8d34ba6f885efd090878c3cffadb5ce7

Sharing

Copy URL Twitter E-mail

General

Target

8d34ba6f885efd090878c3cffadb5ce7
Size

500KB
MD5

8d34ba6f885efd090878c3cffadb5ce7
SHA1

57db8f0e85266da02bc9cb070d4a456b06b0e326
SHA256

1530d89eb8f285e46224dba10db2d2beb04eb2f2046969fb8ed4d29a346a7123
SHA512

a29e316f360e22ceaf5dc7ab6a409d14f2705fd3c3b17bc7722f5f7c9eb571ae4694914aa51076c12fc8fd4899b1fa208edfe5cfbf1e7a919075465185c7db17
SSDEEP

12288:EsXDerFKJyQr8kGjfAtc2Rgo3FeQSp5Y5nr:EsXkBQYStTgo30Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d34ba6f885efd090878c3cffadb5ce7

Files

8d34ba6f885efd090878c3cffadb5ce7
.exe windows:4 windows x86 arch:x86

3754c986db5ac6c2d84a4d1a7a42d51a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ewtr

Imports

user32

RegisterClassExA
RegisterClassA
CloseWindowStation

advapi32

RegSetValueExW
RegQueryValueExW
LogonUserA
CryptExportKey
LookupPrivilegeValueW
InitiateSystemShutdownA
RevertToSelf
RegSaveKeyW
CryptGenRandom
CryptCreateHash
CryptGenKey
CryptSetProviderA
LookupSecurityDescriptorPartsW
LookupPrivilegeDisplayNameW
RegLoadKeyW
CryptGetProvParam
LogonUserW

comctl32

InitCommonControlsEx

kernel32

GetConsoleScreenBufferInfo
LockFileEx
VirtualFree
SetEnvironmentVariableA
OpenWaitableTimerW
IsValidLocale
GetCurrentProcessId
InterlockedExchange
FlushFileBuffers
GetStringTypeA
GetLastError
GetTimeZoneInformation
GetProcAddress
GetLocaleInfoW
QueryPerformanceCounter
Sleep
WriteConsoleW
GetStdHandle
GetCurrentThread
WriteFile
SetThreadAffinityMask
CreateMutexA
lstrcpyA
SetHandleCount
EnterCriticalSection
GetModuleFileNameA
CloseHandle
FreeLibrary
LCMapStringA
CreateFileA
OpenFile
EnumSystemLocalesA
GetDateFormatA
LoadLibraryA
GetEnvironmentStringsW
GetOEMCP
GetCommandLineA
InterlockedIncrement
LocalSize
FreeEnvironmentStringsW
SetConsoleCtrlHandler
ReadFile
GetCurrentDirectoryA
TlsSetValue
GetSystemTimeAsFileTime
VirtualQuery
CompareStringA
TlsFree
MultiByteToWideChar
IsDebuggerPresent
HeapReAlloc
TlsAlloc
GetLogicalDriveStringsA
VirtualAlloc
FreeEnvironmentStringsA
DebugBreak
DeleteCriticalSection
GetLocaleInfoA
TlsGetValue
CompareStringW
GetModuleHandleW
GetStartupInfoA
GetConsoleOutputCP
SystemTimeToTzSpecificLocalTime
LeaveCriticalSection
SetConsoleCursorInfo
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetCurrentThreadId
HeapFree
WideCharToMultiByte
HeapSize
OpenMutexA
IsValidCodePage
InterlockedDecrement
GetCPInfo
LCMapStringW
HeapDestroy
GetTimeFormatA
SetConsoleTitleW
HeapCreate
ExitProcess
SetUnhandledExceptionFilter
HeapAlloc
GetTickCount
GetStringTypeW
SetStdHandle
GetModuleHandleA
SetLastError
GetEnvironmentStrings
GetConsoleCP
GetConsoleMode
RtlUnwind
TerminateProcess
GetACP
GetFileType
WriteConsoleA
EnumTimeFormatsA
UnhandledExceptionFilter
GetUserDefaultLCID

Sections

.text
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3754c986db5ac6c2d84a4d1a7a42d51a

Headers

File Characteristics

PDB Paths

Imports

user32

advapi32

comctl32

kernel32

Sections

.text Size: 355KB - Virtual size: 354KB

.rdata Size: 19KB - Virtual size: 40KB

.data Size: 105KB - Virtual size: 105KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 355KB - Virtual size: 354KB

.rdata
Size: 19KB - Virtual size: 40KB

.data
Size: 105KB - Virtual size: 105KB

.rsrc
Size: 20KB - Virtual size: 19KB