32b09386f8b2483f500e55d771cce49a14534d2919c3e3ebc799cfb8cef52ebe

Sharing

Copy URL Twitter E-mail

General

Target

32b09386f8b2483f500e55d771cce49a14534d2919c3e3ebc799cfb8cef52ebe
Size

83KB
MD5

f6c8e8fe2cf43c1ec71335ed86779158
SHA1

a01be1ff3ec69cad31b1880cb5e304d920f3ccd4
SHA256

32b09386f8b2483f500e55d771cce49a14534d2919c3e3ebc799cfb8cef52ebe
SHA512

c1b5fd06985a4ca41af8863b4c39b3e61667b2e58115fd6124af69259c05c25c4ae197c4c068cc44135481c746cb22b893064934d4d09b659e8f68a54c9df267
SSDEEP

1536:xBUto91mt2FpidAz9lJExywBpV29HES8/XrkirLbuTou:H1XwG9MxywBpw9BArLbuTou

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32b09386f8b2483f500e55d771cce49a14534d2919c3e3ebc799cfb8cef52ebe

Files

32b09386f8b2483f500e55d771cce49a14534d2919c3e3ebc799cfb8cef52ebe
.exe windows:5 windows x86 arch:x86

95f7430e4dd3882bc00412db7a0470d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ExpandEnvironmentStringsA
Sleep
SetFilePointer
WaitForSingleObject
DeleteFileA
GetTickCount
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
MultiByteToWideChar
CreateToolhelp32Snapshot
HeapSize
HeapReAlloc
LoadLibraryW
GetConsoleMode
GetConsoleCP
Process32First
OpenProcess
Process32Next
GetProcessHeap
HeapAlloc
HeapFree
LocalFree
GetCurrentProcess
GetLastError
CreateFileA
GetFileSize
CloseHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
LCMapStringW
ReadFile
RtlUnwind
ExitThread
GetCurrentThreadId
CreateThread
RaiseException
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
HeapCreate
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType

user32

DestroyWindow
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
SendMessageTimeoutA
RegisterClassExA
SetClipboardViewer
SendMessageA
ChangeClipboardChain
LoadCursorA
PostQuitMessage
DefWindowProcA
CreateWindowExA
ShowWindow
UpdateWindow

advapi32

RegOpenKeyExA
RegOpenKeyA
GetTokenInformation
EqualSid
ConvertSidToStringSidA
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA

ole32

CoCreateGuid

wininet

InternetCloseHandle
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetConnectA

shlwapi

SHRegGetValueA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95f7430e4dd3882bc00412db7a0470d0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

wininet

shlwapi

iphlpapi

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 796B

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 796B