9a5e858726e4dc083b6dbb26e7cf48fd

Sharing

Copy URL

Twitter E-mail

General

Target

9a5e858726e4dc083b6dbb26e7cf48fd
Size

158KB
MD5

9a5e858726e4dc083b6dbb26e7cf48fd
SHA1

47faba36f535619042bd1b827afa5a4cfaa1233e
SHA256

f5e796635be07b5a527d80949440f8e9256324bfcc2f0c790e98782bfc5d98fc
SHA512

10140a53c8e5a90b733c2675f6b751332e28cd49055623efa2b6e7c1aa4d4e65c7e396562170788ec6ec2131b057f08d406f3dd47e78c3f5b1115e71b7387b8a
SSDEEP

3072:ClA6KbpA+Gpl7zYRi3+Cni/uUwUAJbHte/MEfjPDk:ClHKbm+GplARi9iD05UUEjDk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a5e858726e4dc083b6dbb26e7cf48fd

Files

9a5e858726e4dc083b6dbb26e7cf48fd
.exe windows:5 windows x86 arch:x86

120fa0dd5f762b1a255cfa04eda09cc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BackupWrite
SetFileTime
DeleteFileA
SystemTimeToFileTime
HeapFree
GetFileAttributesA
QueryDosDeviceA
GetCommandLineA
DeviceIoControl
SetEvent
CreateProcessA
SetThreadAffinityMask
SetFileAttributesA
SetEndOfFile
SetErrorMode
FreeLibrary
GetSystemDirectoryA
GetDriveTypeA
OpenEventA
ReadFile
GetDiskFreeSpaceA
CreateFiber
CopyFileA
GetCurrentProcessId
ExitProcess
GetSystemTime
WideCharToMultiByte
GetCurrentThreadId
RemoveDirectoryA
DeleteCriticalSection
MoveFileA
LocalFileTimeToFileTime
DosDateTimeToFileTime
VirtualQuery
GetTickCount
FindFirstFileA
Sleep
CreateEventA
MoveFileExA
GetProcessHeap
CreateThread
CreateFileA
SetHandleContext
SetUnhandledExceptionFilter
GetFileSize
EnterCriticalSection
GetProcAddress
SetFilePointer
GetVersionExA
TerminateProcess
IsDebuggerPresent
QueryPerformanceCounter
WriteFile
HeapAlloc
lstrcpynA
GetCurrentDirectoryA
ExpandEnvironmentStringsA
LeaveCriticalSection
Sleep
SetLastError
CloseHandle
FindNextFileA
FindClose
GetExitCodeProcess
GetSystemTimeAsFileTime

user32

SendDlgItemMessageA
LoadStringA
DialogBoxParamA
ShowWindow
MessageBoxA
SendMessageA
EndDialog
SetParent

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

advapi32

CryptReleaseContext
AllocateAndInitializeSid
CryptAcquireContextA
AddAccessAllowedAce
InitializeSecurityDescriptor
CryptGenRandom
InitiateSystemShutdownA
SetSecurityDescriptorDacl
GetLengthSid
OpenProcessToken
GetTokenInformation
InitializeAcl

ntdll

NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken
NtShutdownSystem

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hapn
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 139KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

120fa0dd5f762b1a255cfa04eda09cc6

Headers

File Characteristics

Imports

kernel32

user32

shell32

advapi32

ntdll

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 9KB

.hapn Size: 3KB - Virtual size: 3KB

.edata Size: 139KB - Virtual size: 155KB

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 9KB

.hapn
Size: 3KB - Virtual size: 3KB

.edata
Size: 139KB - Virtual size: 155KB