aa5ed9c43f9f541a765a9d36cc9447e5

Sharing

Copy URL Twitter E-mail

General

Target

aa5ed9c43f9f541a765a9d36cc9447e5
Size

248KB
MD5

aa5ed9c43f9f541a765a9d36cc9447e5
SHA1

cb762e5f12efac7bf9f2fe1a2d5a2639c98001b2
SHA256

b3a92758bc0b356e614b0110fdad54d44b3f84f51ec21ba0383720a076ca40bb
SHA512

67a8688a256bacf6d9a4867cdcc1599063a48bbb372ecc2d517d50396067276e39eac19de9e0c6105b73f40a79a8b8ec5c88c7b74bb644479d9b2bdaae51a72d
SSDEEP

6144:8bD9MZLorLibmUuH/iKi+X/LMcKw2ra/kK/:89MFofibmu+XwC9/kK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa5ed9c43f9f541a765a9d36cc9447e5

Files

aa5ed9c43f9f541a765a9d36cc9447e5
.exe windows:4 windows x86 arch:x86

c80a16ac9e153043a4cb490384d61b5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DialogBoxParamA

psapi

GetModuleFileNameExA

kernel32

FreeEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetModuleHandleA
GetLastError
GetThreadContext
GetCurrentThread
LockResource
LoadResource
FindResourceA
WriteProcessMemory
VirtualProtectEx
GetCurrentProcess
WaitForSingleObject
CreateThread
GetProcAddress
LoadLibraryA
IsBadReadPtr
VirtualAlloc
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
GetFullPathNameA
GetCurrentDirectoryA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
MultiByteToWideChar
ReadFile
RtlUnwind
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
HeapSize
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CreateFileA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c80a16ac9e153043a4cb490384d61b5f

Headers

File Characteristics

Imports

user32

psapi

kernel32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 164KB - Virtual size: 162KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 164KB - Virtual size: 162KB

.reloc
Size: 8KB - Virtual size: 5KB