7df9b0eb9ec909ebae7983cd98df67f5

Sharing

Copy URL Twitter E-mail

General

Target

7df9b0eb9ec909ebae7983cd98df67f5
Size

81KB
MD5

7df9b0eb9ec909ebae7983cd98df67f5
SHA1

5d3230f4d08ee0ca0d836dae049e7fcc764c6089
SHA256

7bc952456b92884f95a1d44feae8c1dadf32986a33067d68e3edab005cd30c64
SHA512

718ebd839d9a3b1bef95161e638d3bf8ec6be62cf51fc55a3a3f8b6d70ad2c754c9055360cbd81bd2abe39dd9d614ed60cd57f07d7c51de113151b54a1fa9ae1
SSDEEP

1536:vHqDRsn9psJT6p2PWgq9egC90zW8LS/S3XEHCfmw0gzH7OAiB+Wi:i109piMf9egCOS8LS/gpfmw0gzbONMWi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7df9b0eb9ec909ebae7983cd98df67f5

Files

7df9b0eb9ec909ebae7983cd98df67f5
.exe windows:5 windows x86 arch:x86

4d957368e205c74ba6800af65d61436a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
SetParent
EndDialog
ShowWindow
DialogBoxParamA
LoadStringA
MessageBoxA
SendDlgItemMessageA

kernel32

FindNextFileA
CreateThread
ExpandEnvironmentStringsA
GetDriveTypeA
RemoveDirectoryA
DeleteFileA
TerminateProcess
DeviceIoControl
MoveFileExA
WideCharToMultiByte
WaitForSingleObject
SetLastError
OpenEventA
GetDiskFreeSpaceA
GetCurrentDirectoryA
SetHandleContext
QueryDosDeviceA
SetEndOfFile
SystemTimeToFileTime
GetCommandLineA
GetVersion
ReadFile
GetProcessHeap
SetErrorMode
CreateEventA
CloseHandle
WriteFile
SetTimeZoneInformation
GetFileAttributesA
FindClose
CreateProcessA
HeapFree
GetTickCount
VirtualQuery
GetExitCodeProcess
DosDateTimeToFileTime
GetSystemTime
GetProcAddress
GetProcessHeap
SetFileAttributesA
CreateFileA
SetUnhandledExceptionFilter
GetSystemDirectoryA
HeapAlloc
FindFirstFileA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetVersionExA
BackupWrite
SetThreadAffinityMask
FreeLibrary
LocalFileTimeToFileTime
LoadLibraryA
QueryPerformanceCounter
lstrcpynA
SetFileTime
GetFileSize
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
DeleteCriticalSection
Sleep
MoveFileA
CopyFileA
ExitProcess
SetEvent
GetCurrentThreadId

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

advapi32

InitializeAcl
GetLengthSid
AddAccessAllowedAce
GetTokenInformation
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
AllocateAndInitializeSid
SetSecurityDescriptorDacl
OpenProcessToken
InitializeSecurityDescriptor
InitiateSystemShutdownA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ymltml
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 129KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d957368e205c74ba6800af65d61436a

Headers

File Characteristics

Imports

user32

kernel32

ntdll

shell32

advapi32

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 122KB

.ymltml Size: 3KB - Virtual size: 3KB

.edata Size: 129KB - Virtual size: 247KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 122KB

.ymltml
Size: 3KB - Virtual size: 3KB

.edata
Size: 129KB - Virtual size: 247KB