8de6aa466c2d3172c80f25e5de128c78

Sharing

Copy URL Twitter E-mail

General

Target

8de6aa466c2d3172c80f25e5de128c78
Size

5.2MB
MD5

8de6aa466c2d3172c80f25e5de128c78
SHA1

82b7afd3a0aec7e1236ce6195b6ff234109f0a60
SHA256

c11b4dc4b6d8eb9c8b6326388c2762c1acfda88d69a79f006394897d8a142aec
SHA512

d4fa5a2400b835f00bdb0af599e2857e08b9bf170a17799153b10d65c50366d771e9a30699d5743e9f1a4078e2584200b6782bd8be65e81f1568198a3d485d33
SSDEEP

98304:g1dqnFpdbf73e+ZxbKdVeCqPowudhT3mB2iLW5r:GsnHVCybKdVeCqmLT3mB2m2r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8de6aa466c2d3172c80f25e5de128c78

Files

8de6aa466c2d3172c80f25e5de128c78
.exe windows:5 windows x86 arch:x86

a3b58e5e1874729dad8cca310ce335bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
SetConsoleCtrlHandler
DeviceIoControl
EnterCriticalSection
HeapCreate
GetUserDefaultLCID
GetLocaleInfoW
SetErrorMode
TlsSetValue
UnhandledExceptionFilter
DeleteCriticalSection
LocalAlloc
GetConsoleCP
GetFileAttributesW
CreateThread
GetSystemInfo
GetFileType
GetCurrentProcessId
GetThreadLocale
ReleaseMutex
GetEnvironmentStrings
LeaveCriticalSection
GetProcAddress
FreeEnvironmentStringsW
DosDateTimeToFileTime
lstrcmpW
CreateFileMappingW
GetModuleHandleW
GetProfileIntW
GetStringTypeW
EnumSystemLanguageGroupsW
HeapFree
GetVersionExA
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetModuleFileNameW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InitializeCriticalSection
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetLocaleInfoA
HeapSize
SizeofResource
DuplicateHandle
CreateFileW
GetStartupInfoW
DeleteFileW
GetLastError
HeapAlloc

advapi32

RegCloseKey
CloseServiceHandle
GetLengthSid
OpenThreadToken
RegEnumValueW
SetSecurityDescriptorDacl

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
WTHelperGetProvCertFromChain
CryptCATAdminAcquireContext

user32

PtInRect
DdeCmpStringHandles
SetWindowTextW
CharNextW
ShowWindow

userenv

EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
UnregisterGPNotification
CreateEnvironmentBlock

Sections

.text
Size: 857KB - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 48.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3b58e5e1874729dad8cca310ce335bd

Headers

File Characteristics

Imports

kernel32

advapi32

wintrust

user32

userenv

Sections

.text Size: 857KB - Virtual size: 856KB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 1.7MB - Virtual size: 48.0MB

.rsrc Size: 364KB - Virtual size: 363KB

.text
Size: 857KB - Virtual size: 856KB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 1.7MB - Virtual size: 48.0MB

.rsrc
Size: 364KB - Virtual size: 363KB