8ae26092bcb145a978cfa3629e0fd282

General

Target

8ae26092bcb145a978cfa3629e0fd282
Size

63KB
MD5

8ae26092bcb145a978cfa3629e0fd282
SHA1

9b2ee2fc2221a1ba1f3a72e2badc3bd70559164b
SHA256

cf7115af23cadd726c5700e6396233a23df019809633b1078506b1904f9762e1
SHA512

e3820b9535dab1ef79d69c839f2650e73c753697f7e1fcafab3f298c380b4cb10d029ae1fc515c032ec4b23c1f30ad1e6d75824e266f92342e458781e1b233c4
SSDEEP

768:0pMi6Ai5LKcCUSpmj3JUGyu4n0jksLcTklSDkXWZepbUq1z/Y:0ei8Gc7j5Ui40jnFWZepbUqC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ae26092bcb145a978cfa3629e0fd282

Files

8ae26092bcb145a978cfa3629e0fd282
.exe windows:4 windows x86 arch:x86

9629327f490fe20b8ef25cd012c9db78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtFindAtom
NtAddAtom
strncat
_strcmpi
memcmp
_snwprintf
RtlInitUnicodeString
memcpy
_strlwr
strstr
strncmp
sprintf
memset
NtQuerySystemInformation
_wcsicmp
RtlAdjustPrivilege
strcmp
NtAllocateVirtualMemory
NtFreeVirtualMemory

kernel32

CreateFileA
MoveFileA
HeapSize
HeapReAlloc
GetVersion
ExitProcess
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetProcAddress
GetModuleHandleA
lstrcmpA
GetLastError
GetVersionExA
VirtualFreeEx
VirtualUnlock
VirtualLock
VirtualAllocEx
GetCurrentProcessId
lstrcatA
GetSystemDirectoryA
MapViewOfFile
CloseHandle
CreateFileMappingA
CopyFileA
UnmapViewOfFile
DeviceIoControl
lstrcpyA
GetFileSize
GetFileAttributesA
GetEnvironmentVariableA
VirtualFree
CreateRemoteThread
WriteProcessMemory
VirtualAlloc
OpenProcess
lstrlenA
WriteFile
LoadLibraryA
WaitForSingleObject
CreateProcessA
GetModuleFileNameA

advapi32

CloseServiceHandle
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
ChangeServiceConfigA
DeleteService
CreateServiceA
RegOpenKeyExA
OpenSCManagerA
OpenServiceA
StartServiceA
RegCloseKey
RegEnumKeyA

user32

GetDesktopWindow

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9629327f490fe20b8ef25cd012c9db78

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

user32

Sections

.text Size: 60KB - Virtual size: 60KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 60KB - Virtual size: 60KB

.reloc
Size: 1KB - Virtual size: 1KB