StartIsBack___v2[.]9[.]1_Patched_for_Win10-1607-[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

StartIsBack___v2.9.1_Patched_for_Win10-1607-.exe
Size

1.4MB
MD5

cb4afeb3bb84b1f7bcf49c82b3e42b0a
SHA1

649fe27586bcaa2fe342908816b3aeda8c8796fa
SHA256

165d68f1fa287c97f0c4c5d40411f7169067a999cc6509f479f1668e64d82f56
SHA512

74f246d1ff33941c32d425611ffbb442fd356fc69b36063ac6ce928070012a02383f2d97cf90210c7446d712e369c92088bd63b6b40040e213f07adc066bb108
SSDEEP

24576:ZjJAIU/UjZm5U1SbcjMBHgyso5JdkMJgYOzwVKDKSircEnNJO1a47IJbUK:ZjJxxBGcjYlsGQUg3wVKvSNJi7mbUK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
StartIsBack___v2.9.1_Patched_for_Win10-1607-.exe

Files

StartIsBack___v2.9.1_Patched_for_Win10-1607-.exe
.exe windows:4 windows x86 arch:x86

0b96bfb4aed20508029b028a4dff1761

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
SysAllocString

user32

SendMessageA
SetTimer
KillTimer
DialogBoxParamA
SetWindowLongA
GetWindowLongA
SetWindowTextW
SetWindowTextA
LoadIconA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
DestroyWindow
EndDialog
PostMessageA
ShowWindow
MessageBoxW
GetDlgItem
DialogBoxParamW

shell32

ShellExecuteExA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memcpy
free
malloc
_CxxThrowException
_purecall
memmove
__CxxFrameHandler
memcmp

kernel32

CloseHandle
GetStartupInfoA
GetModuleHandleA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventA
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetStdHandle
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathA
GetTempPathW
GetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetFullPathNameA
GetFullPathNameW
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
SetFileAttributesA
SetFileAttributesW
SetLastError
CreateFileW
SetFileTime
FormatMessageA
FormatMessageW
LocalFree
GetModuleFileNameA
GetModuleFileNameW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
GetCommandLineW
WaitForSingleObject
CreateProcessA

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b96bfb4aed20508029b028a4dff1761

Headers

File Characteristics

Imports

oleaut32

user32

shell32

msvcrt

kernel32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 10KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 83KB - Virtual size: 82KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 10KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 83KB - Virtual size: 82KB