01e13e36d76514bafe90182985c8459a627225df5545f2c3911e94a3bb5bba17[.]exe

General

Target

01e13e36d76514bafe90182985c8459a627225df5545f2c3911e94a3bb5bba17.exe
Size

52KB
MD5

069f8e15e2ff9f0dbcf0c02029fd0820
SHA1

9ad63ac0fbd588312a8a0f5c21ec6690f39cbe92
SHA256

01e13e36d76514bafe90182985c8459a627225df5545f2c3911e94a3bb5bba17
SHA512

f857a0792d2185859b4c91fdab544487ca283349b73532b78c987aace1c66614221b9edc4ae6697653c7fe3441d0fe9d0febbe923d886f128010cab25859b2c5
SSDEEP

768:Dt+Qen7Hi8C1LP5sWBjWLZrid4+HZeJ7Ao:DfMYiWBaMhHZeKo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01e13e36d76514bafe90182985c8459a627225df5545f2c3911e94a3bb5bba17.exe

Files

01e13e36d76514bafe90182985c8459a627225df5545f2c3911e94a3bb5bba17.exe
.exe windows:4 windows x86 arch:x86

003c840874dabb1e49f2db3494a59200

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateProcessA
GetExitCodeProcess
FindFirstFileA
FindNextFileA
DeleteFileA
RemoveDirectoryA
GetCurrentProcessId
GetModuleHandleA
LCMapStringW
LCMapStringA
CloseHandle
FlushFileBuffers
HeapAlloc
GetLastError
OpenProcess
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
MultiByteToWideChar
SetStdHandle
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
WriteFile
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
SetFilePointer
GetStringTypeA
GetStringTypeW
GetProcAddress
LoadLibraryA

user32

MessageBoxA
LoadIconA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegGetKeySecurity
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
AllocateAndInitializeSid
SetSecurityDescriptorOwner
OpenProcessToken
RegEnumKeyA
RegQueryInfoKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyExA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

003c840874dabb1e49f2db3494a59200

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 928B

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 928B