fc68026b83392aa227e9adf9c71289cb51ba03427f6de67a73ae872e19ef6ff9

General

Target

fc68026b83392aa227e9adf9c71289cb51ba03427f6de67a73ae872e19ef6ff9
Size

2.7MB
MD5

49898824ed4a6af86d974bf79bc62d19
SHA1

44129dfc41cb2b953398711ebceec0d15c3d6a6e
SHA256

fc68026b83392aa227e9adf9c71289cb51ba03427f6de67a73ae872e19ef6ff9
SHA512

b7cf8f4547034780acdb3f308fda19856bb2d52184ec8970a9a1fd033cd2414c14cf298f41bf412385512a5d5d56edbcd8e5e6c607fee4bd77a986744b5d88da
SSDEEP

49152:n5G92qmD9ZULpeaK6v/ktCAwvLacNF+RMlXJ6UQClQv:ng92qmD9ZYpV138mLaG8Cl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc68026b83392aa227e9adf9c71289cb51ba03427f6de67a73ae872e19ef6ff9

Files

fc68026b83392aa227e9adf9c71289cb51ba03427f6de67a73ae872e19ef6ff9
.exe windows:4 windows x86 arch:x86

76366213a23d97a35e388474735507c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
memset
rand
atoi
_snwprintf
malloc
free
_unlink
strncat
sprintf
_wcsicmp
fclose
vfprintf
strrchr
_vsnprintf
fopen
strncpy
_except_handler3

ntdll

ZwReadVirtualMemory
ZwQueryInformationProcess
ZwQuerySystemInformation

kernel32

SetErrorMode
ExitProcess
GetTempPathA
GetVersionExA
CreateMutexA
CreateDirectoryA
OpenEventA
LockResource
OpenMutexA
LoadLibraryA
CopyFileA
GetProcAddress
FlushFileBuffers
SizeofResource
Sleep
GetDriveTypeA
RemoveDirectoryA
VirtualProtect
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
OpenProcess
GetModuleFileNameA
CreateFileA
GetFileAttributesExA
ExpandEnvironmentStringsA
SetFileTime
GetLastError
SetFileAttributesA
CloseHandle
DeleteFileA
GetCommandLineW
FindResourceA
WriteFile
LoadResource
GetCurrentProcess
WaitForSingleObject
GetLogicalDrives
FreeLibrary

advapi32

OpenServiceA
RegCloseKey
SetFileSecurityA
RegOpenKeyExA
InitializeSecurityDescriptor
DeleteService
CreateServiceA
StartServiceA
OpenSCManagerA
ControlService
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
SetServiceStatus
CloseServiceHandle

shell32

CommandLineToArgvW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76366213a23d97a35e388474735507c8

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

shell32

Sections

.text Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 4KB - Virtual size: 2KB