aa46033d79030e6a7670aa7701ce0a2eed7d3e21cc7162602a39651959064826

Sharing

Copy URL

Twitter E-mail

General

Target

aa46033d79030e6a7670aa7701ce0a2eed7d3e21cc7162602a39651959064826
Size

92KB
MD5

382cb33e9e153062ab5d8c633680fb48
SHA1

f45d35eca42bf774e67b35c6884f25e60ad4a06f
SHA256

aa46033d79030e6a7670aa7701ce0a2eed7d3e21cc7162602a39651959064826
SHA512

a37af32be5c3e109b5bce5a5b668a6c3a789399e02c30e2999d8f16ebc16474194c45603ee89775bf5b6258abfad66da1d0ad3d6471acda6bbfe0856ef6e6660
SSDEEP

1536:3dxzk2U+ArQYDT0ec3ZFBWaPuwBJLDNuUtp/2TEv:/zD9Ar/yF4aPuwjLDUUtp/2gv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa46033d79030e6a7670aa7701ce0a2eed7d3e21cc7162602a39651959064826

Files

aa46033d79030e6a7670aa7701ce0a2eed7d3e21cc7162602a39651959064826
.exe windows:4 windows x86 arch:x86

d0aed8bd5d910ad6085efd2f1ae35199

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseServiceHandle
RegDeleteValueA
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
StartServiceCtrlDispatcherA
ControlService
DeleteService
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
LsaClose
CopySid
GetLengthSid
LsaOpenPolicy
LsaStorePrivateData
LsaNtStatusToWinError
InitializeSecurityDescriptor
OpenServiceA
OpenSCManagerA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
SetServiceStatus
SetSecurityDescriptorDacl
CreateServiceA

atl

ord17
ord18
ord23
ord57
ord16
ord20

kernel32

LoadLibraryA
SetStdHandle
InterlockedExchange
GetCurrentProcess
WriteFile
CloseHandle
ReadFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
lstrlenW
FreeLibrary
LocalFree
FormatMessageA
LoadLibraryExW
SetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
InterlockedDecrement
GetCurrentThreadId
RaiseException
GetCurrentThread
lstrcmpiA
GetCommandLineA
lstrlenA
RtlUnwind
HeapFree
HeapAlloc
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
TlsSetValue
TlsAlloc
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
Sleep
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
GetProcAddress

user32

LoadStringA
MessageBoxA
CharNextA
GetMessageA
DispatchMessageA
PostThreadMessageA

ole32

CoInitialize
CoUninitialize
CoInitializeSecurity

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0aed8bd5d910ad6085efd2f1ae35199

Headers

File Characteristics

Imports

advapi32

atl

kernel32

user32

ole32

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 2KB