c8914a645485494d62540d9ecfb34115

Sharing

Copy URL Twitter E-mail

General

Target

c8914a645485494d62540d9ecfb34115
Size

288KB
MD5

c8914a645485494d62540d9ecfb34115
SHA1

1446e37475a138dba4a6b7eea4a1c015b4d2be79
SHA256

b641fd4347fdaf0adc24ac0549bc6e5d1dec99b7dcd6e276b56e1d12abe0f6ab
SHA512

fda7306bd098ab9873ce3c2cb1fc18692824fdeab6698c77ac782f5560444db8a6b77d4c906c7c355a12379e2403865d6a3c2d4c2c354c0126f562605a1e5cdc
SSDEEP

6144:q8Bs7k0EOHbBjsXRDxMaGowaDTtsLGtl42eQ1sGq0CkG57g7eibIzn:q8BUk0EONjYxGowAmGtl4Q/457gSY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8914a645485494d62540d9ecfb34115

Files

c8914a645485494d62540d9ecfb34115
.exe windows:4 windows x86 arch:x86

d09ac587d872093cb705be0c962c47a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
InitializeSecurityDescriptor
LockServiceDatabase
LookupAccountSidA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

kernel32

AddAtomA
CloseHandle
CopyFileA
CreateEventA
CreateThread
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToLocalFileTime
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetDateFormatA
GetExitCodeProcess
GetFileSize
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleHandleA
GetOEMCP
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileStructA
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetTempPathA
GetThreadTimes
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalFree
GlobalUnlock
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
IsBadWritePtr
IsDebuggerPresent
LCMapStringA
LeaveCriticalSection
LoadLibraryExA
LoadResource
LocalAlloc
MapViewOfFile
Module32First
MultiByteToWideChar
OpenEventA
OpenProcess
QueryPerformanceCounter
RaiseException
ResetEvent
RtlUnwind
SearchPathA
SetLastError
SetPriorityClass
SizeofResource
TlsAlloc
TlsFree
UnmapViewOfFile
VirtualProtect
WaitForSingleObject
WriteConsoleA
WritePrivateProfileStringA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoGetClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUnmarshalInterface

user32

CallWindowProcA
CharLowerA
CheckDlgButton
CheckRadioButton
CreateDialogParamA
DestroyMenu
DialogBoxParamA
DispatchMessageA
DrawTextA
GetClientRect
GetDlgItem
GetParent
GetSystemMenu
GetWindowDC
GetWindowTextA
IntersectRect
IsIconic
LoadImageA
LoadStringA
MapWindowPoints
MessageBoxA
OffsetRect
RegisterClassA
RegisterClassExA
SetWindowRgn
SystemParametersInfoA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d09ac587d872093cb705be0c962c47a2

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

user32

version

Sections

.text Size: 34KB - Virtual size: 36KB

.rdata Size: 231KB - Virtual size: 2.8MB

.data Size: 16KB - Virtual size: 16KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 36KB

.rdata
Size: 231KB - Virtual size: 2.8MB

.data
Size: 16KB - Virtual size: 16KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB