ad8c6c49d5f6b1b730001a038d379960

Sharing

Copy URL

Twitter E-mail

General

Target

ad8c6c49d5f6b1b730001a038d379960
Size

317KB
MD5

ad8c6c49d5f6b1b730001a038d379960
SHA1

061f59f11682195f3fb0cf13ad18e3fbe929c387
SHA256

4552c1725ef9fe9174417b33fd686d6ff37115835011b014d0e16076efddf596
SHA512

095ff688d934c76124a51fd0a97a5c92fa77aab7b11994f29ad42f9962c7e92a97383b2c92fc6eae549028fb66cbd1671707b6b78b959d9be6ba6d8c0896c8e9
SSDEEP

6144:af1NM07z4Z+yedAfDCTgJ4n//57s1NLU/6v9Ue7Ss5vQpT:2Y07zg+y8AJK/x7eGeesA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
ad8c6c49d5f6b1b730001a038d379960

Files

ad8c6c49d5f6b1b730001a038d379960
.exe windows:5 windows x86 arch:x86

bbd29df3e1afeb2c4f5e4399eb2b490c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DeleteObject
DeleteDC
StretchBlt
SelectObject
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
GetDeviceCaps

kernel32

GetTempPathA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
MulDiv
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
WriteConsoleA
CreateFileA
GetCurrentDirectoryW
GetLastError
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetOEMCP
IsValidCodePage
CompareStringA
GetProcessHeap
GetModuleHandleA
FindResourceA
GetModuleFileNameA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
VirtualQuery
VirtualProtect
SearchPathA
GetShortPathNameA
SetEvent
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapSize
GetCurrentThreadId
InitializeCriticalSection
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
SetLastError
GetSystemInfo
WaitForSingleObject
SetCurrentDirectoryA
VerLanguageNameA
GlobalHandle
WideCharToMultiByte
GetTimeFormatA
GetDateFormatA
GetVersionExA
SetHandleCount
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetTimeZoneInformation
GetCPInfo
GetACP
HeapCreate
SetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
MultiByteToWideChar
GetLocaleInfoA
LoadLibraryA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CloseHandle
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bbd29df3e1afeb2c4f5e4399eb2b490c

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 215KB - Virtual size: 215KB

.data Size: 5KB - Virtual size: 116KB

.rsrc Size: 27KB - Virtual size: 29KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 215KB - Virtual size: 215KB

.data
Size: 5KB - Virtual size: 116KB

.rsrc
Size: 27KB - Virtual size: 29KB