d7a2c43d75e11126bbb5e337c15e3c67

Sharing

Copy URL Twitter E-mail

General

Target

d7a2c43d75e11126bbb5e337c15e3c67
Size

17KB
MD5

d7a2c43d75e11126bbb5e337c15e3c67
SHA1

e318afc5002e87822eda2842645a2e90936d537a
SHA256

d62a1a73dcc2985f66755a169740d169b84d557ed91cbd420de86bda447366f7
SHA512

c0aa197299ebed3b8c5789d75e8691205afe4dbd046f57f962360a8f110157fcdc3e8794b99e45220b0fcd72f3a000ec51bbe205fa470c9fb7b7d703d7c4a615
SSDEEP

192:htMkMuBlu0xw+zTGwymQiWFnZPRlNrzP1sm11txptElePwhsnClPQPcxupKgodI:hKk3luOwkyLuWVZPRlhhxEcPwhsnCNlI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7a2c43d75e11126bbb5e337c15e3c67

Files

d7a2c43d75e11126bbb5e337c15e3c67
.exe windows:5 windows x64 arch:x64

61ec5339a97a44c521931fc406af4306

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
FindResourceW
SizeofResource
LoadResource
LockResource
SetFilePointer
WriteProcessMemory
OpenProcess
VirtualAllocEx
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
GetModuleFileNameA
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
GetCurrentProcess
GetLastError
CreateMutexW
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
CreateProcessW
GetModuleFileNameW
GetVersionExW
CloseHandle
WriteFile
CreateFileW
GetProcAddress
DeleteFileA
GetTempPathA
Sleep
GetModuleHandleW
CreateToolhelp32Snapshot
GetSystemDirectoryW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId

advapi32

RegQueryValueExW
RegOpenKeyExW
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey

shell32

ShellExecuteA

msvcr90

wcsncpy_s
wcsrchr
_amsg_exit
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_wcsicmp
wcsstr
printf
??3@YAXPEAX@Z
sprintf_s
??2@YAPEAX_K@Z
strrchr
strcpy_s
fclose
fopen
memset
strcat_s
memcpy

wininet

DeleteUrlCacheEntryW

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

urlmon

URLOpenBlockingStreamW

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61ec5339a97a44c521931fc406af4306

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msvcr90

wininet

userenv

wtsapi32

urlmon

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 540B

.rsrc Size: 257KB - Virtual size: 257KB

.reloc Size: 512B - Virtual size: 96B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 540B

.rsrc
Size: 257KB - Virtual size: 257KB

.reloc
Size: 512B - Virtual size: 96B