8ca8d237a56654e4bf5fa8989839bff9

Sharing

Copy URL

Twitter E-mail

General

Target

8ca8d237a56654e4bf5fa8989839bff9
Size

201KB
MD5

8ca8d237a56654e4bf5fa8989839bff9
SHA1

ca03bd8f65bccab5a28c293cc68b0bfac73d68d5
SHA256

673537eb3daf02d20d9056a257b1e4b7ce9f143b3f458b192885d8e8604079a7
SHA512

7395f1707fb71eb979e749684007084c4c084edd95490bd6d227c68e0759930a83098cfcfb3df4d724d2267aa8b74ca83b8d5d0722171147b9dc07bd196581c9
SSDEEP

6144:lHuZk5iqCchZwSpFQsWS/OpoueKxTUhTZN3C:RFec77QsWS/tK6hPC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ca8d237a56654e4bf5fa8989839bff9

Files

8ca8d237a56654e4bf5fa8989839bff9
.exe windows:4 windows x86 arch:x86

6fdb9456407d512b9d5db8615b52515a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
strstr
strrchr
strtok
__CxxFrameHandler
??3@YAXPAX@Z
exit
time
srand
rand
??2@YAPAXI@Z
_except_handler3

dbghelp

MakeSureDirectoryPathExists

kernel32

SetProcessWorkingSetSize
GetCommandLineA
SetUnhandledExceptionFilter
GetShortPathNameA
GetModuleHandleA
GetStartupInfoA
FreeLibrary
GetProcAddress
LoadLibraryA
HeapAlloc
GetProcessHeap
Process32Next
lstrlenA
WriteFile
CreateFileA
CloseHandle
GetCurrentProcess
GlobalFree
GlobalAlloc
SetFileTime
LocalFileTimeToFileTime
lstrcpyA
GetLastError
lstrcatA
Sleep
WritePrivateProfileStringA
GetCurrentProcessId
DeleteFileA
GetVersionExA
ExitProcess
CopyFileA
MultiByteToWideChar
OpenProcess

user32

IsCharAlphaNumericA
wsprintfA

advapi32

OpenSCManagerA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegCloseKey
FreeSid
ControlService
OpenServiceA
ChangeServiceConfigA
RegCreateKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

psapi

GetModuleFileNameExA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fdb9456407d512b9d5db8615b52515a

Headers

File Characteristics

Imports

msvcrt

dbghelp

kernel32

user32

advapi32

shell32

ole32

psapi

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 19KB - Virtual size: 20KB

.rsrc Size: 155KB - Virtual size: 154KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 155KB - Virtual size: 154KB