ca9a14f0f6135103a51ad918585ed583

Sharing

Copy URL Twitter E-mail

General

Target

ca9a14f0f6135103a51ad918585ed583
Size

470KB
MD5

ca9a14f0f6135103a51ad918585ed583
SHA1

11b560183b3285b608667f9a00a0f828cb1c631e
SHA256

c7c11215d0115188c2c21c348614ea055002ecb74797c7ecca4907b5fde5a35a
SHA512

c34548fb1f838eb5023ab72267b82735cf2d28eb1a70f2e87a595aa2b6bf028b643f6879745e1d4c14f5d1af599770103d54b9fbe307d912eda1c0bf4a68649f
SSDEEP

12288:YAYVFG43L4DZF9uZ5kx5uOoVz0Q8iRUGDcX/+t1l:Y9VFG430f9uIxwOoVz0DiqGgXW7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca9a14f0f6135103a51ad918585ed583

Files

ca9a14f0f6135103a51ad918585ed583
.exe windows:4 windows x86 arch:x86

9ed889146d5b8397ced788cf11ec9b32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetCurrentThread
EnumCalendarInfoExA
WriteFile
DeleteFiber
GetModuleFileNameW
IsValidCodePage
FoldStringW
GetOEMCP
EnumSystemLocalesA
WriteFileEx
FlushFileBuffers
GetLastError
InterlockedExchange
GetStringTypeW
CompareStringA
GetVersionExA
DebugBreak
GetTimeZoneInformation
HeapReAlloc
GetLogicalDriveStringsW
InterlockedDecrement
GetSystemInfo
CompareStringW
SetEnvironmentVariableA
GetCommandLineA
GetEnvironmentStrings
OpenSemaphoreW
TlsSetValue
SetHandleCount
WritePrivateProfileSectionW
OpenWaitableTimerA
GetFileType
ExitProcess
GetAtomNameA
LeaveCriticalSection
GetUserDefaultLCID
TlsAlloc
VirtualFree
SetFilePointer
HeapFree
HeapValidate
GetEnvironmentStringsA
GetSystemTimeAsFileTime
LoadLibraryA
GetDateFormatA
HeapSize
LCMapStringW
HeapCreate
lstrcmpiW
GetTimeFormatA
RtlUnwind
EnumDateFormatsW
DeleteCriticalSection
InterlockedIncrement
FoldStringA
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcess
GetStringTypeA
UnhandledExceptionFilter
GetDiskFreeSpaceExW
GetStartupInfoW
GetTickCount
EnterCriticalSection
SetConsoleCursorInfo
CloseHandle
IsBadWritePtr
FillConsoleOutputCharacterA
GetCurrentThreadId
FreeEnvironmentStringsA
TlsFree
GetCPInfo
SetStdHandle
VirtualQueryEx
GetStdHandle
QueryPerformanceCounter
IsValidLocale
IsBadReadPtr
GetFileAttributesW
SetConsoleCtrlHandler
CreateMailslotA
VirtualQuery
GetLocaleInfoW
WideCharToMultiByte
GetProcAddress
GetACP
MultiByteToWideChar
GetCommandLineW
HeapDestroy
VirtualProtect
TerminateProcess
GetEnvironmentStringsW
GetStartupInfoA
FreeEnvironmentStringsW
EnumSystemCodePagesW
LCMapStringA
OutputDebugStringA
TlsGetValue
SetLastError
InitializeCriticalSection
GetLocaleInfoA
VirtualAlloc
HeapAlloc

gdi32

CreateRoundRectRgn
GetEnhMetaFilePaletteEntries
LineDDA
GetEnhMetaFileA
UpdateICMRegKeyA
EndDoc
GetCharacterPlacementA
CreatePolygonRgn
SetDeviceGammaRamp
GetROP2
Chord
GetCharWidthA
SetViewportExtEx
AnimatePalette
ChoosePixelFormat
SetTextColor
GetColorSpace
GetCharABCWidthsFloatA
RectInRegion
GetPolyFillMode
CombineTransform
CreateDIBitmap
SetBitmapDimensionEx

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ed889146d5b8397ced788cf11ec9b32

Headers

File Characteristics

Imports

kernel32

gdi32

Sections

.text Size: 155KB - Virtual size: 154KB

.rdata Size: 11KB - Virtual size: 30KB

.data Size: 287KB - Virtual size: 287KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 155KB - Virtual size: 154KB

.rdata
Size: 11KB - Virtual size: 30KB

.data
Size: 287KB - Virtual size: 287KB

.rsrc
Size: 15KB - Virtual size: 14KB