8f057647cf46e0c74887a450493972e9

General

Target

8f057647cf46e0c74887a450493972e9
Size

136KB
MD5

8f057647cf46e0c74887a450493972e9
SHA1

3bc5406e3d6d4ae54fd853b31c3db63ac927745c
SHA256

7619e799b48afb12941bedb16e5e39107be1accef25b1ee1fc43777b79e04433
SHA512

83ae45d2abcb876358eb353b9d089ff375824f748b854a9d4ba1aff318462c83b8126691820097782997b2d808e36b1b009dbfef25f1e49789bc7c0f211ddc45
SSDEEP

3072:YPSObB+C19UCcmq9d1OU6zCyQY/aJTcFxn6xTzU09a/7FXVV2d:ngBr4Rmyd0UyCyQYiJTcPMU0Y/7vV2d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f057647cf46e0c74887a450493972e9

Files

8f057647cf46e0c74887a450493972e9
.exe windows:1 windows x86 arch:x86

06e5821b543fa4d782af8b5ac2c2a457

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProfileStringA
OpenProcess
GetWindowsDirectoryA
EnterCriticalSection
DeleteFileA
InitializeCriticalSection
CloseHandle
ReadFile
GetLastError
FindClose
DuplicateHandle
lstrcpyW
VirtualFree
Sleep
CopyFileA
LeaveCriticalSection
RegisterWaitForInputIdle
WriteFile
GetModuleFileNameA
GetStringTypeExA
GetModuleHandleA
GetModuleFileNameW
GetCurrentProcess
GetFirmwareEnvironmentVariableA
CreateFileA
GetSystemDirectoryW
GetFileSizeEx
BackupSeek
ReadConsoleInputA
GetDateFormatW
lstrcpyA
FreeUserPhysicalPages
FindFirstFileA
GlobalUnlock
Heap32Next
EnumResourceTypesA
VirtualAlloc
lstrcatA
ConvertDefaultLocale

advapi32

LookupPrivilegeValueA
InitiateSystemShutdownW
QueryServiceConfig2A
RegQueryValueExA
OpenProcessToken
EnumServicesStatusA
OpenSCManagerA
RegCloseKey
WmiReceiveNotificationsW
RegOpenKeyA
RegisterServiceCtrlHandlerExA
AdjustTokenPrivileges
CloseServiceHandle
RegSetValueExA
BuildTrusteeWithSidW

ntdll

RtlFreeUnicodeString
NtQuerySystemInformation
strstr
vsprintf
memcpy
RtlAnsiStringToUnicodeString
NtQueryObject
strlen
wcsstr
RtlInitAnsiString
ZwLoadDriver

ole32

CoCreateGuid

ws2_32

GetAddrInfoW
WSAInstallServiceClassW
htons
htonl
htonl
connect
send
socket
WSAStartup
closesocket

psapi

EnumProcesses
GetProcessImageFileNameA

user32

CharLowerW

Sections

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 411B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06e5821b543fa4d782af8b5ac2c2a457

Headers

File Characteristics

Imports

kernel32

advapi32

ntdll

ole32

ws2_32

psapi

user32

Sections

.data Size: 10KB - Virtual size: 9KB

.text Size: 512B - Virtual size: 411B

.idata Size: 2KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 9KB

.text
Size: 512B - Virtual size: 411B

.idata
Size: 2KB - Virtual size: 2KB