8b3668a8542e1b57c9d5592b3d43bc4b

Sharing

Copy URL Twitter E-mail

General

Target

8b3668a8542e1b57c9d5592b3d43bc4b
Size

333KB
MD5

8b3668a8542e1b57c9d5592b3d43bc4b
SHA1

dd7112cd725a4c4b445748db0dfd28c59ebd1d8d
SHA256

1d9e1b58e0c970a0e4ae2604a4e8a5ada9820fa18ae80d272ac34b2750d54f8c
SHA512

f5e916689dac81adb9b15cfc9bfdd4f5593fe20ab9f531420f62ab22f55efe2c9d473247226790c9f9624f05f851abf966d4281ef601bc18f86fa7bf19306f66
SSDEEP

3072:mQM6G0689nx9n3rYwhRNvpbE3Vr6JjoyiPhyEN2VDtt6taDMEVunrbaH0ByofkTR:mQp9x5YwiVWAx864Pumz+K/su

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b3668a8542e1b57c9d5592b3d43bc4b

Files

8b3668a8542e1b57c9d5592b3d43bc4b
.exe windows:6 windows x86 arch:x86

98bb82864dea82e538c650e095b6d2fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bcdedit.pdb

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

GetFileType
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
WriteFile
CreateFileW
CloseHandle
DeviceIoControl
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetStdHandle
UnmapViewOfFile
MapViewOfFile
SearchPathW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
Sleep
QueryDosDeviceW
GetLastError
SetLastError
FindResourceExW
LoadResource
GetLocaleInfoW
GetVersionExW
CreateFileMappingW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage

msvcrt

__p__fmode
__setusermatherr
_initterm
memcpy
memset
memmove
?terminate@@YAXXZ
_controlfp
_cexit
isdigit
isxdigit
isleadbyte
_fileno
calloc
free
localeconv
mbtowc
__mb_cur_max
_iob
_snprintf
_itoa
wctomb
malloc
ferror
iswctype
wcstombs
_read
__badioinfo
__pioinfo
realloc
_isatty
_write
_lseeki64
ungetc
bsearch
wcsncmp
strncmp
wcsstr
wcsrchr
memcmp
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_errno
_wcsupr
_wcslwr
_wsetlocale
towupper
iswspace
_vsnwprintf
wcschr
_wcstoui64
wcstoul
_wcsnicmp
_wcsicmp

ntdll

RtlUnwind
NtClose
NtOpenFile
RtlStringFromGUID
RtlGUIDFromString
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlCompareMemory
RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
ZwClose
ZwOpenFile
ZwQuerySystemInformation
ZwCreateEvent
ZwWaitForSingleObject
ZwDeviceIoControlFile
ZwUnloadKey
ZwCreateKey
ZwOpenThreadTokenEx
RtlCreateAcl
ZwQueryAttributesFile
RtlFreeSid
RtlSetDaclSecurityDescriptor
ZwDeleteValueKey
ZwSetValueKey
ZwAdjustPrivilegesToken
ZwSaveKey
ZwOpenProcessTokenEx
ZwCreateFile
ZwQueryValueKey
RtlLengthSecurityDescriptor
ZwSetSecurityObject
RtlAddAccessAllowedAceEx
ZwLoadKey
RtlAllocateAndInitializeSid
ZwDeleteKey
ZwEnumerateKey
RtlLengthSid
RtlCreateSecurityDescriptor
ZwQueryKey
ZwOpenKey
RtlSetOwnerSecurityDescriptor
ZwQuerySymbolicLinkObject
RtlInitAnsiString
RtlGetVersion
LdrGetProcedureAddress
LdrGetDllHandle
ZwOpenSymbolicLinkObject
ZwQueryVolumeInformationFile
ZwDeleteFile
ZwResetEvent
ZwQueryInformationFile
NtQuerySystemInformation
ZwAllocateUuids
NtOpenKey
NtDeviceIoControlFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtWaitForSingleObject
NtCreateEvent
NtQueryValueKey
NtSetValueKey
NtResetEvent
NtCreateKey
NtSetSecurityObject
NtDeleteKey
RtlInitUnicodeString

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98bb82864dea82e538c650e095b6d2fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

Sections

.text Size: 158KB - Virtual size: 158KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 146KB - Virtual size: 146KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 158KB - Virtual size: 158KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 146KB - Virtual size: 146KB

.reloc
Size: 8KB - Virtual size: 8KB