a9f67bc2238331df5a7eef4adb2b3d47

Sharing

Copy URL

Twitter E-mail

General

Target

a9f67bc2238331df5a7eef4adb2b3d47
Size

56KB
MD5

a9f67bc2238331df5a7eef4adb2b3d47
SHA1

acc89b5fd06c6037c30557e2cd51a15b01927a24
SHA256

6d50f1ae783da4dcd1827e12b44ce54bc1b785df68cbc04943356af142c422e8
SHA512

192defc2fadf607b36535182d836e6d855b186d1cd9a1edc05fabaf946746a04995cfad7cc99fdc65c161f4c65ec06db421878d790f964ef30ef9e915ef044de
SSDEEP

768:vnifwXI1GyKLiNKqy+Xlhwcw4wftZ3X6MLHpS/bMM7ZhU:vnriKkNtXljgtZ3qMLJyDt6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9f67bc2238331df5a7eef4adb2b3d47

Files

a9f67bc2238331df5a7eef4adb2b3d47
.exe windows:4 windows x86 arch:x86

e816e8d8014b5a1a2f5cd3127c2a7016

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
FlushFileBuffers
ReadFile
CreateEventW
CreateFileA
SetEnvironmentVariableA
FindClose
InterlockedExchangeAdd
GlobalLock
LCMapStringA
WriteFileEx
TlsGetValue
DeleteFileW
LockResource
SetLastError
SetErrorMode
CompareStringW
InterlockedDecrement
GetEnvironmentStrings
SetFilePointerEx
TlsSetValue
GetLocaleInfoA
DeleteFileA
FormatMessageW
TlsFree
GetFileAttributesA
CreateProcessA
GetModuleHandleA
InitializeCriticalSection
WaitForMultipleObjectsEx
LocalAlloc
RaiseException
GetFileAttributesW
LCMapStringW
LoadResource
SetHandleCount
FreeEnvironmentStringsA
LocalFree
GetThreadLocale
InterlockedCompareExchange
GetModuleFileNameW
SetEvent
ReadFileEx
lstrlenW
HeapSize
ReleaseMutex
GetStdHandle
GlobalUnlock
GetStringTypeA
GetFileSize
SetStdHandle
GetFileType
GetExitCodeProcess
FindCloseChangeNotification
ResetEvent
GetCurrentDirectoryA
CompareStringA
VirtualFree
InterlockedIncrement
GetStringTypeW
FreeEnvironmentStringsW
VirtualAlloc
GetModuleHandleW
GetCurrentThread
SizeofResource
GetLastError
GetStartupInfoA

gdi32

CreateRoundRectRgn
CreateDCA
CreateSolidBrush
CreatePolygonRgn
CreateRectRgn
CreateFontIndirectA

setupapi

SetupUninstallOEMInfA

advapi32

RegSetKeySecurity
RegCreateKeyExA
QueryServiceStatus
ControlService
RegGetKeySecurity
RegDeleteValueA
RegEnumValueA
RegCloseKey
RegConnectRegistryA
RegQueryValueExA
EnumServicesStatusA
RegDeleteKeyA
GetUserNameA
InitiateSystemShutdownA
RegEnumKeyExA
RegFlushKey
LookupPrivilegeValueA
OpenProcessToken
RegNotifyChangeKeyValue
OpenSCManagerA
OpenServiceA
RegSetValueExA
RegRestoreKeyA
RegOpenKeyExA
OpenEncryptedFileRawW
OpenEventLogW
OpenSCManagerW
OpenServiceW
OpenThreadToken
RegCreateKeyW
RegEnumKeyExW
ReadEventLogW
RegConnectRegistryW
RegCreateKeyA
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyA

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e816e8d8014b5a1a2f5cd3127c2a7016

Headers

File Characteristics

Imports

kernel32

gdi32

setupapi

advapi32

msvcrt

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 32KB - Virtual size: 112KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 32KB - Virtual size: 112KB

.rsrc
Size: 8KB - Virtual size: 7KB