9a8e87ac5b5bc2c7b93f25d72e345cf2

Sharing

Copy URL Twitter E-mail

General

Target

9a8e87ac5b5bc2c7b93f25d72e345cf2
Size

369KB
MD5

9a8e87ac5b5bc2c7b93f25d72e345cf2
SHA1

37cb09ef44762c979b9c183a10eeb3fed508f4b0
SHA256

37526bbc5fbc0885a19af1244d35a071f5cd60f1a7f6e1b4b49d63d1f4dfe661
SHA512

61e6a2f97ba6801e058a33b329bf00378f2ed3a6326f0be1f1a330229790bebf45d86b37aaa19e59392add61a2f69cfb6194aec80ab7fe330847ceb3fff401da
SSDEEP

6144:mSZCsqx9kMed6wpYeiMZ1rLgfskhy3uXUo+rVhdEEkuwA+XHh:mSZ2YdlYN41HgtVmrfdEEJgXH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a8e87ac5b5bc2c7b93f25d72e345cf2

Files

9a8e87ac5b5bc2c7b93f25d72e345cf2
.exe windows:4 windows x86 arch:x86

c27f347e37785160018938d4e77d04d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlOpenCurrentUser
strstr
NtQueryValueKey
RtlInitString
RtlExpandEnvironmentStrings_U
NtCreateSymbolicLinkObject
RtlFreeSid
RtlQueryRegistryValues
LdrGetProcedureAddress
NtSetInformationProcess
DbgPrint
RtlAnsiStringToUnicodeString
_wcsicmp
RtlAppendUnicodeStringToString
RtlCreateUnicodeString
NtOpenKey
RtlEqualSid
wcscat
NtCreateSection
RtlCopyUnicodeString
NtResetEvent
NtTerminateThread
NtOpenSymbolicLinkObject
LdrLoadDll
NtSetEvent
RtlCreateUserThread
wcslen
RtlCopyLuid
NtSetValueKey
NtQuerySymbolicLinkObject
RtlEnterCriticalSection
RtlCharToInteger
NtOpenProcessToken
NtQuerySystemInformation
LdrGetDllHandle
RtlLeaveCriticalSection
NtClose
RtlCompareUnicodeString
RtlUpcaseUnicodeChar
LdrUnloadDll
NtMakePermanentObject
_wcsnicmp
wcsncpy
NtSetInformationObject
NtDuplicateObject
NtCreateDirectoryObject
NtOpenProcess
NtCreateEvent
DbgBreakPoint
RtlSetDaclSecurityDescriptor
NtQueryInformationToken
swprintf
RtlInitializeCriticalSection
RtlAllocateAndInitializeSid
NtNotifyChangeKey
_snwprintf
RtlCreateSecurityDescriptor
RtlInitializeCriticalSectionAndSpinCount
NtQueryObject
NtMakeTemporaryObject
RtlPrefixUnicodeString
wcscpy
memmove
NtOpenThreadToken
RtlEqualUnicodeString
NtQueryInformationProcess
NtOpenThread
NtQueryDefaultLocale
RtlCreateTagHeap
NtCreateSemaphore

kernel32

VirtualAlloc

samlib

SamConnectWithCreds
SamRemoveMultipleMembersFromAlias
SamiEncryptPasswords
SamTestPrivateFunctionsUser

user32

CallMsgFilterA

msi

MsiConfigureProductA
MsiDatabaseCommit
MsiConfigureFeatureW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 305KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c27f347e37785160018938d4e77d04d8

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

samlib

user32

msi

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 305KB - Virtual size: 1.1MB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 44KB - Virtual size: 44KB

.rdata Size: 14KB - Virtual size: 13KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 305KB - Virtual size: 1.1MB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 44KB - Virtual size: 44KB

.rdata
Size: 14KB - Virtual size: 13KB

.reloc
Size: 512B - Virtual size: 64B