e028597947500d386fdaf17729180367

Sharing

Copy URL Twitter E-mail

General

Target

e028597947500d386fdaf17729180367
Size

644KB
MD5

e028597947500d386fdaf17729180367
SHA1

068d4f9c2224b05e744bd21e1de2cd6d74878216
SHA256

cfe4b2a7a3533860294521314dc7be1119e8ced71cfd2c7d67a1699279b2bbb6
SHA512

bc77ddb7903065485c28882299f7e0701ae28a507d3b0dc7fea3636bcaf259a2631f827c4490a3d0edd98afa3c29f0d96ec01a416cf74f2ee20cb7ea1aba25be
SSDEEP

12288:a9rJKuQNvmZMlNepAWN+Kw1JIajX2vItj8cnQZRCRHtBpV01GIb7Uk:a1JdbZMlN8IKwHjXWOAYQZRmHv/T07Uk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e028597947500d386fdaf17729180367

Files

e028597947500d386fdaf17729180367
.exe windows:4 windows x86 arch:x86

f6e793f29bfb0d5771a2e3a2d4e8c026

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
FreeEnvironmentStringsW
ReleaseSemaphore
GetConsoleInputWaitHandle
CreateDirectoryA
CloseHandle
GetLongPathNameW
GetCurrentProcess
TermsrvAppInstallMode
GlobalMemoryStatusEx
CreateProcessA
HeapReAlloc
GetProcAddress
CreateFileA
GetTempFileNameW
GetStringTypeA
GetVersionExA
InterlockedExchange
GetFileSize
GetTempPathA
WriteFile
GetModuleFileNameW
GetTempPathW
FreeLibrary
ExitThread
CreateFileW
LoadLibraryA
ExitProcess
FormatMessageA
GetThreadLocale
HeapFree
CreateFileMappingA
GetStartupInfoA
GetLogicalDriveStringsA
GetCommandLineA
GetProcessHeap
MapViewOfFile
GetStringTypeW
ActivateActCtx
GetOEMCP
ReadFile
SetInformationJobObject
HeapAlloc
FlushFileBuffers
LocalFree
LCMapStringW
LCMapStringA
CreateProcessW
GetModuleFileNameA
SetLastError
WaitForSingleObject
GetCurrentDirectoryW
GetModuleHandleA

shell32

ShellExecuteA
SHFileOperationA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetFileInfoA
SHGetSpecialFolderLocation

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ole32

OleBuildVersion
CoQueryClientBlanket
CreateDataAdviseHolder
CoLockObjectExternal

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegEnumValueA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 628KB - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6e793f29bfb0d5771a2e3a2d4e8c026

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

version

ole32

advapi32

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 6KB - Virtual size: 355KB

.rsrc Size: 2KB - Virtual size: 2KB

.debug Size: 628KB - Virtual size: 987KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 6KB - Virtual size: 355KB

.rsrc
Size: 2KB - Virtual size: 2KB

.debug
Size: 628KB - Virtual size: 987KB