98074f57974ba3a7a2528eae2efcde67

Sharing

Copy URL Twitter E-mail

General

Target

98074f57974ba3a7a2528eae2efcde67
Size

74KB
MD5

98074f57974ba3a7a2528eae2efcde67
SHA1

9543be5b44344e999d8878c9ba74fddf19f62953
SHA256

7f9c2a0770270d9c2a44f5288ba4c1c2961c9310740939adf7097e9fa77d8a3d
SHA512

115025c5a87d683d22ba933aa1b1e4444d67ce02ed6fa8f06636f60443535675331fbba2f7ee20601b216c3942ad8b93c135e6e5f47bdb48021733c281aa7cbd
SSDEEP

1536:Wrjt3ckEybIrejOLWUPj1xbKCZ1fRHaIZUabODaBCMkpsf:Ct3ckEP6dU7VnlaBaCDIkps

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98074f57974ba3a7a2528eae2efcde67

Files

98074f57974ba3a7a2528eae2efcde67
.exe windows:4 windows x86 arch:x86

531ed2ebab2b36c1fba06922cba44885

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
ChangeServiceConfig2A
EqualSid
GetUserNameA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumValueA
RegOpenKeyA
RegQueryValueA
StartServiceA
UnlockServiceDatabase

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateProcessA
CreateThread
CreateToolhelp32Snapshot
DeleteAtom
DisableThreadLibraryCalls
EnterCriticalSection
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FindNextFileA
FlushFileBuffers
FreeEnvironmentStringsA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsA
GetExitCodeProcess
GetFileType
GetLastError
GetLocaleInfoA
GetModuleHandleA
GetOEMCP
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetTempPathA
GetUserDefaultLCID
GetVersionExA
GetWindowsDirectoryA
GlobalFree
GlobalReAlloc
GlobalUnlock
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InterlockedExchange
InterlockedIncrement
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MapViewOfFile
Module32First
MoveFileA
OpenEventA
QueryPerformanceCounter
ReadFile
ReadProcessMemory
SearchPathA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WriteConsoleA
WritePrivateProfileStringA
lstrcmpiA

ole32

CoFreeUnusedLibraries
CoInitializeEx
CoTaskMemFree
CoUninitialize
OleInitialize
OleRegEnumVerbs

user32

CharUpperA
CopyRect
DefWindowProcA
DestroyWindow
DrawIcon
EnableMenuItem
EqualRect
ExitWindowsEx
GetAsyncKeyState
GetCapture
GetDlgCtrlID
GetKeyState
GetMenuItemCount
GetMessagePos
GetWindowThreadProcessId
LoadBitmapA
MapWindowPoints
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
ReleaseCapture
SendDlgItemMessageA
SetDlgItemTextA
SetForegroundWindow
SetMenu
SetTimer
SetWindowTextA
SystemParametersInfoA
TrackPopupMenu

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

CODE
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

531ed2ebab2b36c1fba06922cba44885

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

user32

version

Sections

CODE Size: 38KB - Virtual size: 40KB

BSS Size: - Virtual size: 12KB

CRT Size: 29KB - Virtual size: 32KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

CODE
Size: 38KB - Virtual size: 40KB

BSS
Size: - Virtual size: 12KB

CRT
Size: 29KB - Virtual size: 32KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB