a200e5100a526568dc355bc74a74f786

Sharing

Copy URL Twitter E-mail

General

Target

a200e5100a526568dc355bc74a74f786
Size

59KB
MD5

a200e5100a526568dc355bc74a74f786
SHA1

cd89cdf603058d51b07967617527794ce68f945f
SHA256

7aac7f6e11227f9ff4c57d0bb17c3d454f06e59902a96c9b6bbb21658f27fe17
SHA512

d32408559e56bf2213858e8416592832b1bcf3e21b867f5ea1eeb3302f242489eead8ffa5430ab2b663b47496324a2a801eaab00a2569206dbffd196c39ed463
SSDEEP

768:UyVpuV30vZAD+yDypaWdZZ3qvPijUc6VVtWhNSpWY1gE0VHXwD0TObE63MRIVlk2:FVEp0PhcYR6BaSpW7VAAibncKkfglp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a200e5100a526568dc355bc74a74f786

Files

a200e5100a526568dc355bc74a74f786
.exe windows:5 windows x86 arch:x86

d36fc06dabee37c88542101d8b6b6571

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wnsprintfA
StrCmpNIA
PathCombineW
StrStrW
wvnsprintfA
PathFileExistsW
StrCmpNIW
wvnsprintfW
PathRemoveFileSpecW
PathMatchSpecW
SHDeleteKeyA
PathFindFileNameW
wnsprintfW

kernel32

HeapFree
GetFileSizeEx
GetProcessTimes
GetModuleFileNameW
lstrlenW
OpenMutexW
Sleep
CreateFileW
GetUserDefaultUILanguage
SetFileAttributesW
WideCharToMultiByte
DeleteFileW
MapViewOfFile
lstrlenA
FindResourceW
MoveFileExW
GetModuleHandleA
SetEndOfFile
FindNextFileW
ExpandEnvironmentStringsW
CreateThread
WriteProcessMemory
CreateFileMappingW
GetTickCount
ReadFile
SetFileTime
ResetEvent
lstrcpyA
GetFileTime
GetDriveTypeW
HeapAlloc
CreateProcessW
SetFilePointer
lstrcpyW
GetSystemTime
WriteFile
LeaveCriticalSection
GetProcessHeap
GetLastError
FlushFileBuffers
lstrcmpiA
IsBadReadPtr
lstrcpynW
CreateMutexW
GlobalLock
lstrcatW
InitializeCriticalSection
GlobalUnlock
GetSystemTimeAsFileTime
WaitForSingleObject
EnterCriticalSection
CreateEventW
ReleaseMutex
SetThreadPriority
GetCurrentThreadId
GetFileSize
GetComputerNameW
UnmapViewOfFile
GetLocalTime
MultiByteToWideChar
FindClose
GetTimeZoneInformation
SetLastError
GetThreadPriority
GetExitCodeProcess
GetLogicalDrives
FindFirstFileW
lstrcatA
HeapReAlloc
GetVersionExW
CopyFileW
CreateDirectoryW
SetEvent
GetTempPathW
OpenProcess
lstrcmpiW
DisconnectNamedPipe

advapi32

CryptGetHashParam

Sections

.dcz
Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qhyd
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dytmb
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rqx
Size: 27KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d36fc06dabee37c88542101d8b6b6571

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

Sections

.dcz Size: 22KB - Virtual size: 45KB

.qhyd Size: 5KB - Virtual size: 10KB

.dytmb Size: 1024B - Virtual size: 1KB

.rqx Size: 27KB - Virtual size: 132KB

.rsrc Size: 2KB - Virtual size: 4KB

.dcz
Size: 22KB - Virtual size: 45KB

.qhyd
Size: 5KB - Virtual size: 10KB

.dytmb
Size: 1024B - Virtual size: 1KB

.rqx
Size: 27KB - Virtual size: 132KB

.rsrc
Size: 2KB - Virtual size: 4KB