b7970efa9662aefd18a34676ffaeb3a2

Sharing

Copy URL Twitter E-mail

General

Target

b7970efa9662aefd18a34676ffaeb3a2
Size

401KB
MD5

b7970efa9662aefd18a34676ffaeb3a2
SHA1

d9388a8e598db75d40755fe586b7c68f2215141d
SHA256

e8286cea2d21dcaeff90bcfffa9c2d571535aee1ac225304a65785a7a3ae7ca7
SHA512

05faa52c8ad84e5de0977066fb676ffab274faed41f5c3a24a9d26b7bc1ad31b3b943b19576c7e2aeb3bb4c1949d984dc3e418e711d4dd0eb7051ba2ce617c0c
SSDEEP

6144:pt1Fs1nP8WX89mFvsaK4W46Hr6lZiJlOmtzRV8swbCDb16/Aqn1WwxxsL/t1Q8e7:pVsBXkmiaKGZSlbTwWP1QAqg3u8eRPN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7970efa9662aefd18a34676ffaeb3a2

Files

b7970efa9662aefd18a34676ffaeb3a2
.exe windows:4 windows x86 arch:x86

847e409ed30b245e3fe48890d8bf021b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

esent

JetCloseTable

ole32

CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoGetObjectContext

secur32

GetUserNameExW

advapi32

GetLengthSid
SetThreadToken
AllocateAndInitializeSid
CopySid
ReportEventW
GetTokenInformation
DeregisterEventSource
IsValidSid
RegCloseKey
EqualSid
OpenProcessToken
FreeSid
RegQueryValueExW
OpenThreadToken
RegSetValueExW
DuplicateToken
RegNotifyChangeKeyValue
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegisterEventSourceW

kernel32

GetLastError
BackupRead
AddConsoleAliasA
VirtualAlloc

user32

DialogBoxParamW
EnumPropsA
SetDlgItemTextW
GetThreadDesktop
MapWindowPoints
SetThreadDesktop
SetWindowPos
CloseWindowStation
GetClientRect
LoadStringW
GetProcessWindowStation
GetWindowRect
CloseDesktop
DlgDirListComboBoxA
EndDialog
OpenWindowStationW
SetProcessWindowStation

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlImageNtHeader

version

VerQueryValueW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 319KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

847e409ed30b245e3fe48890d8bf021b

Headers

DLL Characteristics

File Characteristics

Imports

esent

ole32

secur32

advapi32

kernel32

user32

ntdll

version

Sections

.text Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.data Size: 319KB - Virtual size: 2.4MB

.reloc Size: 512B - Virtual size: 28B

.rdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 73KB - Virtual size: 73KB

.text
Size: 1KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.data
Size: 319KB - Virtual size: 2.4MB

.reloc
Size: 512B - Virtual size: 28B

.rdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 73KB - Virtual size: 73KB