b83f1399a9548020d81ac04d5d398d26

Sharing

Copy URL Twitter E-mail

General

Target

b83f1399a9548020d81ac04d5d398d26
Size

488KB
MD5

b83f1399a9548020d81ac04d5d398d26
SHA1

86bba8471a13711e90fd0376369c4fbfe0ac220c
SHA256

58dbbf6c7801ef22712e87645db84edac538c5f6d311a634d60f7d4563ed72b8
SHA512

1c4b9347855fb062adb194a162f030a2abc94508e6d37d1d0ce66066f648a381918107bba740e10661c458d6629c0f00db7417e261b812127f775627e46b9138
SSDEEP

6144:ff5UDZ8zW89iNMJjokqGTaoddcaK/ovlDN6K+ALWHXXc0bUS4CzAueA/DUfEurUV:ff2lN8uojg42ov+0WHDH+pAIdrpBFX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b83f1399a9548020d81ac04d5d398d26

Files

b83f1399a9548020d81ac04d5d398d26
.exe windows:4 windows x86 arch:x86

e3867acaa8bc5dbfeb5cb72f3c67fed2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetEnvironmentStringsA
CloseHandle
LoadLibraryA
FormatMessageA
CompareStringA
SetFilePointer
EnterCriticalSection
FindResourceA
HeapDestroy
HeapFree
GetTimeFormatA
ReadConsoleW
GetSystemInfo
TlsAlloc
IsBadWritePtr
GetTickCount
HeapCreate
OpenSemaphoreA
GetFileType
ReadFile
IsValidCodePage
FlushFileBuffers
InitializeCriticalSection
LeaveCriticalSection
CompareStringW
GetCPInfo
GetStringTypeA
WriteFile
GetTimeZoneInformation
GetStdHandle
VirtualProtect
SetLastError
FreeEnvironmentStringsA
GetCurrentThread
OpenMutexA
ExitProcess
IsValidLocale
GetVersionExA
GetCurrentProcessId
GetStringTypeW
HeapSize
GetStartupInfoA
WideCharToMultiByte
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
LCMapStringA
TerminateProcess
RemoveDirectoryA
MultiByteToWideChar
VirtualFree
EnumSystemLocalesA
RtlUnwind
GetModuleFileNameA
VirtualAlloc
GetNamedPipeInfo
HeapReAlloc
WaitNamedPipeA
CreateMutexA
GetProcAddress
InterlockedExchange
SuspendThread
HeapAlloc
GetModuleHandleA
GetSystemTimeAsFileTime
GetCommandLineA
GetACP
SetStdHandle
GetCurrentThreadId
EnumCalendarInfoExW
UnlockFile
SetEnvironmentVariableA
TlsFree
TlsSetValue
DeleteCriticalSection
GetOEMCP
QueryPerformanceCounter
GetUserDefaultLCID
SetHandleCount
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
lstrcmpiW
TlsGetValue
VirtualQuery
GetDateFormatA

advapi32

CryptSetProviderExA
CryptDecrypt
CryptSetKeyParam
ReportEventA
RegQueryValueExA
GetUserNameA
RegNotifyChangeKeyValue
RegEnumValueW
LogonUserA
RegDeleteKeyW
CryptVerifySignatureW
DuplicateTokenEx
LookupPrivilegeDisplayNameA
RegQueryInfoKeyA
CryptExportKey

comctl32

InitCommonControlsEx

user32

GetCapture
MonitorFromRect
GetDesktopWindow
EnumWindowStationsA
RegisterClassA
GetClipboardFormatNameA
RegisterClassExA
ToAscii

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3867acaa8bc5dbfeb5cb72f3c67fed2

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

user32

Sections

.text Size: 320KB - Virtual size: 320KB

.rdata Size: 49KB - Virtual size: 80KB

.data Size: 100KB - Virtual size: 100KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 320KB - Virtual size: 320KB

.rdata
Size: 49KB - Virtual size: 80KB

.data
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 17KB - Virtual size: 16KB