6846ca24e7379803d4e26171da79ca0301fb7a400b402316243fc3420373e547

Sharing

Copy URL Twitter E-mail

General

Target

6846ca24e7379803d4e26171da79ca0301fb7a400b402316243fc3420373e547
Size

344KB
MD5

0351fc3d63bfe3b1454680ac845d5c6b
SHA1

7a4414858cc47d11f10a8e0a33433356363b296b
SHA256

6846ca24e7379803d4e26171da79ca0301fb7a400b402316243fc3420373e547
SHA512

53232fa6376cc0e4bcf1ba2f99c0a1426116aa6b85004e803cee44d894c85d098c358fe58393dc8470b194d68205b48b726a31fcf7f250009ac69bf18e187914
SSDEEP

6144:WB7VqtZBEufmFocDSuLhACoJbjqIZCU7VAoqFFN9P:25qtZBEK+ocDS0hmtmIIXN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6846ca24e7379803d4e26171da79ca0301fb7a400b402316243fc3420373e547

Files

6846ca24e7379803d4e26171da79ca0301fb7a400b402316243fc3420373e547
.exe windows:4 windows x86 arch:x86

c9d74921e8563ea125674724728a3ba7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\StarWars_Expansion\Installer\PatchSource\EAWUpdate\Release\EAWUpdate.pdb

Imports

comctl32

ord17

shlwapi

PathRemoveFileSpecA

kernel32

SetFileTime
CreateFileA
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFileAttributesA
LockResource
LoadResource
SizeofResource
FindResourceExA
GetUserDefaultLCID
GetCommandLineA
DeleteFileA
CopyFileA
CloseHandle
GetLastError
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
GetLocaleInfoA
LoadLibraryA
GetStringTypeW
lstrcpynA
lstrlenA
lstrcpyA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
GetStringTypeA
InterlockedExchange
InitializeCriticalSection
HeapAlloc
HeapFree
ReadFile
WriteFile
SetFilePointer
GetFileType
ExitProcess
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetVersionExA
HeapReAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
SetStdHandle
SetEndOfFile
GetProcAddress
TerminateProcess
GetCurrentProcess
GetACP
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

CreateDialogParamA
ShowWindow
DestroyWindow
DialogBoxParamA
SetDlgItemTextA
SetWindowTextA
GetDlgItem
MessageBoxA
wsprintfA
SendMessageA
EndDialog

gdi32

GetStockObject

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

FindExecutableA
ShellExecuteA

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9d74921e8563ea125674724728a3ba7

Headers

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 19KB

.rsrc Size: 168KB - Virtual size: 166KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 19KB

.rsrc
Size: 168KB - Virtual size: 166KB