b988a6a14216dedb547a5b5e2a73b67b

Sharing

Copy URL Twitter E-mail

General

Target

b988a6a14216dedb547a5b5e2a73b67b
Size

41KB
MD5

b988a6a14216dedb547a5b5e2a73b67b
SHA1

52260adca4b9806f4eba19930b13098bc52e3eaf
SHA256

d0dd79bccb9a35f78928bd614e107aeb40f6e7f96edcdbed9465e631b66b1f29
SHA512

45562f3fdaf8c8aa5eee14b7aeb41795a3005965d276c50c9869bfb28bf12232a19c98ea7a2293f6a79c36985c0239ba52207624470c9800bff4e1481b0d7c39
SSDEEP

768:zOsmjQlz+iI610ZdpWRhvZg4agoTZQED9E5:zOBjQadKvZjpoTZu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b988a6a14216dedb547a5b5e2a73b67b

Files

b988a6a14216dedb547a5b5e2a73b67b
.exe windows:5 windows x86 arch:x86

1bbd72b4675b39c361f6ae45e1e4c3a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_DevNode_Registry_PropertyA
CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDA
CM_Get_Parent
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

shlwapi

StrStrIA
StrStrA
StrTrimA
PathFindFileNameA
PathFindExtensionA
PathRenameExtensionA
StrToIntA
StrChrA
PathCompactPathExA

psapi

GetModuleFileNameExA

kernel32

WritePrivateProfileStringA
GetVersionExA
lstrcpyW
FormatMessageA
LocalFree
SetFileAttributesA
CreateProcessA
WideCharToMultiByte
lstrlenW
GetPrivateProfileStringA
GetLastError
Process32Next
GetModuleHandleA
GetProcAddress
GetTickCount
GetCurrentProcessId
Sleep
lstrcpyA
OpenProcess
DuplicateHandle
GetCurrentProcess
CloseHandle
WaitForSingleObject
CreateThread
GetExitCodeThread
lstrcatA
lstrlenA
lstrcmpiA
FindFirstFileA
GetFileAttributesA
CreateFileA
FindNextFileA
FindClose
GetModuleFileNameA
SetConsoleCtrlHandler
GetStdHandle
SetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleTextAttribute
SetConsoleCursorPosition
ReadConsoleOutputA
lstrcmpA
WriteConsoleOutputAttribute
GetCommandLineA
GetProcessHeap
ExitProcess
HeapAlloc
Process32First
WriteFile
lstrcpynA
DeviceIoControl
GetVolumeInformationA
GetDriveTypeA
GetVolumeNameForVolumeMountPointA
QueryDosDeviceA
FindFirstVolumeA
FindFirstVolumeMountPointA
FindNextVolumeMountPointA
FindVolumeMountPointClose
FindNextVolumeA
FindVolumeClose
GetVolumePathNameA
SetErrorMode
GetFullPathNameA
GetCurrentDirectoryA
GetWindowsDirectoryA
SetCurrentDirectoryA
GetTempPathA
CopyFileA
FlushFileBuffers
LoadLibraryA
CreateToolhelp32Snapshot
HeapFree

user32

wsprintfA
ShowWindow
CharLowerA
wvsprintfA
CharToOemA
CharUpperA
GetWindowThreadProcessId
IsWindowVisible
GetDesktopWindow
GetWindow

advapi32

OpenProcessToken
GetTokenInformation
ConvertSidToStringSidA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA

shell32

ShellExecuteA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bbd72b4675b39c361f6ae45e1e4c3a5

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

shlwapi

psapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 43KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 43KB

.rsrc
Size: 2KB - Virtual size: 2KB