bd4eb83ba7acd0b16487f2148deb9bee

General

Target

bd4eb83ba7acd0b16487f2148deb9bee
Size

129KB
MD5

bd4eb83ba7acd0b16487f2148deb9bee
SHA1

af1d0b1db4c7bbef9c81bff7ab3d3da7e6999725
SHA256

8e104f7c699ca3fc7422146b7f65477bfd6268d8f9465f9cc837845a53568d12
SHA512

3e24cbab62c2f9c74efb42d142f8a56e5314f9b5c5159f371501824b797bafd63699376202f1ec67d232388dde679285dc30970b45aae03459d7194c8e7c60b6
SSDEEP

3072:7XWKWukvnJFM7ZIemmyCDZUZ6UR1xCG+5+NS2ZV3:7X4p4Iem1Z6E1xCGi+A+V3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd4eb83ba7acd0b16487f2148deb9bee

Files

bd4eb83ba7acd0b16487f2148deb9bee
.exe windows:5 windows x86 arch:x86

43f039ebae1185c9b322ee1f46fc193c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeAcl
QueryServiceStatus
RegEnumValueA
GetSecurityDescriptorOwner
RegEnumValueW
RegEnumKeyExA
RegOpenKeyW
ConvertStringSidToSidW
IsTextUnicode
InitializeSid
DeleteService
SetFileSecurityW
RegQueryInfoKeyW
RegCreateKeyExA
AdjustTokenPrivileges
CopySid
RegOpenKeyA
AddAccessAllowedAce
StartServiceW
OpenThreadToken
RegEnumKeyA

ole32

OleInitialize
ProgIDFromCLSID
OleRegGetMiscStatus
CreateILockBytesOnHGlobal
OleRegEnumVerbs
CreateOleAdviseHolder
CoCreateFreeThreadedMarshaler
CoCreateGuid
OleRegGetUserType

msvcrt

__p__fmode
??1type_info@@UAE@XZ
__p__commode
_stricmp
__getmainargs
__wgetmainargs
__set_app_type
wcscpy
__setusermatherr
_wtoi
_local_unwind2
_snwprintf
_vsnprintf
wcstok
fseek

kernel32

GetStringTypeA
GetLastError
GetVersionExA
ExitProcess
TlsSetValue
HeapAlloc
InterlockedCompareExchange
RtlUnwind
WaitForSingleObject
FormatMessageA
GetDriveTypeW
GetThreadLocale
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetFileAttributesA
WriteFile
ResumeThread
VirtualAlloc
GetModuleHandleA
GetTickCount

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 46KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 490B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43f039ebae1185c9b322ee1f46fc193c

Headers

File Characteristics

Imports

advapi32

ole32

msvcrt

kernel32

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 46KB - Virtual size: 163KB

.idata Size: 37KB - Virtual size: 37KB

.reloc Size: 512B - Virtual size: 490B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 46KB - Virtual size: 163KB

.idata
Size: 37KB - Virtual size: 37KB

.reloc
Size: 512B - Virtual size: 490B