99d6d21d1e58b38d4a8acc3f234a83b6

Sharing

Copy URL Twitter E-mail

General

Target

99d6d21d1e58b38d4a8acc3f234a83b6
Size

422KB
MD5

99d6d21d1e58b38d4a8acc3f234a83b6
SHA1

1ddd76c042013d272e09880ecc462002b0ed8298
SHA256

da9d2f49e2beca586c80fe1c142f29089a3c8587b47665c02f6185fc1f5e0a57
SHA512

2269de854fa7f5c6bedd6f17f4738304ebadc5e15b991464a9216af15d574583c9769eaefb7751d9afa7b472d598a483b66047abf76b9c0ffcb391a5eb7fe6c5
SSDEEP

12288:H+7vPlnKf8a+DXwDovFYNtoTML/TaeaA+uF:Hc05CXwDodY7j7uea4F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99d6d21d1e58b38d4a8acc3f234a83b6

Files

99d6d21d1e58b38d4a8acc3f234a83b6
.exe windows:4 windows x86 arch:x86

64845f863b22ff1550b6d6b4111197a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyW
CryptGetDefaultProviderA
CryptSetProviderW
RegSetValueW
CryptGetDefaultProviderW
LookupPrivilegeValueW
CryptImportKey
RegSetValueExA
CryptGetProvParam
RegCreateKeyExA
CryptAcquireContextA
GetUserNameA
LookupPrivilegeDisplayNameW
CryptVerifySignatureA
RegDeleteValueW
RegQueryMultipleValuesA
RegCreateKeyA
InitiateSystemShutdownA
RegRestoreKeyW
RegLoadKeyW
CryptSignHashA
CryptGetKeyParam
CryptEnumProviderTypesW
LookupAccountSidW

kernel32

FreeEnvironmentStringsW
HeapFree
GetCurrentThread
QueryPerformanceCounter
WriteFile
ReadConsoleOutputAttribute
EnterCriticalSection
LCMapStringW
SetConsoleCtrlHandler
EnumSystemLocalesA
InterlockedExchange
InterlockedIncrement
HeapCreate
MultiByteToWideChar
GlobalFindAtomA
GetLocaleInfoA
HeapReAlloc
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
VirtualQuery
GetCurrentThreadId
GetACP
GetSystemTime
RtlUnwind
FreeLibrary
TlsAlloc
SetHandleCount
CompareStringW
TlsSetValue
SetEnvironmentVariableA
HeapSize
GetStringTypeW
GetLocaleInfoW
GetTimeZoneInformation
HeapAlloc
WideCharToMultiByte
GetCPInfo
CreateFileA
GetStdHandle
GetSystemTimeAsFileTime
GetStartupInfoW
Sleep
GetTimeFormatA
GetCurrentProcess
SetThreadContext
GetCurrentProcessId
GetStringTypeA
GetEnvironmentStringsW
InterlockedDecrement
GetModuleHandleA
GetModuleFileNameA
VirtualFree
GetCommandLineW
GetOEMCP
TerminateProcess
SetUnhandledExceptionFilter
GetUserDefaultLCID
IsValidCodePage
GetDateFormatA
ExitProcess
GetStartupInfoA
CompareStringA
SetLastError
LCMapStringA
WriteConsoleA
TlsFree
HeapDestroy
GetModuleFileNameW
IsValidLocale
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
GetFileType
UnhandledExceptionFilter
VirtualAlloc
TlsGetValue
GetTickCount
IsDebuggerPresent
GetLastError

gdi32

PaintRgn
CreateScalableFontResourceA
GetLogColorSpaceA
CreateDIBPatternBrush
EnumFontFamiliesW
FillRgn
ExtEscape
CloseMetaFile
AngleArc
GetTextMetricsW
GetCurrentObject
ExtTextOutW
AnimatePalette
SelectPalette
GetMetaRgn
GetBrushOrgEx
GetMapMode
SetLayout
WidenPath
CheckColorsInGamut

user32

RemovePropW
CreateDialogParamA
SetActiveWindow
TabbedTextOutA
KillTimer
GetKeyboardLayoutNameW
OemToCharA
SetTimer

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64845f863b22ff1550b6d6b4111197a8

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 9KB - Virtual size: 24KB

.data Size: 279KB - Virtual size: 279KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 9KB - Virtual size: 24KB

.data
Size: 279KB - Virtual size: 279KB

.rsrc
Size: 5KB - Virtual size: 5KB