b54f6358eb228c383ba934455c78bf49

General

Target

b54f6358eb228c383ba934455c78bf49
Size

72KB
MD5

b54f6358eb228c383ba934455c78bf49
SHA1

c9ee386f62044a2490afaa35a754ec8dcaa37854
SHA256

818d2177d9a2c4e523ccbecba841db00575c72802761e69e825b88a537e63d6f
SHA512

aab52166a2fad2d3ce38e12940a68a09c68fc4e252a088844b14f1ea7ab8d18b1cf824c12ec8016e74c1b142cc0f0185ddb3e222cebf4184c1da0837117b06ad
SSDEEP

768:lDfVgACrcBoSxmDdgeXGujd70vsHmvGEeQGZOxpyHDUUhScuIEwSforeIwX9U+9t:Bfebig5g6G0QkGvDeiT2hKS0iwU9UCo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b54f6358eb228c383ba934455c78bf49

Files

b54f6358eb228c383ba934455c78bf49
.exe windows:5 windows x86 arch:x86

fb31bbf2b4d6e6861944b9b26aa30e8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtOpenKey
RtlCreateUserThread
RtlLengthSecurityDescriptor
RtlTimeToTimeFields
NtQueryVirtualMemory
NtQuerySymbolicLinkObject
NtCreateEvent
RtlNewSecurityObject
NtWriteFile
memmove
NtQueryVolumeInformationFile
wcsncmp
NtQueryPerformanceCounter
NtDisplayString

msvcrt

??3@YAXPAX@Z
fputs
__p__fmode
__setusermatherr
printf
__getmainargs
time
realloc
malloc
toupper
__mb_cur_max
strncmp
free
fopen
_wcsicmp
??2@YAPAXI@Z

ulib

?Compare@OBJECT@@UBEJPBV1@@Z
?Initialize@ARRAY@@QAEEKK@Z
?SetAttributes@FSN_FILTER@@QAEEKKK@Z
?Initialize@WSTRING@@QAEEPBGK@Z
??0DSTRING@@QAE@XZ
?QueryString@WSTRING@@QBEPAV1@KK@Z
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??0PATH_ARGUMENT@@QAE@XZ
??1PATH@@UAE@XZ
?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
?Get_Standard_Output_Stream@@YGPAVSTREAM@@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?ValidateVersion@PROGRAM@@UBEXKK@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z

kernel32

LoadLibraryA
GetVersionExA
LocalAlloc
GetFileType
GetCommandLineA
GetModuleHandleA
lstrcpyA
lstrcatW
ReleaseMutex
GetOEMCP
UnmapViewOfFile
GetFullPathNameW
GetLocaleInfoA
lstrlenW
FindNextFileW
GetLastError
GetFileAttributesW
SetEvent
ExpandEnvironmentStringsW

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb31bbf2b4d6e6861944b9b26aa30e8d

Headers

File Characteristics

Imports

ntdll

msvcrt

ulib

kernel32

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 3KB - Virtual size: 33KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 3KB - Virtual size: 33KB

.rsrc
Size: 1024B - Virtual size: 960B