116a8e65db201fd329ac14402254202e47314e0f310788948368e75dc9580115

General

Target

116a8e65db201fd329ac14402254202e47314e0f310788948368e75dc9580115
Size

12KB
MD5

73a82f11b119b3b68161c385d3b21ce1
SHA1

3022ea9d1fb93fba84ae31bfcd843c48baaa89a2
SHA256

116a8e65db201fd329ac14402254202e47314e0f310788948368e75dc9580115
SHA512

fa2f67642930dc534360d0c5ab8294d7bfef22dd9332e72d74017130c0cb26ae25b5b0dd528d9d545e440ddaa4a9f61392d13189168978a10394aaadbe20a2cb
SSDEEP

192:RFBkm/S1R0XLQeFwUxifpoVGxcMR8DdkTYfJMULz9MQ1d:NB/HblJ0+Vq3uaoyA9M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
116a8e65db201fd329ac14402254202e47314e0f310788948368e75dc9580115

Files

116a8e65db201fd329ac14402254202e47314e0f310788948368e75dc9580115
.exe windows:5 windows x86 arch:x86

450ee0fd5bbea377cff1f3013212de44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wvnsprintfW
AssocQueryStringW

kernel32

Sleep
CreateRemoteThread
ExitProcess
GetProcAddress
LoadLibraryW
ExitThread
GetProcessHeap
HeapAlloc
VirtualAllocEx
WriteProcessMemory
WaitForSingleObject
GetExitCodeThread
ReadProcessMemory
GetModuleFileNameW
SetFileAttributesW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OutputDebugStringW
GetTempPathW
CloseHandle
WriteFile
ReadFile
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetNativeSystemInfo
MoveFileExW
GetTickCount
HeapReAlloc
HeapFree
CompareStringW
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
LoadLibraryA
FreeLibrary
GetCurrentProcess
CreateProcessW
CreateDirectoryW
GetVersionExW
GetFileAttributesW
GetLongPathNameW

advapi32

RegOpenKeyExW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

450ee0fd5bbea377cff1f3013212de44

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

shell32

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 60B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 476B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 60B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 476B