cfba8bb4e45f4aade4aadf8f3507e4813b68e2bdd0f300c4dbdcf800270eb3c2

Sharing

Copy URL Twitter E-mail

General

Target

cfba8bb4e45f4aade4aadf8f3507e4813b68e2bdd0f300c4dbdcf800270eb3c2
Size

3.7MB
MD5

4e9c11d8c2dc9b2313a605a37647f1a7
SHA1

3a5de77aee45ae72c355d39f126113433170b364
SHA256

cfba8bb4e45f4aade4aadf8f3507e4813b68e2bdd0f300c4dbdcf800270eb3c2
SHA512

450f7b7e0b8088a6015c771dd042b87f965fa7f1a1b0cd91b2e6ab135947c6fbf9dae2e073d2945bc96c9c036a43647ce104891377f601e2a39f01bc694232f0
SSDEEP

98304:01LMrqOxmt/WkZLmaKZXj+6E3Aw675490KFVqyEn:01LILx9x9j+6E3AXG9zsy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfba8bb4e45f4aade4aadf8f3507e4813b68e2bdd0f300c4dbdcf800270eb3c2

Files

cfba8bb4e45f4aade4aadf8f3507e4813b68e2bdd0f300c4dbdcf800270eb3c2
.exe windows:5 windows x86 arch:x86

b87afca7a1175b7eb49b7c1eb6d58adf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetModuleHandleA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetShortPathNameW
GetTempPathW
Sleep
LoadLibraryExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetCommandLineW
GetStartupInfoW
GetProcAddress
WriteConsoleA
SetConsoleTextAttribute
GetStdHandle
VirtualFree
VirtualAlloc
GetModuleFileNameW
GetVersionExA
LoadLibraryA
GetProcessHeap
SetEndOfFile
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
GetCurrentProcessId
DeleteFileA
RemoveDirectoryA
FindNextFileA
SetStdHandle
GetFileType
SetConsoleCtrlHandler
GetModuleHandleW
ExitProcess
HeapReAlloc
GetFullPathNameA
GetFileAttributesA
GetCommandLineA
GetCurrentDirectoryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
DeleteCriticalSection
WriteFile
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
RtlUnwind
CloseHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
ReadFile
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
FlushFileBuffers
CreateFileW
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileA
CompareStringA
CompareStringW
RaiseException

ws2_32

ntohl

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_pyi_bootstrap.pyc
crypter.pyc
pyi_carchive.pyc

Sharing

General

Malware Config

Signatures

Files

b87afca7a1175b7eb49b7c1eb6d58adf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 41KB

.rsrc Size: 59KB - Virtual size: 58KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 41KB

.rsrc
Size: 59KB - Virtual size: 58KB