b9689e6de08b0d25044a39ecae07fa82

Sharing

Copy URL Twitter E-mail

General

Target

b9689e6de08b0d25044a39ecae07fa82
Size

592KB
MD5

b9689e6de08b0d25044a39ecae07fa82
SHA1

a8d5018b021f4927369c7c81b29e277f0f5054c3
SHA256

f60f06e0c27e74456dedc72e53c7f934aae9e78e54c021eeed4881a815fd64b7
SHA512

2b0794c0ee3719805afb8d64ab98593b33f9ed237d747c9a4ab905868b44fd68b97e877ca431aac0813e82afee302f17fcba872519348c4a96fc61c7564eb299
SSDEEP

12288:lWvzQ2viu/MYP22uh7q5wVJ2w10DrQTveHRTm+vhxSQ:qzrvv/MYe2AG5O2w10SvyRC+n5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9689e6de08b0d25044a39ecae07fa82

Files

b9689e6de08b0d25044a39ecae07fa82
.exe windows:4 windows x86 arch:x86

ef221636795e3fa5d176aef95e44c72b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSettings
SHEmptyRecycleBinA
ShellExecuteExW
ExtractIconEx

comctl32

InitCommonControlsEx

advapi32

RegQueryValueExW
RegLoadKeyA
CryptDecrypt
RegEnumKeyExW
CryptDuplicateHash
LookupSecurityDescriptorPartsW
CryptDestroyHash
RegConnectRegistryW
RegSetValueA
CryptCreateHash
CryptSignHashA
LookupAccountSidA
RegSaveKeyA
CryptHashData
StartServiceA
RegEnumValueW
CryptGenKey
LookupPrivilegeValueA
RegCreateKeyW
LookupAccountNameA
DuplicateTokenEx
AbortSystemShutdownA
RegSetKeySecurity
RegDeleteKeyA

user32

RegisterClassA
GetClassInfoExW
AdjustWindowRect
RegisterClassExA
GetScrollPos

kernel32

GetCurrentThreadId
FlushFileBuffers
CreateMutexA
GetEnvironmentStringsW
GetSystemTimeAsFileTime
WriteConsoleW
VirtualFree
InterlockedIncrement
UnhandledExceptionFilter
HeapAlloc
LCMapStringW
GetProcessHeap
LockFileEx
GetCurrentProcessId
WriteFile
GetProcAddress
LoadLibraryA
ExitProcess
FreeLibrary
GetStartupInfoW
GetOEMCP
CloseHandle
GetModuleFileNameW
RtlUnwind
GetConsoleMode
HeapReAlloc
SetEnvironmentVariableA
TlsGetValue
InterlockedExchange
CreateFileA
QueryPerformanceCounter
GetTickCount
IsValidLocale
GetLastError
GetACP
Sleep
HeapSize
IsDebuggerPresent
CompareStringA
GetStringTypeA
GetLocaleInfoW
TerminateProcess
IsValidCodePage
TlsSetValue
GetConsoleCP
SetLastError
GetModuleHandleA
FreeEnvironmentStringsA
CompareStringW
EnterCriticalSection
InitializeCriticalSection
GetModuleFileNameA
GetTimeFormatA
GetCommandLineW
GetCurrentProcess
WideCharToMultiByte
GetDateFormatA
FreeEnvironmentStringsW
GetVersionExA
EnumSystemLocalesA
SetFilePointer
GetTimeZoneInformation
HeapDestroy
SetStdHandle
MultiByteToWideChar
OpenMutexA
HeapCreate
GetCPInfo
VirtualQuery
SetConsoleCtrlHandler
LCMapStringA
SetHandleCount
GetFileType
VirtualAlloc
TlsAlloc
DeleteCriticalSection
GetLocaleInfoA
InterlockedDecrement
GetCurrentThread
GetStartupInfoA
WriteConsoleA
ReadFile
SetUnhandledExceptionFilter
HeapFree
GetStdHandle
GetConsoleOutputCP
GetUserDefaultLCID
TlsFree
GetCommandLineA
LeaveCriticalSection
GetEnvironmentStrings
GetStringTypeW

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef221636795e3fa5d176aef95e44c72b

Headers

File Characteristics

Imports

shell32

comctl32

advapi32

user32

kernel32

Sections

.text Size: 252KB - Virtual size: 251KB

.rdata Size: 10KB - Virtual size: 33KB

.data Size: 319KB - Virtual size: 318KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 252KB - Virtual size: 251KB

.rdata
Size: 10KB - Virtual size: 33KB

.data
Size: 319KB - Virtual size: 318KB

.rsrc
Size: 10KB - Virtual size: 10KB