85dfaa2bf8874098e42bd5557984366be1c75112b757ff9c68ea09b6d945ebcf

Sharing

Copy URL Twitter E-mail

General

Target

85dfaa2bf8874098e42bd5557984366be1c75112b757ff9c68ea09b6d945ebcf
Size

92KB
MD5

3b918111fc5e930e413fe63d3951378d
SHA1

c91ae9850bb7e387e9455980d982fd4348362f28
SHA256

85dfaa2bf8874098e42bd5557984366be1c75112b757ff9c68ea09b6d945ebcf
SHA512

a05e60783fb9c1e5413c80246285f947f67f73eeb23d0b4226c363c1bcdad44c99d389783046328492cbe6aaabb08cb8a7a0de6d8fe5ea14641b8684816e0de7
SSDEEP

1536:7dxzkPlawPQYDTtec3kF+aXbDxxfJ+D7oKWqtoFZ:7zCMwPyDFBXbDxxx+D7oKNtMZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85dfaa2bf8874098e42bd5557984366be1c75112b757ff9c68ea09b6d945ebcf

Files

85dfaa2bf8874098e42bd5557984366be1c75112b757ff9c68ea09b6d945ebcf
.exe windows:4 windows x86 arch:x86

d0aed8bd5d910ad6085efd2f1ae35199

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseServiceHandle
RegDeleteValueA
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
StartServiceCtrlDispatcherA
ControlService
DeleteService
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
LsaClose
CopySid
GetLengthSid
LsaOpenPolicy
LsaStorePrivateData
LsaNtStatusToWinError
InitializeSecurityDescriptor
OpenServiceA
OpenSCManagerA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
SetServiceStatus
SetSecurityDescriptorDacl
CreateServiceA

atl

ord17
ord18
ord23
ord57
ord16
ord20

kernel32

LoadLibraryA
SetStdHandle
InterlockedExchange
GetCurrentProcess
WriteFile
CloseHandle
ReadFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
lstrlenW
FreeLibrary
LocalFree
FormatMessageA
LoadLibraryExW
SetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
InterlockedDecrement
GetCurrentThreadId
RaiseException
GetCurrentThread
lstrcmpiA
GetCommandLineA
lstrlenA
RtlUnwind
HeapFree
HeapAlloc
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
TlsSetValue
TlsAlloc
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
Sleep
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
GetProcAddress

user32

LoadStringA
MessageBoxA
CharNextA
GetMessageA
DispatchMessageA
PostThreadMessageA

ole32

CoInitialize
CoUninitialize
CoInitializeSecurity

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0aed8bd5d910ad6085efd2f1ae35199

Headers

File Characteristics

Imports

advapi32

atl

kernel32

user32

ole32

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 2KB