8b42396bba43901845d0fcbaa505d3ff

Sharing

Copy URL Twitter E-mail

General

Target

8b42396bba43901845d0fcbaa505d3ff
Size

324KB
MD5

8b42396bba43901845d0fcbaa505d3ff
SHA1

d1c03d644d6cf2746570ce3799b2c1c7b5b870f8
SHA256

e617e231be2fa75bbb0f8f2c640542d4fa5fdfbdec5afe8fb894ed98e2c9bdf9
SHA512

5860289489db67c74e037cd9fc4e02b5ca26a84405302c968a9a4097b627fc94ea3a3b48fe75ae04baa3ddb368845a16cb326129580345512e19b24f2ebd7116
SSDEEP

6144:9EpcVROh4NKYcCoZ4Xzo8F27SgtaSh21c35fukn5okHZ14JIFjRf5:9ccqh4NKYcCoZgM8F2XgSGc35p5oyIqL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b42396bba43901845d0fcbaa505d3ff

Files

8b42396bba43901845d0fcbaa505d3ff
.exe windows:5 windows x86 arch:x86

563e5757b6c774d4b588b0df29ac33c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringFreeW

kernel32

LoadLibraryExW
InterlockedDecrement
MultiByteToWideChar
InterlockedIncrement
DisableThreadLibraryCalls
GetModuleFileNameW
HeapDestroy
EnterCriticalSection
DeleteCriticalSection
lstrcpynW
FindResourceW
lstrcmpiW
lstrlenA
GetStartupInfoA
lstrcatW
LoadResource
LeaveCriticalSection
GetLastError
InitializeCriticalSection
lstrlenW
lstrcpyW
FreeLibrary

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

ntdll

RtlAddAccessAllowedAce
NtAllocateVirtualMemory
RtlAdjustPrivilege

msvcrt

_except_handler3
_purecall
wcslen
wcsncat
_initterm
_adjust_fdiv
free
malloc
wcscpy
realloc
wcsncpy
__CxxFrameHandler

user32

CharNextW

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

oleaut32

VariantClear

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

563e5757b6c774d4b588b0df29ac33c3

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

ole32

ntdll

msvcrt

user32

advapi32

oleaut32

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 1.4MB

.rdata Size: 298KB - Virtual size: 298KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 1.4MB

.rdata
Size: 298KB - Virtual size: 298KB

.tls
Size: 512B - Virtual size: 4KB