a2f1d51291bf25559e8bdd9e8b2d5c2a

Sharing

Copy URL Twitter E-mail

General

Target

a2f1d51291bf25559e8bdd9e8b2d5c2a
Size

104KB
MD5

a2f1d51291bf25559e8bdd9e8b2d5c2a
SHA1

1f3204c4b15f5eb70dae652cfcb0f11f4d176d43
SHA256

1d945e932c69821e5341f86ff71ab2a334b1990c178e43f91f6598a842d067d9
SHA512

e276bd9fda83b8d1649cdcfe5c9825d0067de65d44e15f3802574ace07d7a839dc1abda3fe8efe4e2f8e652944bc383bb48f4942eefe8131f2035442f443cab8
SSDEEP

1536:y4xBRI6rpeK/7PsDOwFbHE2TRWYFMDY5lBTVp+hfU/DGdjZri:y45I7ckDO+HaYSD4lRgc/iTi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2f1d51291bf25559e8bdd9e8b2d5c2a

Files

a2f1d51291bf25559e8bdd9e8b2d5c2a
.exe windows:4 windows x86 arch:x86

225919c525c3ca9889fae75ead504309

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
DebugBreak
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
GetVersionExA
SetStdHandle
FlushFileBuffers
SetFilePointer
OpenFile
LCMapStringW
LCMapStringA
HeapSize
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
EnterCriticalSection
LeaveCriticalSection
ProcessIdToSessionId
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetLastError
OpenProcess
CreateFileA
WriteFile
CloseHandle
GetCurrentThreadId
Sleep
GetExitCodeProcess
CreateThread
lstrlenA
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
TerminateProcess
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

user32

CharNextA
wvsprintfA
LoadStringA
CharLowerA

advapi32

CreateServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegisterEventSourceA
ReportEventA
DeleteService
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeregisterEventSource
LookupPrivilegeValueA
AdjustTokenPrivileges
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSFreeMemory

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

225919c525c3ca9889fae75ead504309

Headers

File Characteristics

Imports

kernel32

user32

advapi32

userenv

wtsapi32

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 20KB - Virtual size: 19KB