8f4a490dc751613082e3a9e32592ab78

General

Target

8f4a490dc751613082e3a9e32592ab78
Size

43KB
MD5

8f4a490dc751613082e3a9e32592ab78
SHA1

61f6e68840fe57c9b2bed376a8a5a132ede0bbf6
SHA256

60a7254518fcb5b5f5707507bb1b0054dae3ea28eb9d311d83049d315e199ba4
SHA512

7928a0a4d92a74af65ead7cef3a0bfef3e2afe8fd7952ea93a186bdf55ffae153af4c2263909c45aa03bd16574f895ab546f9e5fa0e726d95471305e8c350aa7
SSDEEP

768:AsFRB0RRdJ2CyILFzIDvXF9BidETc86ndvn6vgmITABLh85DaPpInp6i659Cg:AyCyILZ0vXFBb6dyvjsBVEi6X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f4a490dc751613082e3a9e32592ab78

Files

8f4a490dc751613082e3a9e32592ab78
.exe windows:4 windows x86 arch:x86

248859e502178f60229aeecc1eb18fe1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertDefaultLocale
EnumResourceNamesW
ExitProcess
ExpandEnvironmentStringsA
FindNextFileW
FormatMessageA
FreeEnvironmentStringsW
GetCommandLineA
GetConsoleOutputCP
GetLargestConsoleWindowSize
GetVolumeInformationA
Heap32ListFirst
IsBadStringPtrA
LoadLibraryA
LoadModule
SetComputerNameW
SetDefaultCommConfigA
SetThreadLocale
WideCharToMultiByte
WriteConsoleOutputAttribute
WriteFileEx
lstrcpyW
lstrlen

advapi32

CryptContextAddRef
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptGetKeyParam
CryptGetProvParam
CryptSignHashA
CryptSignHashW
DeleteAce
DeleteService
DuplicateTokenEx
GetAccessPermissionsForObjectA
GetOverlappedAccessResults
GetSecurityInfoExA
GetServiceDisplayNameA
GetSidIdentifierAuthority
GetSidSubAuthority
InitializeSid
InitiateSystemShutdownA
LogonUserW
MakeSelfRelativeSD
OpenServiceW
QueryServiceStatus
ReadEventLogA
RegOpenKeyW
SetNamedSecurityInfoExW

user32

CallMsgFilter
CharToOemBuffA
DdeEnableCallback
DlgDirSelectExW
GetMessagePos
GetMonitorInfoA
GetMonitorInfoW
GetProcessDefaultLayout
GetPropA
GetSystemMetrics
InvalidateRect
LoadMenuA
ScrollWindowEx
SetCaretBlinkTime
SetDlgItemInt
SetRectEmpty
SwapMouseButton
TrackMouseEvent
UnloadKeyboardLayout
WINNLSEnableIME

Sections

.text
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

248859e502178f60229aeecc1eb18fe1

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: 512B - Virtual size: 12KB

.data Size: 42KB - Virtual size: 64KB

.idata Size: - Virtual size: 16KB

.rsrc Size: - Virtual size: 12KB

.text
Size: 512B - Virtual size: 12KB

.data
Size: 42KB - Virtual size: 64KB

.idata
Size: - Virtual size: 16KB

.rsrc
Size: - Virtual size: 12KB