994ef162d1bca9883c5068520efb855c

Sharing

Copy URL

Twitter E-mail

General

Target

994ef162d1bca9883c5068520efb855c
Size

674KB
MD5

994ef162d1bca9883c5068520efb855c
SHA1

a0a24fd77dad669ec5ddc2cccadec908c85e872f
SHA256

e95c2f944adae24f488a44593fe198000763d56f548632ba3b44c59f84d704ac
SHA512

54014e9e48d5ac9f07e53299e06aaaf9ab9ad8276a93fb4ee8c1a2a46195304c43816e4ec2185949cdc6243a20a7ed69eaa0ef091a2e6d8fe6b32680f4b92961
SSDEEP

12288:MuddGJ0B0Mo3NbgnZpo3S2nKWkgAlO7PAdRUFC+nYCC2z6duCMwRvqj:Mv+5sNWZaKWBgO7PAXUolC5z3Zaqj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
994ef162d1bca9883c5068520efb855c

Files

994ef162d1bca9883c5068520efb855c
.exe windows:4 windows x86 arch:x86

bc95c98857a5021de504357394e61ffa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\alcg\jud.pdb

Imports

kernel32

GetStdHandle
GetProfileSectionW
OutputDebugStringW
FreeEnvironmentStringsA
VirtualFree
GetStringTypeA
GetCurrentThreadId
DeleteFiber
SetUnhandledExceptionFilter
GetCPInfo
CreateEventA
GetACP
EnumSystemLocalesA
GetSystemTimeAsFileTime
HeapDestroy
FlushFileBuffers
HeapAlloc
HeapReAlloc
EnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
GetProcAddress
FileTimeToDosDateTime
LCMapStringA
LeaveCriticalSection
GetUserDefaultLCID
WriteFileEx
SetFilePointer
GetLastError
LoadLibraryW
IsDebuggerPresent
SetLastError
GetTimeZoneInformation
CompareStringW
FreeLibrary
DeleteCriticalSection
WideCharToMultiByte
ReadFile
TlsAlloc
GetStringTypeW
GetCommandLineA
WriteConsoleW
RtlUnwind
lstrlenA
RaiseException
VirtualQuery
GetDateFormatA
OutputDebugStringA
HeapCreate
GetEnvironmentStringsW
TlsGetValue
WritePrivateProfileStringA
GetLocaleInfoW
GetModuleHandleW
InterlockedDecrement
GetConsoleMode
HeapSize
CompareStringA
OpenMutexA
GetCurrentThread
TlsFree
GetVolumeInformationW
IsBadReadPtr
CreateFileW
GetEnvironmentStrings
HeapFree
LoadLibraryA
Sleep
ExitProcess
CloseHandle
CreateMutexA
IsValidLocale
GetStartupInfoA
GetOEMCP
InterlockedIncrement
WriteConsoleA
MultiByteToWideChar
DebugBreak
WriteFile
LCMapStringW
SetEnvironmentVariableA
GetModuleFileNameA
GetFileType
GetCurrentProcessId
TlsSetValue
TerminateProcess
InitializeCriticalSectionAndSpinCount
GetTickCount
HeapValidate
GetTimeFormatA
CreateFileA
FreeEnvironmentStringsW
SetStdHandle
GetLocaleInfoA
IsValidCodePage
GetProcessHeap
GetModuleHandleA
GetConsoleOutputCP
InterlockedExchange
GetModuleFileNameW
GetConsoleCP
SetHandleCount
QueryPerformanceCounter
SetConsoleCtrlHandler
GetCurrentProcess

comctl32

InitCommonControlsEx

user32

GetGUIThreadInfo
AppendMenuA
SwapMouseButton
DrawIconEx
CharPrevW
SetDoubleClickTime
BeginDeferWindowPos
RegisterClassExA
SetDeskWallpaper
CreateMDIWindowW
CreateCaret
SetClassLongA
DefFrameProcA
DrawTextA
CharToOemW
ShowWindow
RegisterClassA
DestroyCursor

Sections

.text
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc95c98857a5021de504357394e61ffa

Headers

File Characteristics

PDB Paths

Imports

kernel32

comctl32

user32

Sections

.text Size: 471KB - Virtual size: 471KB

.rdata Size: 75KB - Virtual size: 99KB

.data Size: 107KB - Virtual size: 107KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 471KB - Virtual size: 471KB

.rdata
Size: 75KB - Virtual size: 99KB

.data
Size: 107KB - Virtual size: 107KB

.rsrc
Size: 18KB - Virtual size: 18KB