8d89debd077cdfc400bf1ae6b046354f

Sharing

Copy URL Twitter E-mail

General

Target

8d89debd077cdfc400bf1ae6b046354f
Size

15KB
MD5

8d89debd077cdfc400bf1ae6b046354f
SHA1

fa6d629fe54e7f777db7133b5277b044b6b3080d
SHA256

f01beae2df9868d5186590418445d32563a4123b5e8de63779df54329ebe2309
SHA512

224fb26c6ffa2cd88a9d7faf4f21a4bc338d557ded1eb6f5444359df8f8704fd9584023c192fb389c5b48739e311ff27ab0a5ab32644b6f792077d736cfe7f03
SSDEEP

384:I2jfufVU8+CSJRZJyadNR0+iUKMgJfo454:IGufq7ZJDjKf1t54

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d89debd077cdfc400bf1ae6b046354f

Files

8d89debd077cdfc400bf1ae6b046354f
.exe windows:4 windows x86 arch:x86

3c41a977cbcad0473d302e745a88a789

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLastError
GetCurrentProcess
HeapFree
RemoveDirectoryA
SetLastError
DeleteFileA
CopyFileA
lstrcpyA
GetModuleFileNameA
lstrlenA
LocalFree
FormatMessageA
lstrcatA
lstrcmpA
WriteFile
CreateFileA
SizeofResource
LockResource
DebugBreak
HeapReAlloc
GetShortPathNameA
Sleep
GetTickCount
TerminateProcess
WaitForSingleObject
OpenProcess
WritePrivateProfileStringA
MoveFileExA
CreateDirectoryA
GetWindowsDirectoryA
FindClose
FindFirstFileA
GetTempPathA
GetSystemInfo
GetVersionExA
HeapCreate
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
LoadResource
FindResourceA
GetModuleHandleA

user32

MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
GetWindow
SetWindowPos
DispatchMessageA
PeekMessageA
DestroyWindow
wsprintfA
GetSystemMetrics
CreateWindowExA
MessageBoxA
ExitWindowsEx
FindWindowA
UpdateWindow
CreateDialogParamA
ShowWindow
SendMessageTimeoutA
IsWindow
GetWindowThreadProcessId
GetWindowTextA
GetDlgItem
GetWindowTextLengthA
GetParent
SetWindowTextA
GetWindowLongA
CharNextA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

setupapi

SetupInstallFromInfSectionA
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallback
SetupFindFirstLineA
SetupGetStringFieldA
SetupDefaultQueueCallbackA
SetupCloseInfFile
SetupOpenInfFileA
SetupFindNextLine
SetupSetDirectoryIdA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c41a977cbcad0473d302e745a88a789

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

setupapi

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 964B

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 964B

.rsrc
Size: 3KB - Virtual size: 3KB