cbea911a44574687e9ba253e65d21386

General

Target

cbea911a44574687e9ba253e65d21386
Size

246KB
MD5

cbea911a44574687e9ba253e65d21386
SHA1

d7083cfa5793ba879e4692a4f0e781c5275cd7ff
SHA256

31753290be3c9d812428892dc84b8f88890b1560f8cc77820cbe4505ef2142fb
SHA512

7dd59e855497d52c0ae5f69e1df2c7a463a368510bd0b753ecd0ee1b1c4c4717da1d2cdbba5887f83d4fd7f1571a4b98014e5540cc23176521c9ee8572144c05
SSDEEP

6144:JfnRTEMDg2GOL1JooAlDLNDHENbm1p0f+3OcD:Jf3M2GAKDL9E033FD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbea911a44574687e9ba253e65d21386

Files

cbea911a44574687e9ba253e65d21386
.exe windows:4 windows x86 arch:x86

afc3cdd9f21221f37d3fc3763dae1ecf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidLocale
SetLastError
TlsFree
GetEnvironmentStringsW
GetProcAddress
TlsGetValue
HeapReAlloc
UnhandledExceptionFilter
GetFileType
IsBadWritePtr
GetCurrentProcessId
HeapAlloc
GetCommandLineA
GetSystemInfo
IsValidCodePage
GetModuleHandleA
TlsSetValue
SetFileAttributesA
EnumSystemLocalesA
WriteFile
GetUserDefaultLCID
MultiByteToWideChar
GetLocaleInfoA
LeaveCriticalSection
VirtualFree
GetCPInfo
HeapSize
FreeEnvironmentStringsW
GetModuleFileNameW
ExitProcess
GetTickCount
FreeEnvironmentStringsA
SetEnvironmentVariableA
HeapFree
GetStartupInfoW
GetModuleFileNameA
LCMapStringA
LoadLibraryA
QueryPerformanceCounter
GetStartupInfoA
VirtualAlloc
CompareStringW
GetLastError
VirtualQuery
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
GetStdHandle
GetTimeFormatA
HeapCreate
InitializeCriticalSection
EnterCriticalSection
TlsAlloc
GetLocaleInfoW
GetSystemTimeAsFileTime
GetStringTypeA
GetDateFormatA
CompareStringA
GetStringTypeW
GetTimeZoneInformation
GetCurrentThread
WideCharToMultiByte
VirtualProtect
LCMapStringW
GetCommandLineW
GetVersionExA
GetOEMCP
GetACP
SetHandleCount
GetEnvironmentStrings
HeapDestroy
DeleteCriticalSection
InterlockedExchange

shell32

DragQueryFileW
ExtractAssociatedIconW
SHBrowseForFolder
ShellExecuteA
SheGetDirA
CommandLineToArgvW
DragQueryPoint
ShellExecuteExA
InternalExtractIconListW
SHGetSpecialFolderLocation
SHQueryRecycleBinA
RealShellExecuteExW
SHGetSpecialFolderPathA
ExtractAssociatedIconExA
DoEnvironmentSubstW
SHEmptyRecycleBinA
FindExecutableW

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afc3cdd9f21221f37d3fc3763dae1ecf

Headers

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 97KB - Virtual size: 96KB

.data Size: 134KB - Virtual size: 152KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 97KB - Virtual size: 96KB

.data
Size: 134KB - Virtual size: 152KB

.rsrc
Size: 13KB - Virtual size: 13KB