642cdb7d3fe463d3c7c4190c2d5c506078de310aaaa1a63b91710f830e951204

Sharing

Copy URL Twitter E-mail

General

Target

642cdb7d3fe463d3c7c4190c2d5c506078de310aaaa1a63b91710f830e951204
Size

220KB
MD5

29df7fef0f313b47666fdcebca9c3fd1
SHA1

0de7e6e9d683c247179c919040aa457c82ad865b
SHA256

642cdb7d3fe463d3c7c4190c2d5c506078de310aaaa1a63b91710f830e951204
SHA512

05cca4c52851f0c46c178ac39e0f1ead126a19954917281503a16a508880b15a466dd340b62fefab6122f4ab360614951c935100aff0169568d992c3f08f2d2c
SSDEEP

3072:5K41/O0oo1+TXGa8QWDBo1ir9SIRUTScmqaZd6jpEC0UtcsPnUp9:7jooEWa8QWDBnr1QkqeA2C0YcWnUP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
642cdb7d3fe463d3c7c4190c2d5c506078de310aaaa1a63b91710f830e951204

Files

642cdb7d3fe463d3c7c4190c2d5c506078de310aaaa1a63b91710f830e951204
.exe windows:5 windows x86 arch:x86

8c5db66a31be73b4cefcbea78208a6f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
CreateFileA
SetDefaultCommConfigA
FindFirstFileW
SetLocaleInfoA
WriteConsoleInputW
HeapAlloc
UpdateResourceA
VerSetConditionMask
InterlockedDecrement
GetNamedPipeHandleStateA
OutputDebugStringW
GetNumberFormatA
ReadConsoleW
WriteFile
GetCommandLineA
GlobalAlloc
TerminateThread
GetLocaleInfoW
ReadConsoleInputA
SetConsoleCP
GlobalFlags
CreateActCtxA
FindNextVolumeMountPointW
GetStartupInfoW
CreateJobObjectA
GetCPInfoExW
GetLastError
GetProcAddress
HeapSize
IsValidCodePage
VerLanguageNameW
LoadLibraryA
WriteConsoleA
UnhandledExceptionFilter
OpenWaitableTimerW
GetConsoleScreenBufferInfo
IsWow64Process
BuildCommDCBAndTimeoutsW
GetModuleHandleA
OpenFileMappingW
SetProcessShutdownParameters
LocalSize
GetWindowsDirectoryW
GetProfileSectionW
ExpandEnvironmentStringsW
CloseHandle
WriteConsoleW
SetStdHandle
WideCharToMultiByte
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetACP
GetOEMCP
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileW

user32

CharToOemBuffW
CharUpperW

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yas
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c5db66a31be73b4cefcbea78208a6f8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 93KB - Virtual size: 92KB

.data Size: 88KB - Virtual size: 3.6MB

.yas Size: 1KB - Virtual size: 1KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 93KB - Virtual size: 92KB

.data
Size: 88KB - Virtual size: 3.6MB

.yas
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 36KB - Virtual size: 36KB