8a0b644c1b85953eaa96c3be0030702b72da13e6c19b5ccd1fe25620f82781c0

Sharing

Copy URL

Twitter E-mail

General

Target

8a0b644c1b85953eaa96c3be0030702b72da13e6c19b5ccd1fe25620f82781c0
Size

103KB
MD5

53a02ed2f03a25971887fcacdc82898f
SHA1

e4e1e9170388793e82a799ad7fd1a49129f4660b
SHA256

8a0b644c1b85953eaa96c3be0030702b72da13e6c19b5ccd1fe25620f82781c0
SHA512

0a37e164acf17b005f413dde99b71b2f4409271cacc8c64163c7351ff8d08a4bdd2f77fcbeaadd7b9f2a6403a61e461dba2558222a23f69b34753792f9d08b54
SSDEEP

1536:VypIGWG8QumiEgC9961zYyhxysVeBc58bDEDBC2JfpLMo:VypXX8BmfgWBc58bD0827Mo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a0b644c1b85953eaa96c3be0030702b72da13e6c19b5ccd1fe25620f82781c0

Files

8a0b644c1b85953eaa96c3be0030702b72da13e6c19b5ccd1fe25620f82781c0
.exe regsvr32 windows:4 windows x86 arch:x86

39778c75c68320155bd8955b8c0d0564

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharLowerA
wsprintfA

kernel32

GetFileSize
GetLastError
GetDriveTypeA
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
OpenFileMappingA
GetCurrentProcess
SetEvent
FlushViewOfFile
GetCurrentProcessId
SetFileAttributesA
SetFilePointer
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
UnmapViewOfFile
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcatA
lstrcmpA
GetCommandLineW
lstrcpyA
lstrcpynA
lstrlenA
CreateEventA
CloseHandle
FindNextFileA
FindFirstFileA
FindClose
ExitProcess
EnterCriticalSection
DeleteFileA
CreateThread
CreateProcessA
CreateMutexA
CreateFileMappingA
CreateFileA
SetErrorMode
ReadFile
ResumeThread
lstrcmpiA
GetFileAttributesA
FileTimeToDosDateTime
GetModuleFileNameW
GetFileTime

msvcrt

strstr

imagehlp

CheckSumMappedFile

ole32

CoTaskMemFree
CoCreateGuid
CoInitialize
CoTaskMemAlloc
CoRegisterClassObject
IsEqualGUID

shell32

CommandLineToArgvW

advapi32

CryptGenRandom
CryptReleaseContext
RegEnumKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueA
RegSetValueA
RegSetValueExA
SetServiceStatus
RegCreateKeyExA
RegDeleteKeyA
CryptAcquireContextA
RegDeleteValueA

ws2_32

ioctlsocket
inet_ntoa
htons
socket
send
gethostbyname
connect
closesocket
WSAStartup
WSAGetLastError
htonl
recv
select
inet_addr

shlwapi

PathFindFileNameA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39778c75c68320155bd8955b8c0d0564

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

imagehlp

ole32

shell32

advapi32

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 19KB - Virtual size: 22KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 19KB - Virtual size: 22KB

.reloc
Size: 2KB - Virtual size: 2KB