aba1302f138dfa844c668e981f539689

Sharing

Copy URL

Twitter E-mail

General

Target

aba1302f138dfa844c668e981f539689
Size

88KB
MD5

aba1302f138dfa844c668e981f539689
SHA1

a7639061609c78cbbda59cc6f6b6ac5c5a62361e
SHA256

67cfe27df868b4872bbe7c0eddceaba57cbec9f7787423339e5689f32a1360b8
SHA512

b6ad0200c8613cb9d156765f6f32bcb63466437b2801e4dbb3eeb9c9af9abd26c5251b7e213830e039ee9fdb7914b3e6543cb2af6041e5fac4c2fe30181fce9c
SSDEEP

768:jXzdtbIlHgyHd3QBtBNWUUBmKunhg/zyyxn3n0SqUK0II/EhTtSUruZU9w:H7b0AyHdyLOunCbyq3n0UxIIKt7ruj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aba1302f138dfa844c668e981f539689

Files

aba1302f138dfa844c668e981f539689
.exe windows:4 windows x86 arch:x86

0c50af22bb6bc15ec7aa78299bccabc7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\docs\vircs\release\cssrs.pdb

Imports

psapi

GetModuleBaseNameW
EnumProcesses
EnumProcessModules

user32

wsprintfW
TranslateMessage
LoadAcceleratorsW
RegisterClassExW
LoadIconW
BeginPaint
LoadStringW
EndPaint
TranslateAcceleratorW
CreateWindowExW
GetMessageW
PostQuitMessage
DefWindowProcW
DispatchMessageW
LoadCursorW
RegisterDeviceNotificationW

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

CommandLineToArgvW

kernel32

FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
InterlockedIncrement
GetLocaleInfoA
CreateDirectoryW
OpenProcess
GetCommandLineW
CopyFileW
lstrlenW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapSize

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c50af22bb6bc15ec7aa78299bccabc7

Headers

File Characteristics

PDB Paths

Imports

psapi

user32

advapi32

shell32

kernel32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 32KB - Virtual size: 28KB