ca188bc0569df8886266344c09a41197

General

Target

ca188bc0569df8886266344c09a41197
Size

35KB
MD5

ca188bc0569df8886266344c09a41197
SHA1

2c011441de602766e140cdf6c0c90a5721c0c064
SHA256

4a72b466177dd65647110b8b4ee2ddeee8690dafea1515cb8f18b3e0c3c34e94
SHA512

fad13c0755e4cdf56eb22e0ec201274412774a35837a94573b54fa89da59c738937808e0b2ab0a68f78a0334b01518238a4006ce757516d1675e048c8ddb4738
SSDEEP

384:Odnh5xaqpRzAGw23zj55PzABSG29J1W5DfBNlm3yMTR4Jzr4O7g7i0WcixnWvS:Ih5xaGsGw2DFBWF1kyMt4JAO7gK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca188bc0569df8886266344c09a41197

Files

ca188bc0569df8886266344c09a41197
.exe windows:4 windows x86 arch:x86

2c4077b141af159308cb61e7eaab0c80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

tolower
strchr
_strupr
RtlUnicodeStringToAnsiString
NtQuerySystemInformation

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

kernel32

GetFileType
HeapDestroy
GetStdHandle
GetStartupInfoA
GetCurrentProcessId
GetCommandLineA
ExitProcess
VirtualFree
VirtualAlloc
GetLastError
GetCurrentProcess
GetCurrentThreadId
CloseHandle
TerminateProcess
OpenProcess
GetVersion
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStringTypeW
SetStdHandle
SetFilePointer
HeapCreate
WriteFile
GetStringTypeA
FlushFileBuffers
HeapFree
LCMapStringA
LCMapStringW
GetProcAddress
LoadLibraryA

user32

CloseWindowStation
OpenWindowStationA
GetThreadDesktop
GetWindow
SetProcessWindowStation
CloseDesktop
SetThreadDesktop
PostMessageA
OpenDesktopA
GetWindowLongA
GetWindowThreadProcessId
GetProcessWindowStation
EnumWindowStationsA
EnumDesktopsA
EnumWindows
GetWindowTextA

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2c4077b141af159308cb61e7eaab0c80

Headers

File Characteristics

Imports

ntdll

advapi32

kernel32

user32

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 5KB - Virtual size: 45KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 2KB - Virtual size: 4KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 45KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 2KB - Virtual size: 4KB