e564c0187a1b463292562a8080ab743a67716623d77a387278454aa569296e32

Sharing

Copy URL

Twitter E-mail

General

Target

e564c0187a1b463292562a8080ab743a67716623d77a387278454aa569296e32
Size

765KB
MD5

8ee889003ef184e595b391a762f1db1f
SHA1

f66c91347a0684d9fd2f1e4ec10ea751926b9c22
SHA256

e564c0187a1b463292562a8080ab743a67716623d77a387278454aa569296e32
SHA512

421a7cedca8656aa59ac3398460315178863952508237c65174eb36891b375ac2c625d3ce05be25e64cc1254c24cca01d9cd8e8846d6b34d859faf1bd83c0bbf
SSDEEP

12288:7Lb22WGJZjQbDA6cE59Hl8Mzr8AGvKMh0Zv+AIbPXkPIbPXkPIbPXkPIbPXkPIbt:7Lb2dGJZjQbDAdE59Hl8MH8rQ+sP+sP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e564c0187a1b463292562a8080ab743a67716623d77a387278454aa569296e32

Files

e564c0187a1b463292562a8080ab743a67716623d77a387278454aa569296e32
.exe windows:6 windows x86 arch:x86

85fba16954c8318f52103dddfa7179cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ReleaseAI\win\Release\stubs\x86\autorun.pdb

Imports

shell32

ShellExecuteW
ShellExecuteExW

msi

ord173
ord113

kernel32

FindNextFileW
CloseHandle
CreateFileW
WriteFile
FindClose
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetTempPathW
GetTempFileNameW
MoveFileW
GetModuleHandleW
GetSystemDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LoadLibraryExW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
DeleteFileW
GetCurrentProcessId
GetCurrentProcess
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
ReadProcessMemory
GetWindowsDirectoryW
Sleep
SetLastError
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetCurrentThreadId
FlushFileBuffers
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
IsValidLocale
DecodePointer
ExitProcess
GetCommandLineW
GetPrivateProfileStringW
TlsSetValue
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
TlsGetValue
SetStdHandle
SetEnvironmentVariableW
RaiseException
FreeLibrary
GetProcAddress
LocalAlloc
GetLastError
LocalFree
WriteConsoleW
TlsFree
GetModuleHandleExW
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetProcessTimes
InitializeCriticalSectionEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
TlsAlloc
RtlUnwind
InitializeSListHead
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW

user32

GetForegroundWindow
AllowSetForegroundWindow
BringWindowToTop
EnumWindows
GetWindowThreadProcessId
GetWindowLongW

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoAllowSetForegroundWindow

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

shlwapi

PathIsUNCW
ord176

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85fba16954c8318f52103dddfa7179cf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

msi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 286KB - Virtual size: 286KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 375KB - Virtual size: 374KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 286KB - Virtual size: 286KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 375KB - Virtual size: 374KB

.reloc
Size: 14KB - Virtual size: 13KB