dfe4549363e469e249f1c5df8a354b18

General

Target

dfe4549363e469e249f1c5df8a354b18
Size

170KB
MD5

dfe4549363e469e249f1c5df8a354b18
SHA1

e969c2a9e39d9ef3be8bae9c4536972e1661c88a
SHA256

e7a200b9315ecfdf4e3882082c8da31323eeeba468446a90f8ca708068fb9bf7
SHA512

1d924d97d104b1ceaed74d239a3decd553c10703ad88ddbaa91bb5fbd5b9e9aca7193a21f8af52999c23a3e5b53e7424fa947c0c557e58cff2d8dc84d594ea6a
SSDEEP

3072:LvqndW+hdCrAthkLzc+SBrU1g0XfCzZXC1vWosW3Wwqz66kJxtpk3:jOvdD0MPQfCBWvW3WZqz6rJxr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfe4549363e469e249f1c5df8a354b18

Files

dfe4549363e469e249f1c5df8a354b18
.exe windows:4 windows x86 arch:x86

a159856b3b229ea1044921fdb888463c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathA

kernel32

IsBadReadPtr
WideCharToMultiByte
GetShortPathNameW
CreateFileA
GetCurrentProcessId
GetModuleHandleA
GetACP
InterlockedDecrement
GetThreadLocale
GetProcessTimes
lstrlenW
LeaveCriticalSection
GetLocaleInfoA
ExitProcess
IsBadWritePtr
GetCurrentThreadId
IsDebuggerPresent
GetTickCount
EnumResourceTypesA
GetProcAddress
InterlockedIncrement
DeleteCriticalSection
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryA
GetLastError
GetSystemTimeAsFileTime
GetFileAttributesA
QueryPerformanceCounter
FreeLibrary
InitializeCriticalSection
MultiByteToWideChar
CloseHandle
EnterCriticalSection
lstrlenA
InterlockedExchange
GetVersionExA

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

user32

wsprintfA
wsprintfW

advapi32

RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

ole32

StgCreateDocfile
StgOpenStorage

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a159856b3b229ea1044921fdb888463c

Headers

File Characteristics

Imports

shell32

kernel32

setupapi

user32

advapi32

ole32

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 2KB - Virtual size: 1KB

.bss Size: 70KB - Virtual size: 69KB

.edata Size: 1024B - Virtual size: 96KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 2KB - Virtual size: 1KB

.bss
Size: 70KB - Virtual size: 69KB

.edata
Size: 1024B - Virtual size: 96KB