bea909d6db8ac010c127fa4e52821542

Sharing

Copy URL Twitter E-mail

General

Target

bea909d6db8ac010c127fa4e52821542
Size

210KB
MD5

bea909d6db8ac010c127fa4e52821542
SHA1

c454fe54d233681e2634ba3b2b8cd89347ac95cd
SHA256

55eb29705dcddb80e654913d26f02e76ea4e5c194a9cb012c2da66f16e31f7e5
SHA512

26eac4f93c42ccbc8e925a2ecef2dd6d591a6bdefed762ec1abc53c0524ff8f4358f97971336f241578ef7655c0776467c0abf6ece1dc9935ab2013198fe4c09
SSDEEP

3072:4jG2x698N7LrY1ZQhwOPoAEpc1LHefhN8E0KJ1XTKly9UEAmjo+yxQZel:OG2488XQhwHKRQhq/WguftkQA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bea909d6db8ac010c127fa4e52821542

Files

bea909d6db8ac010c127fa4e52821542
.exe windows:5 windows x86 arch:x86

b8511ed2ba065973374dcd96cf4768bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
RtlUnwind
HeapReAlloc
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
LocalFree
Sleep
HeapCreate
GetTickCount
GetCurrentProcess
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
EncodePointer
SetUnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
IsProcessorFeaturePresent

user32

CreateWindowExA
RegisterClassA
SetDlgItemTextA
LoadCursorA
GetMessageA
SetTimer
CloseWindow
LoadIconA
GetDC
TranslateMessage
SetWindowLongA
GetWindowLongA
SetActiveWindow
RedrawWindow
GetDesktopWindow
GetSysColor
GetCursorPos
CheckDlgButton
ShowWindow
DispatchMessageA

gdi32

SelectObject
GetStockObject
DeleteObject

winspool.drv

ClosePrinter

advapi32

RegOpenKeyExW

shell32

SHEmptyRecycleBinA
DragQueryFileA

ws2_32

WSAStartup
WSACleanup

mpr

WNetCloseEnum
WNetGetUniversalNameA
WNetOpenEnumA
WNetEnumResourceA

shlwapi

StrStrA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8511ed2ba065973374dcd96cf4768bf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ws2_32

mpr

shlwapi

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 176KB - Virtual size: 179KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 176KB - Virtual size: 179KB

.rsrc
Size: 512B - Virtual size: 436B