a690c08feabde59e13defb899e97113e

General

Target

a690c08feabde59e13defb899e97113e
Size

1.8MB
MD5

a690c08feabde59e13defb899e97113e
SHA1

bc9e52db0c69c41e92e24ce99e74cacb7e24469e
SHA256

1287d0a857eea6568f7bd0101d91056d53033795dbd2c71b9bd01e717e9df378
SHA512

7ab9d64f1c23ff649a66b3d4659007773ebf12c718791d84ce784a0bb5f632538446b5118775cb5fc3f4f150f3895476b0f0b4a49dff2da55d024a3a29e5ce99
SSDEEP

49152:NVBCzOaElp4guqJs72dIIQz2KRdrg8+nbCIg5r7vemf:fBiODSea72aji8oHgl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a690c08feabde59e13defb899e97113e

Files

a690c08feabde59e13defb899e97113e
.dll windows:5 windows x86 arch:x86

925ef35899e9cc2cb35faaeca8adfff7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

OleDuplicateData

setupapi

CM_Get_Resource_Conflict_DetailsW

kernel32

SetConsoleCtrlHandler
Sleep
GetModuleFileNameA
GetBinaryTypeA
GetCurrentConsoleFont
ContinueDebugEvent
GetStringTypeA
LoadLibraryExW
GetModuleHandleW
GetProcAddress
CloseHandle
GetLastError
HeapReAlloc
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapFree
VirtualAlloc
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
ExitProcess
WriteFile
GetStdHandle
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
GetLocaleInfoA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
WideCharToMultiByte
LCMapStringW

user32

GetSubMenu

advapi32

CreateRestrictedToken
PrivilegeCheck

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

925ef35899e9cc2cb35faaeca8adfff7

Headers

File Characteristics

Imports

ole32

setupapi

kernel32

user32

advapi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 80KB - Virtual size: 84KB

DATA Size: 4KB - Virtual size: 816B

.reloc Size: 40KB - Virtual size: 36KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 80KB - Virtual size: 84KB

DATA
Size: 4KB - Virtual size: 816B

.reloc
Size: 40KB - Virtual size: 36KB