bb82f861f001c5f2976579ca6789ecfb

Sharing

Copy URL Twitter E-mail

General

Target

bb82f861f001c5f2976579ca6789ecfb
Size

160KB
MD5

bb82f861f001c5f2976579ca6789ecfb
SHA1

2cddb016473f7bee646c3d48d1a9b8c043b8760a
SHA256

671ac1e871814ecbf131af8d6b3bbd1abbaadc185de1d572f9e67854638cbe31
SHA512

7304cc786942498731308b303ee532e4d14cee093df5e9f366b08b90d305a3cafde6766b3e1f0d830875121f3bcc17c6e382afd723ba6617906fccc4936203aa
SSDEEP

1536:HieXAMEsyzCu50XOLRfTDpYJ2sRuqtRrS9wCkObRwoWOHw:Az75gOPYJ2suqt1KwCZbRwoWOQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb82f861f001c5f2976579ca6789ecfb

Files

bb82f861f001c5f2976579ca6789ecfb
.exe windows:4 windows x86 arch:x86

9f897aa8b7c2b0c965032f963cd8defe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileA
lstrcmpiA
GetPrivateProfileStringA
GetExitCodeProcess
WaitForSingleObject
CloseHandle
lstrcpyA
WritePrivateProfileStringA
lstrlenA
lstrcatA
GetWindowsDirectoryA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
FindNextFileA
FindFirstFileA
DeleteFileA
CreateProcessA
GetPrivateProfileIntA
HeapAlloc
GetFileType
DeleteCriticalSection
GetEnvironmentStringsW
GetDriveTypeA
lstrcmpA
RemoveDirectoryA
CreateDirectoryA
GetShortPathNameA
MultiByteToWideChar
GetFileSize
CreateFileA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
GetCPInfo
GetACP
GetOEMCP
FindClose
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
SetEnvironmentVariableA
SetHandleCount
GetStdHandle
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
GetProcAddress
Sleep
InterlockedDecrement
InterlockedIncrement
CompareStringA
CompareStringW
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW

user32

IsWindow
GetForegroundWindow
DialogBoxParamA
GetDlgItemTextA
LoadStringA
MessageBoxA
EndDialog
SystemParametersInfoA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA

ole32

CoCreateInstance

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9f897aa8b7c2b0c965032f963cd8defe

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

.rrdata Size: 72KB - Virtual size: 72KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB

.rrdata
Size: 72KB - Virtual size: 72KB