a255a7860d5f4316139471b53ebcbcf9

Sharing

Copy URL Twitter E-mail

General

Target

a255a7860d5f4316139471b53ebcbcf9
Size

305KB
MD5

a255a7860d5f4316139471b53ebcbcf9
SHA1

6ca62182e9d198f5c9ff8a71865bb60406260e12
SHA256

e57e9a6abe2a42bafb3552462f251daddf077f131653b54cb786c41ce73d6e09
SHA512

ea75343d8850a99a1e80c22ed09244542b94ef20ec23559460c7c302101d49b3d831025b2e02a2f41f0c1a7e9506cd2870a30871f5a949c6f66dcfbcaa236e11
SSDEEP

6144:KV1rhrT6XFwPMviz0sinT1G1frl1dnIZXHky71NkQG2sHAM2ckS708:KVDru6Mvizx2GJlbQky71NzGP/2ck

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a255a7860d5f4316139471b53ebcbcf9

Files

a255a7860d5f4316139471b53ebcbcf9
.exe windows:4 windows x86 arch:x86

c55c63b72d53ef24d858756c10fe13c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memmove
NtDuplicateObject
NtClose
RtlNewSecurityObject
ZwClose
RtlReleasePebLock
NtQueryVolumeInformationFile
NtCompleteConnectPort
NtPowerInformation
RtlImageNtHeader
iswctype
RtlCreateEnvironment

activeds

ord25
ord12
ord21
ord5
ord22
ord3
ord6
ord26
ord27
ord18
ord20
ord7
ord13
ord16
ord17

kernel32

ExitProcess
GetCommTimeouts
DeleteTimerQueue
CreateTimerQueue
FormatMessageW
lstrcmpiA
LCMapStringA
VirtualAlloc
Module32FirstW
GetFileTime
GetDateFormatA
GlobalFree
CopyFileA
GetVersion

msjet40

ord302
ord110
ord148
ord155
ord172
ord113
ord912
ord195
ord112
ord158
ord146
ord106
ord132
ord803
ord187
ord176
ord316
ord171
ord906
ord804

msvcrt

rand
asctime
sinh
strstr
fprintf
__p__commode
_purecall
_putch
tolower
__crtLCMapStringA
__p__fmode
wcsstr
fscanf
_fstati64
ferror
iswascii
_exit
_rotl

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textbs
Size: 74KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 85KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 55KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 62KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c55c63b72d53ef24d858756c10fe13c6

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

activeds

kernel32

msjet40

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 512B - Virtual size: 19KB

.textbs Size: 74KB - Virtual size: 127KB

.data Size: 85KB - Virtual size: 137KB

DATA Size: 55KB - Virtual size: 104KB

.CRT Size: 62KB - Virtual size: 111KB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 19KB

.textbs
Size: 74KB - Virtual size: 127KB

.data
Size: 85KB - Virtual size: 137KB

DATA
Size: 55KB - Virtual size: 104KB

.CRT
Size: 62KB - Virtual size: 111KB

.rsrc
Size: 19KB - Virtual size: 18KB