98094f7c5b1e096dadd0276aff440871

General

Target

98094f7c5b1e096dadd0276aff440871
Size

91KB
MD5

98094f7c5b1e096dadd0276aff440871
SHA1

c33d3e21983dc7f7044a60f5281a342234753711
SHA256

332a5fc943f21e8e33b192d342ed297c5f4004f1f4a28c2f2976c9cf3b86d701
SHA512

72cb038f1748db9a78ce38a676e5de6677dc56fc987b6c6c7d8058aeda62d1d1f618cdc2d621546c460910a05eabdb04e00e8fa31c6be72a0cbb9718c8904217
SSDEEP

1536:FKcIXT+IWM+zB3NX5WheWlY8MVO/zUDlvfMbqS8F5QnumNLTsdlSequu+0F7DSB8:ZTB3NXUh288lvUH87QuOLTYSnuu/p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98094f7c5b1e096dadd0276aff440871

Files

98094f7c5b1e096dadd0276aff440871
.exe windows:5 windows x86 arch:x86

ab175555c87c71320be11bcab00c3052

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumePathNameW
GetStdHandle
GetAtomNameW
GlobalMemoryStatus
Heap32ListNext
VirtualAlloc
DeleteTimerQueueEx
GlobalGetAtomNameA
_lread
FreeUserPhysicalPages
LoadLibraryA
GetConsoleAliasesLengthA
SetLocaleInfoW
CreateDirectoryA
GetTickCount
GlobalCompact
GetVersion
FindFirstVolumeA

msvcrt20

??0ofstream@@QAE@H@Z
_adj_fdiv_m32i
_CIatan2
_mbsnbcnt
_vsnwprintf
atan2
atoi
_msize
atan
_putw
_execl
asctime

ntdll

ZwCreateDebugObject
RtlCustomCPToUnicodeN
NtNotifyChangeKey
ZwQueryEaFile
NtSetTimerResolution
NtReadRequestData
strcmp
wcstoul
NtAdjustPrivilegesToken
ZwOpenEventPair
RtlExtendedMagicDivide
memchr
ZwReplyWaitReplyPort

polstore

IPSecCopyAuthMethod
IPSecCopyNegPolData
IPSecDeletePolicyData
IPSecFreePolicyData
IPSecSetNegPolData
IPSecFreeNegPolData
IPSecGetAssignedPolicyData
IPSecAllocPolStr
IPSecCreateFilterData
IPSecCopyFilterSpec
IPSecFreeFilterSpec
IPSecFreeMulFilterData
IPSecAllocPolMem

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab175555c87c71320be11bcab00c3052

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt20

ntdll

polstore

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 28KB - Virtual size: 37KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 184B

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 28KB - Virtual size: 37KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 184B