87633eb6eeb7edd72ded8e33ef0c2920

Sharing

Copy URL

Twitter E-mail

General

Target

87633eb6eeb7edd72ded8e33ef0c2920
Size

124KB
MD5

87633eb6eeb7edd72ded8e33ef0c2920
SHA1

ec1e166039a14fedb584f04a50bca85af36f00fb
SHA256

1c896bcb561ed46a1b63bb55acdb1249d0f1151b415b54d57ece2a1a37ad712d
SHA512

3fd660edc3dd66780050e751fc830262c1adaa61611ee799927b427c595c0ce5f96f6a893669a2bd18c8652e0870deabda5e14968c91395e34e18de059ad78cc
SSDEEP

3072:GlhkajfwqM9F1DDmMtSNV5PuqLJsoUm9IYcsF+LnJ5d7q+:GXkajovDmMtSNVNSm9JinrV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

87633eb6eeb7edd72ded8e33ef0c2920

resource
87633eb6eeb7edd72ded8e33ef0c2920

Files

87633eb6eeb7edd72ded8e33ef0c2920
.exe windows:4 windows x86 arch:x86

5c69799bd3fc7b78fac9532d4f9b6d8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents

wtsapi32

WTSCloseServer
WTSQueryUserToken
WTSLogoffSession
WTSOpenServerA

mpr

WNetAddConnection2A
WNetGetUserA
WNetGetUniversalNameA

netapi32

NetApiBufferFree
NetWkstaGetInfo
NetGetAnyDCName
NetWkstaSetInfo

setupapi

SetupGetIntField
SetupGetLineByIndexA
SetupGetLineCountA
SetupGetLineTextA
SetupGetSourceInfoA
SetupGetStringFieldA
SetupGetTargetPathA
SetupIterateCabinetA
SetupPromptReboot
SetupQueryInfVersionInformationA
SetupQuerySourceListA
SetupQuerySpaceRequiredOnDriveA
SetupAddToSourceListA
SetupGetFieldCount
SetupRemoveFromSourceListA
SetupSetPlatformPathOverrideA
SetupSetSourceListA
SetupOpenMasterInf
SetupQueueDeleteA
SetupGetBinaryField
SetupRemoveFileLogEntryA
SetupOpenLog
SetupCloseLog
SetupInitializeFileLogA
SetupTerminateFileLog
SetupLogErrorA
SetupFreeSourceListA
SetupDefaultQueueCallbackA
SetupCopyOEMInfA
SetupQueueRenameA
SetupCancelTemporarySourceList
SetupQueueCopyA
SetupTermDefaultQueueCallback

wintrust

WinVerifyTrust

kernel32

HeapAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
SetStdHandle
RtlUnwind
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WriteFile
SetFilePointer
IsBadWritePtr
HeapReAlloc
VirtualAlloc
FatalAppExitA
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
HeapCreate
HeapDestroy
CloseHandle
GetLastError
HeapFree
LeaveCriticalSection
EnterCriticalSection
CreateProcessA
SetTapePosition
FindNextChangeNotification
GetCommandLineA
GetVersion
ExitProcess

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c69799bd3fc7b78fac9532d4f9b6d8e

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wtsapi32

mpr

netapi32

setupapi

wintrust

kernel32

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 44KB - Virtual size: 650KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 44KB - Virtual size: 650KB

.reloc
Size: 4KB - Virtual size: 3KB