fa069d782072ccd8471534a91a44

Sharing

Copy URL

Twitter E-mail

General

Target

79c5fa069d782072ccd8471534a91a44
Size

228KB
MD5

79c5fa069d782072ccd8471534a91a44
SHA1

51172b2c774036ca82f68f524fbbf8850e8fdbb8
SHA256

e45993f2ed9e4c75c4248ffd700011d3766da4bed7bcf1206ff8657be05f1a95
SHA512

706557a517cd1eff0c62447c752d3ea9f096fb7cbece2d58c77fb3b7adbcbeb037dd5fc21381a652bf92220c61276fa4f33e6f5145ec27b3fafb11b9ed293520
SSDEEP

3072:btkwP3n314oNx0iJKmmzuVaVvOTwl/lAwSLRjhRx/hrulRBTH7PLCEbEFIrvDC:b+wP3nzql/uNRjhR7uRB7aY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79c5fa069d782072ccd8471534a91a44

Files

79c5fa069d782072ccd8471534a91a44
.exe windows:5 windows x86 arch:x86

876462491a90458b4a726d9305aff8b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

unregmp2.pdb

Imports

msvcrt

iswalnum
strstr
strchr
memmove
malloc
_itow
_wtol
strncpy
iswalpha
_wtoi
_vsnprintf
_wcsicmp
wcslen
??3@YAXPAX@Z
??2@YAPAXI@Z
wcsstr
wcsrchr
_wcslwr
_wcsupr
strncat
wcsncmp
_wcsnicmp
wcschr
wcscmp
mbstowcs
free
wcsncat
wcsncpy
swscanf
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_vsnwprintf

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyExA
RegQueryValueExW
RegSetValueExW
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyW
RegEnumKeyA
RegCreateKeyExA
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CreateProcessW
CreateProcessA
GetShortPathNameW
GetShortPathNameA
GetWindowsDirectoryW
GetCurrentThreadId
CreateFileMappingW
CreateFileMappingA
GetVersionExW
WritePrivateProfileStringW
WritePrivateProfileStringA
SetFileAttributesW
SetFileAttributesA
IsBadWritePtr
MoveFileW
MoveFileA
MoveFileExW
MoveFileExA
LoadLibraryExW
LoadLibraryExA
LoadLibraryA
GetTempPathW
GetTempPathA
GetPrivateProfileStringW
GetPrivateProfileStringA
lstrcpynW
GetModuleHandleW
GetFileAttributesW
GetCurrentDirectoryW
GetCurrentDirectoryA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
GetProfileStringA
GetProfileStringW
GetSystemDirectoryA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
DeleteFileW
DeleteFileA
CreateFileW
CreateDirectoryW
CopyFileW
CopyFileA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
WriteFile
MapViewOfFile
UnmapViewOfFile
GetTickCount
QueryPerformanceCounter
FreeLibrary
FindClose
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetLastError
GetModuleHandleA
GetProcAddress
SetLastError
LocalFree
GetSystemDirectoryW
RemoveDirectoryA
RemoveDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
WriteProfileStringA
WriteProfileStringW
GetStartupInfoA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryW
GetCurrentProcessId
CloseHandle
GetFileAttributesA
GetVersionExA
GetTimeZoneInformation
GetFileTime
GetExitCodeProcess
WaitForMultipleObjects
GetCommandLineW
GetFileSize
CreateFileA
GetWindowsDirectoryA
CreateDirectoryA
SetEndOfFile
SetFilePointer

ole32

CoCreateGuid
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CoCreateInstance
StringFromGUID2

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteW
SHGetSpecialFolderPathA
SHGetMalloc

shlwapi

PathRemoveBlanksW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW

user32

LoadStringA
LoadStringW
PostMessageA
PostMessageW
RegisterWindowMessageA
SendMessageA
IsWindow
CharNextA

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

876462491a90458b4a726d9305aff8b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

oleaut32

shell32

shlwapi

user32

version

Sections

.text Size: 180KB - Virtual size: 178KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 180KB - Virtual size: 178KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 40KB - Virtual size: 40KB