830825b57f9e5adb7daf9efc288a10988b40069284c20a9285f6c71677bb1ff9

Sharing

Copy URL

Twitter E-mail

General

Target

830825b57f9e5adb7daf9efc288a10988b40069284c20a9285f6c71677bb1ff9
Size

1.5MB
MD5

181edda7d0d6b4ae27bd03e2f0f81f76
SHA1

ad12cc1d0fa594d27f664f2c7d5066176ee1faf3
SHA256

830825b57f9e5adb7daf9efc288a10988b40069284c20a9285f6c71677bb1ff9
SHA512

2c74aa4be0af9afda70b799f987290d61df589d42b75609c83488042b526fd71af2d017435d104c079b59680d8de45e118aa19e5998df999e45ff106f61c4fac
SSDEEP

24576:R89mbkGQN+qOA3YPw2q7kcry4qox3lnWgj9R+/ojC0l6+FW7TyrvhCZQWunk/SS2:RvAGBA3YPw2dcW7qVWgj9iuCAGTyt4Qt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
830825b57f9e5adb7daf9efc288a10988b40069284c20a9285f6c71677bb1ff9

Files

830825b57f9e5adb7daf9efc288a10988b40069284c20a9285f6c71677bb1ff9
.exe windows:5 windows x86 arch:x86

aa542c2bd10d4cc9bca8e23c304c2dba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VS2015\DunRunGate\FreeXg\RunGate.pdb

Imports

psapi

GetProcessImageFileNameW

kernel32

GetVersionExW
FlushInstructionCache
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadAcceleratorsW

gdi32

CreateSolidBrush

comdlg32

GetFileTitleW

advapi32

RegDeleteValueW

shell32

DragQueryFileW

ole32

CoUninitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

ws2_32

htonl

iphlpapi

GetAdaptersInfo

wininet

HttpQueryInfoA

Sections

.text
Size: - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.beta0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.beta1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa542c2bd10d4cc9bca8e23c304c2dba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

iphlpapi

wininet

Sections

.text Size: - Virtual size: 616KB

.rdata Size: - Virtual size: 133KB

.data Size: - Virtual size: 22KB

.gfids Size: - Virtual size: 340B

.beta0 Size: - Virtual size: 1.0MB

.beta1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 7KB - Virtual size: 45KB

.text
Size: - Virtual size: 616KB

.rdata
Size: - Virtual size: 133KB

.data
Size: - Virtual size: 22KB

.gfids
Size: - Virtual size: 340B

.beta0
Size: - Virtual size: 1.0MB

.beta1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 7KB - Virtual size: 45KB