87fe7c3144b8b81dcb94b7298fc140a6

Sharing

Copy URL Twitter E-mail

General

Target

87fe7c3144b8b81dcb94b7298fc140a6
Size

142KB
MD5

87fe7c3144b8b81dcb94b7298fc140a6
SHA1

e42be99f09f987f16177cedb8aa8729c156d1316
SHA256

5f9c6def364fed45cece263da26a71520e659c9626d11e19e85c965c6ced928b
SHA512

1004f99bd2bcaa8671e3b21beb187c669d54dc82f38714c01e76c19eb618a5551fd09d9b69ed7f926a606fc53e8fdb358cee5a3d34821e2f7dd756d5c298c42f
SSDEEP

3072:9yaFlTkZp+QBLh6/BabEdGZLVAVluz/RdzdMkJt3KE:9yaF+ZF34ALVAVlurRdzdtJt3j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87fe7c3144b8b81dcb94b7298fc140a6

Files

87fe7c3144b8b81dcb94b7298fc140a6
.exe windows:5 windows x86 arch:x86

e7a67205f50199cab72d9871f66b874c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetProcAddress
GetModuleHandleA
CopyFileA
LoadLibraryExA
FreeLibrary
DeleteFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateFileA
WriteFile
CloseHandle
GetTempFileNameA
GetSystemTime
GetFileAttributesA
DeviceIoControl
SystemTimeToFileTime
GetCurrentProcessId
FreeLibraryAndExitThread
GetCurrentProcess
CreateFileW
GetFileSize
ReadFile
SetFilePointer
SetEndOfFile
GetModuleHandleW
CopyFileW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
Sleep
DeleteFileW
ExitProcess
GetCommandLineA
CreateThread
GetSystemTimeAsFileTime
VirtualProtect
VirtualFree
GetLastError
GetVersionExA
MoveFileExW
GetTempFileNameW
GetTempPathW
GetModuleFileNameW
GetWindowsDirectoryW
VirtualAlloc

advapi32

QueryServiceStatusEx
StartServiceA
OpenSCManagerA
OpenServiceA
GetUserNameW
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyA
CloseServiceHandle

ntdll

RtlComputeCrc32
LdrAddRefDll
ZwImpersonateThread
ZwOpenThread
RtlEqualUnicodeString
ZwQueryInformationToken
wcsncpy
ZwOpenFile
ZwClose
ZwLoadDriver
strncat
ZwCreateEvent
RtlInitUnicodeString
_snwprintf
atoi
ZwTestAlert
RtlRandom
ZwRaiseHardError
RtlAdjustPrivilege
ZwQuerySystemInformation
sscanf
strncpy
_chkstk
memcpy
_snprintf
RtlImageNtHeader
ZwDeviceIoControlFile
memset

shlwapi

StrStrIW
SHDeleteKeyA
PathFileExistsW
StrStrIA
PathFileExistsA
PathAppendA
PathFindFileNameW
SHGetValueA
PathRemoveFileSpecA

imagehlp

CheckSumMappedFile

psapi

GetMappedFileNameW

rpcrt4

UuidCreateSequential

wininet

InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetQueryOptionA
InternetSetOptionA
InternetCloseHandle
InternetOpenA

shell32

ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

winspool.drv

DeletePrintProvidorW
AddPrintProvidorW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.config
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7a67205f50199cab72d9871f66b874c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

shlwapi

imagehlp

psapi

rpcrt4

wininet

shell32

ole32

winspool.drv

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 10KB - Virtual size: 9KB

.config Size: 109KB - Virtual size: 108KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 10KB - Virtual size: 9KB

.config
Size: 109KB - Virtual size: 108KB

.reloc
Size: 1KB - Virtual size: 1KB