97c55ae16649c8e7d0b57eef805f4f4573ca94bb979b66f84c64a1db807f1761

Sharing

Copy URL

Twitter E-mail

General

Target

97c55ae16649c8e7d0b57eef805f4f4573ca94bb979b66f84c64a1db807f1761
Size

684KB
MD5

9e41210599ed6a2a7e2576bfa1e7229c
SHA1

1e82036688db05107cc86aae80c9dd6fd4b53a7a
SHA256

97c55ae16649c8e7d0b57eef805f4f4573ca94bb979b66f84c64a1db807f1761
SHA512

761a02f1433a47fc9f6ad20dfe993a580543d4da855847c78e586ad9eb55fee4d35c1fad33bb277fce1db9f732e0a6629b906da625316a4445bb5ae6f195d401
SSDEEP

12288:3YTj579bOnYrHzP9W4GWBL6kYN++iPW9yIRvw2MS1eElMVrr:Ix9MYrHzwK6kYDiPi+S1/g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
97c55ae16649c8e7d0b57eef805f4f4573ca94bb979b66f84c64a1db807f1761

Files

97c55ae16649c8e7d0b57eef805f4f4573ca94bb979b66f84c64a1db807f1761
.exe windows:10 windows x64 arch:x64

32314b0749d6e242a4d9b55c6738dad5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

midl.pdb

Imports

kernel32

GetCommandLineW
GetStdHandle
GetEnvironmentVariableW
WaitForSingleObject
MultiByteToWideChar
CloseHandle
LocalFree
CreateProcessW
CreateProcessA
GetExitCodeProcess
Sleep
GetTempPathA
GetLastError
HeapSetInformation
GetTempFileNameA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount

msvcrt

fflush
_unlink
printf
fopen
fclose
fgetc
isspace
_errno
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
_fmode
isdigit
memcpy
memset
__C_specific_handler
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
setvbuf
isxdigit
isleadbyte
calloc
free
localeconv
mbtowc
__mb_cur_max
_iob
_snprintf
_itoa
wctomb
malloc
??1type_info@@UEAA@XZ
_read
__badioinfo
__pioinfo
realloc
_write
_lseeki64
wcsstr
strstr
atoi
ctime
_makepath
strncmp
_fileno
fprintf
_isatty
_splitpath
fseek
_vsnprintf
_fgetchar
freopen
_strnicmp
_commode
__iob_func
putc
_fsopen
_setmode
fwrite
strcmp

shell32

CommandLineToArgvW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

32314b0749d6e242a4d9b55c6738dad5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

shell32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 568KB - Virtual size: 572KB