dde827cebae6c4ad0699266077003966

General

Target

dde827cebae6c4ad0699266077003966
Size

923KB
MD5

dde827cebae6c4ad0699266077003966
SHA1

c506a077c7cea62dd6b7530c85f5d46bfdf1af93
SHA256

458104b0a7efd54c3bb84eca5175cc6c0f75aeeffce9f7c19b802a29b8b33cff
SHA512

9d8f6e1acf366dc46a1e52d10c9727da833cf4b076912ac2bc1399498ae6e57646990f2e159259cdd4b359860a66a9962411240c96b0df6b36cf4354358b2337
SSDEEP

24576:ykTk5BV0lLgY0RCGJJ7Zwwfhh0DbjqwGdnintjGc:ytvJJ9ZwwjsbjcxintjGc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dde827cebae6c4ad0699266077003966

Files

dde827cebae6c4ad0699266077003966
.exe windows:4 windows x86 arch:x86

98c9639023b26f8b0c13e9a6df184457

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
LockFile
CreateFileA
CloseHandle
UnlockFile
ReadFile
SetFilePointer
CreateDirectoryA
WriteFile
FindFirstFileA
CopyFileA
Sleep
GetTempFileNameA
GetTempPathA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
FlushFileBuffers
RtlUnwind
GetStringTypeW
FindNextFileA
DeleteFileA
GetModuleFileNameA
FindClose
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetFileAttributesA
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualQuery

user32

SendMessageA
SetForegroundWindow
MessageBoxA
wvsprintfA
FindWindowA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98c9639023b26f8b0c13e9a6df184457

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB